WO2022267787A1 - Method, apparatus, and system for determining computation resource in privacy computation - Google Patents

Method, apparatus, and system for determining computation resource in privacy computation Download PDF

Info

Publication number
WO2022267787A1
WO2022267787A1 PCT/CN2022/094323 CN2022094323W WO2022267787A1 WO 2022267787 A1 WO2022267787 A1 WO 2022267787A1 CN 2022094323 W CN2022094323 W CN 2022094323W WO 2022267787 A1 WO2022267787 A1 WO 2022267787A1
Authority
WO
WIPO (PCT)
Prior art keywords
resource
computing
target
privacy
computing resources
Prior art date
Application number
PCT/CN2022/094323
Other languages
French (fr)
Chinese (zh)
Inventor
应鹏飞
李漓春
王一凡
Original Assignee
支付宝(杭州)信息技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 支付宝(杭州)信息技术有限公司 filed Critical 支付宝(杭州)信息技术有限公司
Publication of WO2022267787A1 publication Critical patent/WO2022267787A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules

Definitions

  • One or more embodiments of this specification relate to the field of computer technology, and in particular to methods, devices and systems for determining computing resources in privacy computing.
  • the electronic payment platform will classify merchants based on the merchant transaction data it owns, the e-merchant platform based on the merchant sales data it owns, and the banking institution based on the merchant loan data it owns. analyze.
  • Privacy-preserving computing has a variety of computing routes, such as Secure Multi-Party Computation (MPC), Trusted Execution Environment (Trusted Execution Environment, TEE), Federated Learning (Federated Learning, FL), etc.
  • MPC Secure Multi-Party Computation
  • TEE Trusted Execution Environment
  • FL Federated Learning
  • privacy computing routes can be selected for specific privacy computing tasks.
  • One or more embodiments of this specification describe the method for determining computing resources in privacy computing. By introducing management nodes to establish and manage computing resource pools, the holders and demanders of computing resources can release resources conveniently and quickly. and discover.
  • a method for determining computing resources in privacy computing the method is executed by a management node, and the method includes: receiving a query request for computing resources from a computing resource usage demand side, wherein the computing resources support privacy The public resources of the algorithm, the computing resources are pre-registered in the management node; based on the query request and the resource information of multiple computing resources registered locally, determine the resource list; send the resources to the computing resource usage demand side list, so that the computing resource usage demand side determines target resources from the resource list for executing target privacy computing tasks.
  • the query request includes the target privacy algorithm adopted for the target privacy computing task
  • the resource information includes the privacy algorithm supported by the computing resource
  • determining a resource list includes: determining a number of computing resources supporting the target privacy algorithm to form the resource list.
  • the method further includes: including the current usage state information of the several computing resources in the resource list.
  • the resource information includes privacy algorithms supported by computing resources; wherein, based on the query request and the resource information of a plurality of locally registered computing resources, determining a resource list includes: determining the plurality of computing resources Among the resources, several computing resources that are currently in an idle state; the resource list is determined according to the several computing resources and the privacy algorithm supported by each computing resource.
  • the method further includes: receiving a first notification from the computing resource usage demander, which indicates that the target resource is used by the Computing resources used by the demand side; according to the first notification, updating the usage status of the target resource in the resource information.
  • the method further includes: receiving a second notification from the computing resource usage demander, which indicates the computing resource usage demand The party stops using the target resource; according to the second notification, update the usage status of the target resource in the resource information; The cost incurred by the resource.
  • the resource list includes IP addresses of each computing resource therein.
  • the method before receiving a query request for computing resources from a computing resource usage demander, the method further includes: receiving a registration request from a computing resource holder, including registration information for computing resources, the registration The information includes a privacy algorithm supported by a corresponding computing resource; and if the registration request is approved, the registration information is included in the resource information.
  • adding the registration information to the resource information includes: allocating a resource ID to the computing resource corresponding to the registration request; and associating and storing the resource ID and the registration information.
  • the registration information further includes at least one of the following: IP address, domain name, and public key of the corresponding computing resource.
  • a method for determining computing resources in privacy computing the method is executed by a demander for computing resources, and the method includes: sending a query request for computing resources to a management node, where the computing resources support privacy public resources of the algorithm, the computing resources are pre-registered at the management node; receiving a resource list from the management node, the resource list is determined based on the query request and the resource information of a plurality of locally registered computing resources; based on the The above resource list is used to determine the target resource used to perform the target privacy computing task.
  • the method further includes: determining a target privacy algorithm adopted for the target privacy computing task, and including the target privacy algorithm in the query request.
  • determining a target resource for executing a target privacy computing task based on the resource list includes: randomly selecting a computing resource from the resource list as the target resource.
  • the resource list includes current usage status information of each computing resource; wherein, based on the resource list, determining the target resource for executing the target privacy computing task includes: from the resource A computing resource whose current use state is idle is selected from the list as the target resource.
  • the resource list includes privacy algorithms supported by each computing resource; wherein, based on the resource list, determining the target resource for executing the target privacy computing task includes: based on the target privacy computing For the target privacy algorithm adopted by the task, a computing resource supporting the target privacy algorithm is selected from the resource list as the target resource.
  • the method further includes: sending the IP address of the target resource to other participants; utilizing the target resource, communicating with the other Participants jointly perform the target privacy computing task.
  • a method for determining computing resources in privacy computing including: sending a query request for computing resources to a management node from a computing resource usage demand direction, wherein the computing resources are public resources that support privacy algorithms, and the computing resources are pre-determined Registered at the management node; the management node determines a resource list based on the query request and the resource information of multiple computing resources registered locally; the management node sends the resource list to the computing resource usage demand side ; The computing resource usage demander determines the target resource for executing the target privacy computing task based on the resource list.
  • the method further includes: the computing resource usage demand side determines the target privacy algorithm adopted for the target privacy computing task, and includes the target privacy algorithm in the query request; wherein, the management The node determines a resource list based on the query request and resource information of multiple computing resources stored therein, including: determining several computing resources supporting the target privacy algorithm to form the resource list.
  • the method further includes: the management node includes the current usage status information of the several computing resources in the resource list; list, determining a target resource for executing a target privacy computing task, comprising: selecting a computing resource whose current use state is idle from the resource list as the target resource.
  • the above-mentioned determination of several computing resources that support the target privacy algorithm and forming the resource list includes: the management node, based on the current usage status information of the several computing resources, from the several computing resources Selecting computing resources whose current use status is idle from the resources to form the resource list; wherein, the computing resource use demand side determines the target resource for executing the target privacy computing task based on the resource list, including: the The computing resource use demand side determines the computing resource in the resource list as the target resource.
  • the management node determines the resource list based on the query request and the resource information of multiple computing resources stored in it, including: determining several of the multiple computing resources that are currently idle Computing resources to form the resource list; wherein, based on the resource list, determining the target resource for executing the target privacy computing task includes: based on the target privacy algorithm adopted for the target privacy computing task, from the resource list Select a computing resource that supports the target privacy algorithm as the target resource.
  • a device for determining computing resources in privacy computing the device is integrated in a management node, and the device includes: a query request receiving unit configured to receive a query request for computing resources from a computing resource usage demander , wherein the computing resource is a public resource that supports a privacy algorithm, and the computing resource is pre-registered at the management node; the resource list determination unit is configured to determine the resource based on the query request and resource information of a plurality of locally registered computing resources list; a resource list sending unit configured to send the resource list to the computing resource usage demander, so that the computing resource usage demander can determine target resources from the resource list for executing target privacy computing tasks.
  • a device for determining computing resources in privacy computing the device is integrated with a computing resource usage demander, and the device includes: a query request sending unit configured to send a query request for computing resources to a management node , wherein the computing resources are public resources that support privacy algorithms, and the computing resources are pre-registered at the management node; the resource list receiving unit is configured to receive a resource list from the management node, the resource list is based on the query request and the local The resource information of a plurality of registered computing resources is determined; the target resource determining unit is configured to determine a target resource for executing a target privacy computing task based on the resource list.
  • a system for determining computing resources in privacy computing including: a demander for computing resources, configured to send a query request for computing resources to a management node, where the computing resources are public resources that support privacy algorithms, so The computing resources are pre-registered on the management node; the management node is configured to determine a resource list based on the query request and the resource information of multiple computing resources registered locally, and send the resource list to the computing resource usage demand party The resource list; the computing resource usage demander is further configured to determine a target resource for executing a target privacy computing task based on the resource list.
  • a computer-readable storage medium on which a computer program is stored, and when the computer program is executed in a computer, the computer is made to execute the method provided in any one of the first to third aspects .
  • a computing device including a memory and a processor, wherein executable code is stored in the memory, and when the processor executes the executable code, any one of the first aspect to the third aspect is implemented method provided.
  • the management node supports the computing resource holder to register the computing resources it holds, thereby establishing a resource pool, so that the demander with computing resource usage requirements can submit to the management node Send a resource query request, and determine the target resource used to perform the target privacy computing task based on the resource list returned by the management node, and then the computing resource usage demander can cooperate with other participants to jointly use the target resource to complete the target privacy computing task execution.
  • the holders and demanders of computing resources can release and discover resources conveniently and quickly.
  • Fig. 1 shows a schematic diagram of an interaction scenario for computing resources according to an embodiment
  • Fig. 2 shows a schematic diagram of multi-party interaction in determining computing resources in privacy computing according to an embodiment
  • Fig. 3 shows a schematic diagram of multi-party collaborative privacy calculation according to an embodiment
  • Fig. 4 shows a schematic diagram of multi-party collaborative privacy calculation according to another embodiment
  • Fig. 5 shows a schematic diagram of multi-party interaction in determining computing resources in privacy computing according to another embodiment
  • FIG. 6 shows a schematic diagram of an architecture for performing privacy data statistics tasks according to an embodiment
  • Fig. 7 shows a schematic structural diagram of an apparatus for determining computing resources in privacy computing according to an embodiment
  • Fig. 8 shows a schematic structural diagram of an apparatus for determining computing resources in privacy computing according to another embodiment.
  • the solution proposed by the inventor introduces management nodes to collect computing resources released by third parties, and establishes computing resource pools, so that demanders who have computing resource usage requirements can send resource query requests to management nodes, and based on the management nodes according to Query the resource list returned by the request to determine the target resource used to perform the target privacy computing task, and then, the demander can inform each participant of the privacy computing of the addressing information of the target resource, so that each participant can jointly use the The target resource completes the execution of the target privacy computing task.
  • FIG. 1 shows a schematic diagram of an interaction scenario for computing resources according to an embodiment.
  • bank A sends a query request to the management node, including its request for computing resources to support the TEE algorithm; the management node returns a list of computing resources to bank A based on the resource information of each resource in its computing resource pool, including 3 The usage status of each TEE server; then, bank A selects No. 3 TEE server in an idle state, and sends the Internet Protocol (Internet Protocol, IP) address of No. 3 TEE server to bank B, and then uses it with bank B No. 3 TEE server completes the target privacy calculation task (for example, jointly establishes a merchant classification model).
  • IP Internet Protocol
  • FIG. 2 shows a schematic diagram of multi-party interaction in determining computing resources in privacy computing according to an embodiment, and the multi-party at least includes a computing resource usage demander and a management node.
  • the computing resource usage demander may be bank A shown in FIG. 1 .
  • each of the multiple parties can be implemented as a device, platform, server or device cluster with computing and processing capabilities.
  • the interaction process includes the following steps: Step S210 , the computing resource usage demander sends a query request for the computing resource to the management node, and the computing resource is registered in the management node in advance.
  • computing resources are public resources that support privacy algorithms, where relevant computing logic for privacy algorithms is deployed, and/or are used to provide relevant algorithm parameters, which can be shared by multiple privacy computing tasks.
  • the computing resource can be carried by the public resource platform, and the public resource platform assumes the role of the algorithm provider in the process of publishing and providing the privacy algorithm; The resource platform also assumes the role of computing party.
  • computing resources are public resources, it means that the public resource platform only needs to provide computing resources, and it does not directly or indirectly provide sample data related to privacy computing, and the public resource platform can use the computing resources it provides , to flexibly establish cooperative relationships with different, non-specific privacy computing participants in multiple privacy calculations, and jointly perform privacy calculations.
  • the data provider in the privacy calculation relies on the calculation party with the privacy calculation engine to perform privacy calculation. Specifically, the data provider sends the private sample data held by itself to the first type of computing resources for privacy computing, for example, after encrypting the sample data and sending it to the computing party for privacy computing; for example, after sharding the sample data Send it to the computing party for privacy calculation.
  • Fig. 3 shows a schematic diagram of multi-party collaborative privacy computing according to an embodiment. As shown in Fig. 3, n data providers perform privacy computing based on computing power provided by t computing nodes.
  • the resources of the t computing nodes may be TEE servers; in another embodiment, the t computing nodes may be servers with MPC computing engines.
  • Fig. 4 shows a schematic diagram of multi-party collaborative privacy computing according to another embodiment. As shown in Fig. 4, the two data providers also serve as computing nodes and cooperate with auxiliary computing resources (shown as auxiliary servers in Fig. 4) Perform privacy calculations.
  • the auxiliary computing resource may be an MPC random number provider.
  • the secondary computing resource may be a Federated Learning Center server.
  • the carrier of the above computing resources may be any module, device or device cluster with computing and processing capabilities.
  • the above query request indicates a request to query computing resources in an available state.
  • being in the available state may include being in a partially idle state or a completely idle state.
  • the computing resource usage requester determines the target privacy algorithm adopted for the target privacy computing task, and includes the target privacy algorithm in the query request. It should be noted that there may be multiple types of target privacy computing tasks.
  • the task type may include joint statistical analysis for specified data items.
  • the specified data items may be user age, user gender, merchant average turnover, merchant category, enterprise scale, and the like.
  • the joint statistical analysis may be to analyze the numerical distribution of the specified data item within its definition domain, or, between different parties, to compare the value corresponding to the specified data item, or, between different parties Analysis and calculation operations such as summation, intersection, or averaging of specified data items.
  • the joint statistical analysis for the specified data item may be: counting the total number of female users in different parties. In another example, it may also be: counting the number of identical users in different parties. In yet another example, it may also be: counting age distributions of all users in the multi-party. In yet another example, it may be: comparing the average turnover of merchants of multiple parties.
  • the task type of the target computing task may include joint training of specified models.
  • the specified model may be a machine learning model such as a logistic regression model, a decision tree model, or a neural network model.
  • the specified model may be a classification model or a regression model.
  • the sample objects targeted by the specified model may be: users, merchants, commodities, events (such as login events or access events), devices (such as user terminals or Internet of Things devices), and so on.
  • the specified model may be a user classification model or a user scoring model, such as a consumer group segmentation model, a user risk assessment model, a user anomaly identification model, and the like.
  • the specified model may be a commodity classification model or a commodity scoring model, specifically such as a commodity popularity scoring model.
  • the task type of the target computing task may include joint prediction of a specified model.
  • the specified model may be a classification model or a regression model, and correspondingly, the joint prediction may be to predict a classification category based on a classification model, or to predict a regression value based on a regression model.
  • the joint prediction of the above specified models may be: predicting user risk scores based on the user risk assessment model, or identifying abnormal users based on the user anomaly identification model.
  • task types included in the description information. It should be understood that in addition to the above-mentioned joint statistical analysis for specified data items, joint training and joint prediction of specified models, task types can also include other types, which are not exhaustive.
  • one or more privacy algorithms that perform the above target privacy tasks can be determined.
  • the determined privacy algorithm may include a Private Set Intersection (PSI) algorithm, a TEE algorithm, and the like.
  • PSI Private Set Intersection
  • TEE TEE
  • the plurality of privacy algorithms may be prioritized, and the privacy algorithm with the highest priority may be included in the query request as the target privacy algorithm.
  • the staff sets priorities for all privacy algorithms that may be adopted in advance, so that in this step, the above-mentioned multiple privacy algorithms can be prioritized according to the preset priority information.
  • the above-mentioned multiple privacy algorithms may be prioritized according to the historical implementation effects of the privacy algorithms.
  • the computing resource usage demander can determine the target privacy algorithm adopted for the privacy target task, and include it in the above query request.
  • the above query request may also include the required number of computing resources supporting the target privacy algorithm (such as 2 servers, etc.).
  • the computing resource usage demander sends the generated query request to the management node.
  • the management node may receive the query request, and in step S220, determine a resource list based on the query request and the resource information of the plurality of computing resources registered locally.
  • the resource information may include resource ID (Identity) of the computing resource, addressing information, public key, supported privacy algorithm, and the like.
  • the addressing information may include an IP address.
  • the addressing information may include a domain name.
  • the above-mentioned multiple parties may also include computing resource holders.
  • the process of multi-party interaction may also include steps S205 and S206.
  • the management The node receives the registration request from the computing resource holder, which includes the registration information for the computing resource, and the registration information includes the privacy algorithm supported by the corresponding computing resource; in step S206, when the above registration request is approved, the management node will Registration information falls under the resource information.
  • computing resource holders can become computing resource issuers by registering their own computing resources with management nodes, so that management nodes can establish resource pools based on registered computing resources for query and use by demanders of computing resources .
  • resource issuers can issue multiple computing resources that support the same or different privacy algorithms.
  • the above registration information may also include the IP address, domain name or public key of the corresponding resource.
  • the review of the above-mentioned registration request may include conducting qualification review and credit review of the computing resource holder, and reviewing the validity of the computing resources involved in the registration request.
  • the management node adding the registration information to the resource information may include: allocating a resource ID to the computing resource corresponding to the registration request; and storing the resource ID and the registration information in association.
  • the above resource information may also include the current usage status of computing resources, for example, in use and idle.
  • usage details may also be included.
  • the usage details may include: how many merchants or data nodes the computing resource is used by, the CPU, memory, disk, network, etc. occupancy and remaining availability of the computing resource in the last minute.
  • the management node may obtain the above usage details through active query.
  • the above usage details may be proactively reported to the management node by the above multiple computing resources at regular intervals.
  • the query request includes the target privacy algorithm adopted for the target privacy computing task, and the resource information includes the privacy algorithm supported by the computing resource.
  • the management node may determine a number of computing resources supporting the target privacy algorithm from a plurality of computing resources to form the above-mentioned resource list.
  • the resource information also includes the current usage status of the computing resources, and accordingly, this step may further include: including the current usage status information of the above-mentioned several computing resources in the above-mentioned resource list.
  • the query request indicates that the demander for computing resources entrusts the management node to determine the target resource.
  • this step may also include: the management node, based on the current usage status information of several computing resources, selects the Computing resources whose current use status is idle are selected from the list to form the above resource list, so that the computing resource usage demand side can directly determine the computing resources in the resource list as target resources.
  • the above-mentioned target privacy algorithm is not included in the query request.
  • the management node can determine some computing resources that are currently idle among the above-mentioned multiple computing resources, and then use each of the several computing resources to
  • the resource ID of the resource and the supported privacy algorithms form a resource list.
  • the idle state may be a completely idle state (not used by any party), or a partially idle state (partial space is used, and the remaining space has not been used).
  • the resource list may also include usage details of several computing resources.
  • the above resource list may also include addressing information (such as IP address or domain name) of each computing resource, which is used to subsequently locate the corresponding computing resource and then use the resource.
  • the above resource list may further include resource IDs of respective computing resources therein.
  • the management node can determine the resource list according to the received query request and the stored resource information. Furthermore, in step S230, the management node sends the resource list to the computing resource usage demander. Correspondingly, the computing resource usage demander may receive the resource list, and then in step S240, the computing resource usage demander determines the target resource for executing the target privacy computing task based on the resource list.
  • the query request includes a target privacy algorithm adopted for the target privacy computing task, and each computing resource in the correspondingly determined resource list supports the target privacy algorithm. Based on this, in a specific embodiment, this step may include: the demander for computing resource use randomly selects a computing resource from the resource list as the above-mentioned target resource.
  • the resource list also includes the current usage status of each of the computing resources, and correspondingly, the computing resource that is currently in an idle state can be selected as the above-mentioned target resource.
  • the resource list also includes the current usage details of each computing resource, such as how many merchants or data nodes the computing resource is used by, and the CPU, memory, disk, network, etc. of the computing resource in the past one minute.
  • the corresponding computing resource can be scored based on the usage details, and the computing resource with the highest score can be determined as the target resource.
  • usage details of each computing resource may be input into a pre-trained resource scoring model to obtain a corresponding resource score.
  • resource scoring based on usage details can be combined with pre-specified scoring rules.
  • the above resource list includes the privacy algorithms supported by each computing resource.
  • this step may include: based on the above target privacy algorithm, the computing resource usage demander selects from the above resource list to support the target privacy algorithm Computing resources of , as the target resource above.
  • the computing resources in the resource list are all in an idle state, which means they can be put into use immediately.
  • the computing resources in the resource list are in use state or idle state. If the target resource determined by the computing resource usage demander is in use state, it can reserve the use of the target resource with the management node.
  • the computing resource usage demander entrusts the management node to select the target resource in advance, and accordingly, the computing resource usage demander can directly determine the computing resource in the resource list as the target resource.
  • the computing resource usage demander can determine the target resource for performing the target privacy task.
  • the above-mentioned multiple parties may also include other participants (for example, bank B shown in FIG. Other parties that participate in the execution of the above-mentioned target computing tasks.
  • the demander for computing resource usage is a certain data provider, and correspondingly, other participants may include other data providers.
  • the above interaction process may further include step S245 and step S246.
  • the computing resource usage requesting party sends the addressing information (such as IP address or domain name) of the target resource to other participating parties.
  • the public key of the target resource is also sent to other participants, so as to facilitate subsequent encrypted transmission of data or digital signature verification of the target resource.
  • the computing resource usage demander and other participants jointly use the above target resources to execute the above target privacy computing tasks.
  • the computing resource issuer shown in FIG. 5 publishes the above-mentioned target resource
  • the computing resource issuer may participate in the execution of the target privacy computing task as a participant.
  • the above-mentioned interaction process may further include: sending an authorization use request for the target resource to the management node from the computing resource usage demand direction; the management node generates a corresponding authorization token according to the authorization use request, And send it to the demander for computing resource use; the demander for computing resource use sends the authorization token to the above-mentioned other participants, after that, the demander for computing resource use and other participants each send resources for the target resource to the publisher of the target resource Use request, the resource use request includes an authorization token, and after the issuer confirms that the authorization token has passed the verification, open the use permission of the target resource to the computing resource usage demander and other participants, allowing them to access and use the target resource.
  • the above interaction process may further include: sending an authorized use request for the target resource to the management node from the computing resource usage request, and the authorized use request includes identification information of other participants;
  • the node generates a first authorization token according to the identification of the computing resource usage demander, and sends the first authorization token to the computing resource usage demander, and the management node generates a third authorization token according to the identification of other participants, and Send the third authorization token to other participants; after that, the computing resource use demander and other participants each send a resource usage request for the target resource to the issuer of the target resource, and the resource usage request includes the authorization of the corresponding participant Token, after the issuer confirms that the authorization token has passed the verification, open the usage authority of the target resource to the computing resource usage demander and other participants, allowing them to access and use the target resource.
  • the management node issues authorization tokens to different participants, which can prevent the authorization token from being stolen and cause the target resource to be illegally occupied.
  • FIG. 6 shows a schematic diagram of the architecture of performing private data statistics tasks according to an embodiment
  • data party A and data party B are based on their installed SGX client, respectively use the public key of the SGX server to hold Encrypt the private data, and send the encrypted data to the SGX server; then, the data party A sends a SQL query statement to the SGX server to query the statistical indicators of the private data (such as the average annual expenditure of the user), at this time, the SGX server
  • the private key corresponding to the above public key can be used to decrypt the encrypted data sent by data party A and data party B respectively, and calculate the index value of the statistical indicator based on the obtained decrypted data, and then return the index value to
  • the above-mentioned interaction process may further include: sending a first notification to the management node from the computing resource usage demander, which indicates that the above-mentioned target resource is used by the computing resource usage demander; the management node based on the The first notification is to modify the current usage state of the target resource in the resource information, for example, to be in use.
  • the subsequent step may also include: sending a second notification to the management node instructing the computing resource usage demander to stop using the target resource, or instructing the computing resource usage demander to stop using the target resource. Release the occupancy of the target resource.
  • the management node modifies the current usage status of the target resource in the resource information, for example, modifies it to be idle.
  • the management node calculates the cost generated by the computing resource usage requester for using the target resource.
  • both the first notification and the second notification include the resource ID of the target resource, so that the management node can quickly query the target resource.
  • the first notification and the second notification each include a time stamp, and correspondingly, the usage fee for the target resource can be calculated according to the calculated usage duration and the preset usage unit price per unit duration.
  • the first notification also includes information such as the memory space used by the target resource and the number of computing chips (such as CPU, GPU, FPGA, etc.), and accordingly, the usage fee can be calculated in combination with these specific usage information .
  • the management node can obtain the usage log of the target resource, and by analyzing the usage log, determine the usage information of the target resource by the above-mentioned computing resource usage demander and other participants, and then according to the usage information and preset Calculate the usage fee according to the specified charging standard.
  • the first notification and/or the second notification may include identification information of other participants participating in the task execution, so that the management node can correspondingly extract the usage information from the usage log.
  • the management node can calculate the cost of using the above-mentioned target resources in the process of performing the above-mentioned target privacy computing tasks, and then charge the fee to the computing resource usage demander, or charge the computing resource usage demander and other participants Fees, for example, can be divided equally according to the total number of participants of computing resource usage demanders and other participants, and then charged to each participant according to the equally divided fees. Furthermore, the management node can draw a part of the total fee collected as a handling fee, and transfer the remaining part to the account of the publisher of the target resource. In this way, it is possible to realize the mutual benefits of computing resource usage demanders, publishers and management nodes, and win-win cooperation.
  • the management node supports computing resource holders to register their computing resources, thereby establishing a resource pool.
  • the demander of the demand can send a resource query request to the management node, and based on the resource list returned by the management node, determine the target resource used to perform the target privacy computing task, and then the computing resource usage demander can cooperate with other participants to jointly use
  • the target resource completes the execution of the target privacy computing task.
  • the embodiment of this specification also discloses a determination device and a determination system.
  • Fig. 7 shows a schematic structural diagram of an apparatus for determining computing resources in privacy computing according to an embodiment, and the apparatus is integrated in a management node.
  • the device 700 includes:
  • the query request receiving unit 710 is configured to receive a query request for computing resources from a computing resource usage demander, wherein the computing resources are public resources that support privacy algorithms, and the computing resources are pre-registered at the management node; the resource list determining unit 720 , configured to determine a resource list based on the query request and the resource information of a plurality of locally registered computing resources; the resource list sending unit 730 is configured to send the resource list to the computing resource usage demander, so that the The computing resource usage demander determines the target resource from the resource list to execute the target privacy computing task.
  • the query request includes the target privacy algorithm adopted for the target privacy computing task, and the resource information includes the privacy algorithm supported by the computing resource; the resource list determining unit 720 is specifically configured to: determine Several computing resources supporting the target privacy algorithm form the resource list.
  • the resource list determining unit 720 is further configured to: include the current usage status information of the several computing resources in the resource list.
  • the resource information includes privacy algorithms supported by computing resources; the resource list determining unit 720 is specifically configured to: determine several computing resources that are currently idle among the multiple computing resources; according to the A plurality of computing resources and privacy algorithms supported by each computing resource determine the resource list.
  • the apparatus further includes: a first notification receiving unit 742 configured to receive a first notification from the computing resource usage demander, which indicates that the target resource is used by the computing resource usage demander;
  • the first status updating unit 744 is configured to update the usage status of the target resource in the resource information according to the first notification.
  • the apparatus 700 further includes: a second notification receiving unit 752 configured to receive a second notification from the computing resource usage demander, which instructs the computing resource usage demander to stop using the The target resource; the second status update unit 754 is configured to update the usage status of the target resource in the resource information according to the second notification; the fee calculation unit 756 is configured to calculate based on the first notification and the second notification
  • the computing resources use the costs generated by the demand side for using the target resources.
  • the resource list includes IP addresses of each computing resource therein.
  • the apparatus 700 further includes: a registration request receiving unit 762 configured to receive a registration request from the computing resource holder, which includes registration information for the computing resource, and the registration information includes the information supported by the corresponding computing resource. Privacy algorithm; registration information storage unit 764, configured to include the registration information into the resource information when the registration request is approved.
  • the registration information storage unit 764 is specifically configured to: allocate a resource ID to the computing resource corresponding to the registration request; and associate and store the resource ID and registration information.
  • the registration information further includes at least one of the following: IP address, domain name, and public key of the corresponding computing resource.
  • Fig. 8 shows a schematic structural diagram of an apparatus for determining computing resources in privacy computing according to another embodiment, and the apparatus is integrated in a demand side for computing resource usage.
  • the device 800 includes:
  • the query request sending unit 810 is configured to send a query request for computing resources to the management node, where the computing resources are public resources that support privacy algorithms, and the computing resources are pre-registered at the management node;
  • the resource list receiving unit 820 is configured to Receive a resource list from the management node, the resource list is determined based on the query request and the resource information of a plurality of locally registered computing resources;
  • the target resource determining unit 830 is configured to determine an execution target based on the resource list Target resource for private computing tasks.
  • the query request sending unit 810 is further configured to: determine the target privacy algorithm adopted for the target privacy computing task, and include the target privacy algorithm in the query request.
  • the target resource determining unit 830 is specifically configured to: randomly select a computing resource from the resource list as the target resource.
  • the resource list includes current usage status information of each computing resource; the target resource determining unit 830 is specifically configured to: select a computing resource whose current usage status is idle from the resource list, as The target resource.
  • the resource list includes privacy algorithms supported by each computing resource; the target resource determining unit 830 is specifically configured to: based on the target privacy algorithm adopted for the target privacy computing task, select from the resource list A computing resource that supports the target privacy algorithm is selected as the target resource.
  • the apparatus 800 further includes: an IP address sending unit 840, configured to send the IP address of the target resource to other participants; a privacy task execution unit 850, configured to utilize the target resource, and The other participants jointly execute the target privacy computing task.
  • the embodiment of this specification also discloses a system for determining computing resources in privacy computing.
  • the determination system includes:
  • Computing resource use demand side used to send a query request for computing resources to the management node, wherein the computing resources are public resources that support privacy algorithms, and the computing resources are pre-registered with the management node; the management node is used to The query request and resource information of a plurality of computing resources registered locally, determining a resource list, and sending the resource list to the computing resource usage demander; the computing resource usage demander is configured to list, identifying the target resource for performing the target private computing task.
  • the computing resource usage requester is further configured to: determine the target privacy algorithm adopted for the target privacy computing task, and include the target privacy algorithm in the query request; the management node is specifically used to : Determine a number of computing resources supporting the target privacy algorithm, and form the resource list.
  • the management node is further configured to: include the current usage status information of the several computing resources in the resource list; the computing resource usage demander is specifically configured to: A computing resource whose current use state is idle is selected from the list as the target resource.
  • the management node is specifically configured to: select a computing resource whose current usage state is idle from the several computing resources based on the current usage state information of the several computing resources, and form the resource list; the computing resource use demander is specifically configured to: determine the computing resource in the resource list as the target resource.
  • the management node is specifically configured to: determine several computing resources that are currently idle among the multiple computing resources, and form the resource list; the computing resource usage demander is specifically configured to: based on For the target privacy algorithm adopted by the target privacy computing task, computing resources supporting the target privacy algorithm are selected from the resource list as the target resource.
  • a computer-readable storage medium on which a computer program is stored.
  • the computer program is executed in a computer, the computer is instructed to execute the method described in conjunction with FIG. 2 or FIG. 5 .
  • a computing device including a memory and a processor, wherein executable code is stored in the memory, and when the processor executes the executable code, the implementation in conjunction with FIG. 2 or FIG. 5 is realized. the method described.
  • the functions described in the present invention may be implemented by hardware, software, firmware or any combination thereof.
  • the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium.

Abstract

Embodiments of the present description provide a method for determining a computation resource in privacy computation. The method is executed by a management node. The method comprises: receiving a query request for a computation resource from a computation resource usage demander, wherein the computation resource is a public resource supporting a privacy algorithm, and the computation resource is pre-registered in a management node; determining a resource list on the basis of the query request and the resource information of a plurality of locally registered computation resources; and transmitting the resource list to the computation resource usage demander, so that the computation resource usage demander determines, from the resource list, a target resource used for executing a target privacy computation task.

Description

隐私计算中计算资源确定的方法、装置及系统Method, device and system for determining computing resources in privacy computing 技术领域technical field
本说明书一个或多个实施例涉及计算机技术领域,尤其涉及隐私计算中计算资源确定的方法、装置及系统。One or more embodiments of this specification relate to the field of computer technology, and in particular to methods, devices and systems for determining computing resources in privacy computing.
背景技术Background technique
为了充分挖掘数据价值,多方联合进行数据计算已成为一大研究热点。例如,为了更好地对商户进行分类分析,电子支付平台基于其拥有的商户交易流水数据,电子商户平台基于其拥有的商户销售数据,银行机构基于其拥有的商户借贷数据,共同进行商户的分类分析。In order to fully tap the value of data, multi-party joint data calculation has become a major research hotspot. For example, in order to better classify and analyze merchants, the electronic payment platform will classify merchants based on the merchant transaction data it owns, the e-merchant platform based on the merchant sales data it owns, and the banking institution based on the merchant loan data it owns. analyze.
在多方数据联合计算中,为了保护各方数据隐私,需要采用隐私保护计算(Privacy-PreservingComputation)技术。隐私保护计算有多种计算路线,如安全多方计算(Secure Multi-PartyComputation,MPC)、可信执行环境(Trusted execution environment,TEE)、联邦学习(Federated Learning,FL)等。实际应用中,可以针对具体的隐私计算任务,进行隐私计算路线的选取。In multi-party data joint computing, in order to protect the data privacy of all parties, it is necessary to use Privacy-Preserving Computation technology. Privacy-preserving computing has a variety of computing routes, such as Secure Multi-Party Computation (MPC), Trusted Execution Environment (Trusted Execution Environment, TEE), Federated Learning (Federated Learning, FL), etc. In practical applications, privacy computing routes can be selected for specific privacy computing tasks.
发明内容Contents of the invention
本说明书一个或多个实施例描述了隐私计算中计算资源的确定方法,通过引入管理节点建立并管理计算资源池,使得计算资源的持有方和需求方可以方便、快捷地实现对资源的发布和发现。One or more embodiments of this specification describe the method for determining computing resources in privacy computing. By introducing management nodes to establish and manage computing resource pools, the holders and demanders of computing resources can release resources conveniently and quickly. and discover.
根据第一方面,提供一种隐私计算中计算资源的确定方法,所述方法由管理节点执行,所述方法包括:从计算资源使用需求方接收针对计算资源的查询请求,其中计算资源是支持隐私算法的公共资源,所述计算资源预先注册在所述管理节点;基于所述查询请求和本地注册的多个计算资源的资源信息,确定资源列表;向所述计算资源使用需求方发送所述资源列表,以使得所述计算资源使用需求方从所述资源列表中确定目标资源,用于执行目标隐私计算任务。According to the first aspect, there is provided a method for determining computing resources in privacy computing, the method is executed by a management node, and the method includes: receiving a query request for computing resources from a computing resource usage demand side, wherein the computing resources support privacy The public resources of the algorithm, the computing resources are pre-registered in the management node; based on the query request and the resource information of multiple computing resources registered locally, determine the resource list; send the resources to the computing resource usage demand side list, so that the computing resource usage demand side determines target resources from the resource list for executing target privacy computing tasks.
在一个实施例中,所述查询请求中包括针对所述目标隐私计算任务采用的目标隐私算法,所述资源信息中包括计算资源支持的隐私算法;其中,基于所述查询请求和本地注册的多个计算资源的资源信息,确定资源列表,包括:确定支持所述目标隐私算法的 若干计算资源,形成所述资源列表。In one embodiment, the query request includes the target privacy algorithm adopted for the target privacy computing task, and the resource information includes the privacy algorithm supported by the computing resource; wherein, based on the query request and locally registered multiple resource information of computing resources, and determining a resource list includes: determining a number of computing resources supporting the target privacy algorithm to form the resource list.
在一个具体的实施例中,所述方法还包括:将所述若干计算资源的当前使用状态信息包含在所述资源列表中。In a specific embodiment, the method further includes: including the current usage state information of the several computing resources in the resource list.
在一个实施例中,所述资源信息中包括计算资源支持的隐私算法;其中,基于所述查询请求和本地注册的多个计算资源的资源信息,确定资源列表,包括:确定所述多个计算资源中当前处于空闲状态的若干计算资源;根据所述若干计算资源和其中各个计算资源支持的隐私算法,确定所述资源列表。In one embodiment, the resource information includes privacy algorithms supported by computing resources; wherein, based on the query request and the resource information of a plurality of locally registered computing resources, determining a resource list includes: determining the plurality of computing resources Among the resources, several computing resources that are currently in an idle state; the resource list is determined according to the several computing resources and the privacy algorithm supported by each computing resource.
在一个实施例中,在向所述计算资源使用需求方发送所述资源列表之后,所述方法还包括:从所述计算资源使用需求方接收第一通知,其指示所述目标资源被所述计算资源使用需求方使用;根据所述第一通知,更新所述资源信息中目标资源的使用状态。In one embodiment, after sending the resource list to the computing resource usage demander, the method further includes: receiving a first notification from the computing resource usage demander, which indicates that the target resource is used by the Computing resources used by the demand side; according to the first notification, updating the usage status of the target resource in the resource information.
在一个具体的实施例中,在从所述计算资源使用需求方接收第一通知之后,所述方法还包括:从所述计算资源使用需求方接收第二通知,其指示所述计算资源使用需求方停止使用所述目标资源;根据所述第二通知,更新所述资源信息中目标资源的使用状态;基于所述第一通知和第二通知,计算所述计算资源使用需求方使用所述目标资源产生的费用。In a specific embodiment, after receiving the first notification from the computing resource usage demander, the method further includes: receiving a second notification from the computing resource usage demander, which indicates the computing resource usage demand The party stops using the target resource; according to the second notification, update the usage status of the target resource in the resource information; The cost incurred by the resource.
在一个实施例中,所述资源列表中包括其中各个计算资源的IP地址。In one embodiment, the resource list includes IP addresses of each computing resource therein.
在一个实施例中,在从计算资源使用需求方接收针对计算资源的查询请求之前,所述方法还包括:从计算资源持有方接收注册请求,其中包括针对计算资源的注册信息,所述注册信息包括对应计算资源支持的隐私算法;在所述注册请求通过审核的情况下,将所述注册信息归入所述资源信息。In one embodiment, before receiving a query request for computing resources from a computing resource usage demander, the method further includes: receiving a registration request from a computing resource holder, including registration information for computing resources, the registration The information includes a privacy algorithm supported by a corresponding computing resource; and if the registration request is approved, the registration information is included in the resource information.
在一个具体的实施例中,将所述注册信息归入所述资源信息,包括:为所述注册请求对应的计算资源分配资源ID;对所述资源ID和注册信息进行关联存储。In a specific embodiment, adding the registration information to the resource information includes: allocating a resource ID to the computing resource corresponding to the registration request; and associating and storing the resource ID and the registration information.
在一个更具体的实施中,所述注册信息还包括以下中的至少一项:对应计算资源的IP地址,域名,公钥。In a more specific implementation, the registration information further includes at least one of the following: IP address, domain name, and public key of the corresponding computing resource.
根据第二方面,提供一种隐私计算中计算资源的确定方法,所述方法由计算资源使用需求方执行,所述方法包括:向管理节点发送针对计算资源的查询请求,其中计算资源是支持隐私算法的公共资源,所述计算资源预先注册在所述管理节点;从所述管理节点接收资源列表,该资源列表基于所述查询请求和本地注册的多个计算资源的资源信息而确定;基于所述资源列表,确定用于执行目标隐私计算任务的目标资源。According to the second aspect, there is provided a method for determining computing resources in privacy computing, the method is executed by a demander for computing resources, and the method includes: sending a query request for computing resources to a management node, where the computing resources support privacy public resources of the algorithm, the computing resources are pre-registered at the management node; receiving a resource list from the management node, the resource list is determined based on the query request and the resource information of a plurality of locally registered computing resources; based on the The above resource list is used to determine the target resource used to perform the target privacy computing task.
在一个实施例中,所述方法还包括:确定针对所述目标隐私计算任务采用的目标隐私算法,并将该目标隐私算法包含在所述查询请求中。In an embodiment, the method further includes: determining a target privacy algorithm adopted for the target privacy computing task, and including the target privacy algorithm in the query request.
在一个具体的实施例中,基于所述资源列表,确定用于执行目标隐私计算任务的目标资源,包括:从所述资源列表中随机选取一个计算资源,作为所述目标资源。In a specific embodiment, determining a target resource for executing a target privacy computing task based on the resource list includes: randomly selecting a computing resource from the resource list as the target resource.
在另一个具体的实施例中,所述资源列表包括其中各个计算资源的当前使用状态信息;其中,基于所述资源列表,确定用于执行目标隐私计算任务的目标资源,包括:从所述资源列表中选取当前使用状态为空闲状态的计算资源,作为所述目标资源。In another specific embodiment, the resource list includes current usage status information of each computing resource; wherein, based on the resource list, determining the target resource for executing the target privacy computing task includes: from the resource A computing resource whose current use state is idle is selected from the list as the target resource.
在一个实施例中,所述资源列表中包括其中各个计算资源支持的隐私算法;其中,基于所述资源列表,确定用于执行目标隐私计算任务的目标资源,包括:基于针对所述目标隐私计算任务采用的目标隐私算法,从所述资源列表中选取支持目标隐私算法的计算资源,作为所述目标资源。In an embodiment, the resource list includes privacy algorithms supported by each computing resource; wherein, based on the resource list, determining the target resource for executing the target privacy computing task includes: based on the target privacy computing For the target privacy algorithm adopted by the task, a computing resource supporting the target privacy algorithm is selected from the resource list as the target resource.
在一个实施例中,在确定用于执行目标隐私计算任务的目标资源之后,所述方法还包括:将所述目标资源的IP地址发送给其他参与方;利用所述目标资源,与所述其他参与方共同执行所述目标隐私计算任务。In one embodiment, after determining the target resource for executing the target privacy computing task, the method further includes: sending the IP address of the target resource to other participants; utilizing the target resource, communicating with the other Participants jointly perform the target privacy computing task.
根据第三方面,提供一种隐私计算中计算资源的确定方法,包括:计算资源使用需求方向管理节点发送针对计算资源的查询请求,其中计算资源是支持隐私算法的公共资源,所述计算资源预先注册在所述管理节点;所述管理节点基于所述查询请求和其本地注册的多个计算资源的资源信息,确定资源列表;所述管理节点向所述计算资源使用需求方发送所述资源列表;所述计算资源使用需求方基于所述资源列表,确定用于执行目标隐私计算任务的目标资源。According to a third aspect, a method for determining computing resources in privacy computing is provided, including: sending a query request for computing resources to a management node from a computing resource usage demand direction, wherein the computing resources are public resources that support privacy algorithms, and the computing resources are pre-determined Registered at the management node; the management node determines a resource list based on the query request and the resource information of multiple computing resources registered locally; the management node sends the resource list to the computing resource usage demand side ; The computing resource usage demander determines the target resource for executing the target privacy computing task based on the resource list.
在一个实施例中,所述方法还包括:所述计算资源使用需求方确定针对目标隐私计算任务采用的目标隐私算法,并将该目标隐私算法包含在所述查询请求中;其中,所述管理节点基于所述查询请求和其存储的多个计算资源的资源信息,确定资源列表,包括:确定支持所述目标隐私算法的若干计算资源,形成所述资源列表。In one embodiment, the method further includes: the computing resource usage demand side determines the target privacy algorithm adopted for the target privacy computing task, and includes the target privacy algorithm in the query request; wherein, the management The node determines a resource list based on the query request and resource information of multiple computing resources stored therein, including: determining several computing resources supporting the target privacy algorithm to form the resource list.
在一个具体的实施例中,所述方法还包括:所述管理节点将所述若干计算资源的当前使用状态信息包含在所述资源列表中;其中,所述计算资源使用需求方基于所述资源列表,确定用于执行目标隐私计算任务的目标资源,包括:从所述资源列表中选取当前使用状态为空闲状态的计算资源,作为所述目标资源。In a specific embodiment, the method further includes: the management node includes the current usage status information of the several computing resources in the resource list; list, determining a target resource for executing a target privacy computing task, comprising: selecting a computing resource whose current use state is idle from the resource list as the target resource.
在又一个具体的实施例中,上述确定支持所述目标隐私算法的若干计算资源,形成 所述资源列表,包括:所述管理节点基于所述若干计算资源的当前使用状态信息,从该若干计算资源中选取当前使用状态为空闲状态的计算资源,形成所述资源列表;其中,所述计算资源使用需求方基于所述资源列表,确定用于执行目标隐私计算任务的目标资源,包括:所述计算资源使用需求方将资源列表中的计算资源,确定为所述目标资源。In yet another specific embodiment, the above-mentioned determination of several computing resources that support the target privacy algorithm and forming the resource list includes: the management node, based on the current usage status information of the several computing resources, from the several computing resources Selecting computing resources whose current use status is idle from the resources to form the resource list; wherein, the computing resource use demand side determines the target resource for executing the target privacy computing task based on the resource list, including: the The computing resource use demand side determines the computing resource in the resource list as the target resource.
在另一个具体的实施例中,所述管理节点基于所述查询请求和其存储的多个计算资源的资源信息,确定资源列表,包括:确定所述多个计算资源中当前处于空闲状态的若干计算资源,形成所述资源列表;其中,基于所述资源列表,确定用于执行目标隐私计算任务的目标资源,包括:基于针对所述目标隐私计算任务采用的目标隐私算法,从所述资源列表中选取支持目标隐私算法的计算资源,作为所述目标资源。In another specific embodiment, the management node determines the resource list based on the query request and the resource information of multiple computing resources stored in it, including: determining several of the multiple computing resources that are currently idle Computing resources to form the resource list; wherein, based on the resource list, determining the target resource for executing the target privacy computing task includes: based on the target privacy algorithm adopted for the target privacy computing task, from the resource list Select a computing resource that supports the target privacy algorithm as the target resource.
根据第四方面,提供一种隐私计算中计算资源的确定装置,所述装置集成于管理节点,所述装置包括:查询请求接收单元,配置为从计算资源使用需求方接收针对计算资源的查询请求,其中计算资源是支持隐私算法的公共资源,所述计算资源预先注册在所述管理节点;资源列表确定单元,配置为基于所述查询请求和本地注册的多个计算资源的资源信息,确定资源列表;资源列表发送单元,配置为向所述计算资源使用需求方发送所述资源列表,以使得所述计算资源使用需求方从所述资源列表中确定目标资源,用于执行目标隐私计算任务。According to the fourth aspect, there is provided a device for determining computing resources in privacy computing, the device is integrated in a management node, and the device includes: a query request receiving unit configured to receive a query request for computing resources from a computing resource usage demander , wherein the computing resource is a public resource that supports a privacy algorithm, and the computing resource is pre-registered at the management node; the resource list determination unit is configured to determine the resource based on the query request and resource information of a plurality of locally registered computing resources list; a resource list sending unit configured to send the resource list to the computing resource usage demander, so that the computing resource usage demander can determine target resources from the resource list for executing target privacy computing tasks.
根据第五方面,提供一种隐私计算中计算资源的确定装置,所述装置集成于计算资源使用需求方,所述装置包括:查询请求发送单元,配置为向管理节点发送针对计算资源的查询请求,其中计算资源是支持隐私算法的公共资源,所述计算资源预先注册在所述管理节点;资源列表接收单元,配置为从所述管理节点接收资源列表,该资源列表基于所述查询请求和本地注册的多个计算资源的资源信息而确定;目标资源确定单元,配置为基于所述资源列表,确定用于执行目标隐私计算任务的目标资源。According to the fifth aspect, there is provided a device for determining computing resources in privacy computing, the device is integrated with a computing resource usage demander, and the device includes: a query request sending unit configured to send a query request for computing resources to a management node , wherein the computing resources are public resources that support privacy algorithms, and the computing resources are pre-registered at the management node; the resource list receiving unit is configured to receive a resource list from the management node, the resource list is based on the query request and the local The resource information of a plurality of registered computing resources is determined; the target resource determining unit is configured to determine a target resource for executing a target privacy computing task based on the resource list.
根据第六方面,提供一种隐私计算中计算资源的确定系统,包括:计算资源使用需求方,用于向管理节点发送针对计算资源的查询请求,其中计算资源是支持隐私算法的公共资源,所述计算资源预先注册在所述管理节点;所述管理节点,用于基于所述查询请求和其本地注册的多个计算资源的资源信息,确定资源列表,以及向所述计算资源使用需求方发送所述资源列表;所述计算资源使用需求方,还用于基于所述资源列表,确定用于执行目标隐私计算任务的目标资源。According to the sixth aspect, a system for determining computing resources in privacy computing is provided, including: a demander for computing resources, configured to send a query request for computing resources to a management node, where the computing resources are public resources that support privacy algorithms, so The computing resources are pre-registered on the management node; the management node is configured to determine a resource list based on the query request and the resource information of multiple computing resources registered locally, and send the resource list to the computing resource usage demand party The resource list; the computing resource usage demander is further configured to determine a target resource for executing a target privacy computing task based on the resource list.
根据第七方面,提供一种计算机可读存储介质,其上存储有计算机程序,当所述计算机程序在计算机中执行时,令计算机执行第一方面至第三方面中中任一方面提供的方 法。According to a seventh aspect, there is provided a computer-readable storage medium, on which a computer program is stored, and when the computer program is executed in a computer, the computer is made to execute the method provided in any one of the first to third aspects .
根据第八方面,提供一种计算设备,包括存储器和处理器,所述存储器中存储有可执行代码,所述处理器执行所述可执行代码时,实现第一方面至第三方面中任一方面提供的方法。According to an eighth aspect, there is provided a computing device, including a memory and a processor, wherein executable code is stored in the memory, and when the processor executes the executable code, any one of the first aspect to the third aspect is implemented method provided.
根据本说明书实施例提供的方法和装置,管理节点支持计算资源持有方对其持有的计算资源进行注册,从而建立资源池,由此,具有计算资源使用需求的需求方,可以向管理节点发送资源查询请求,并基于管理节点返回的资源列表,确定用于执行目标隐私计算任务的目标资源,进而该计算资源使用需求方可以协同其他参与方,共同利用目标资源,完成对目标隐私计算任务的执行。如此,通过引入管理节点建立并管理计算资源池,使得计算资源的持有方和需求方可以方便、快捷地实现对资源的发布和发现。According to the method and device provided by the embodiments of this specification, the management node supports the computing resource holder to register the computing resources it holds, thereby establishing a resource pool, so that the demander with computing resource usage requirements can submit to the management node Send a resource query request, and determine the target resource used to perform the target privacy computing task based on the resource list returned by the management node, and then the computing resource usage demander can cooperate with other participants to jointly use the target resource to complete the target privacy computing task execution. In this way, by introducing management nodes to establish and manage computing resource pools, the holders and demanders of computing resources can release and discover resources conveniently and quickly.
附图说明Description of drawings
为了更清楚地说明本发明实施例的技术方案,下面将对实施例描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其它的附图。In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the following will briefly introduce the accompanying drawings that need to be used in the description of the embodiments. Obviously, the accompanying drawings in the following description are only some embodiments of the present invention. For Those of ordinary skill in the art can also obtain other drawings based on these drawings without making creative efforts.
图1示出根据一个实施例的针对计算资源的交互场景示意图;Fig. 1 shows a schematic diagram of an interaction scenario for computing resources according to an embodiment;
图2示出根据一个实施例的确定隐私计算中计算资源的多方交互示意图;Fig. 2 shows a schematic diagram of multi-party interaction in determining computing resources in privacy computing according to an embodiment;
图3示出根据一个实施例的多方协同隐私计算的示意图;Fig. 3 shows a schematic diagram of multi-party collaborative privacy calculation according to an embodiment;
图4示出根据另一个实施例的多方协同隐私计算的示意图;Fig. 4 shows a schematic diagram of multi-party collaborative privacy calculation according to another embodiment;
图5示出根据另一个实施例的确定隐私计算中计算资源的多方交互示意图;Fig. 5 shows a schematic diagram of multi-party interaction in determining computing resources in privacy computing according to another embodiment;
图6示出根据一个实施例的执行隐私数据统计任务的架构示意图;FIG. 6 shows a schematic diagram of an architecture for performing privacy data statistics tasks according to an embodiment;
图7示出根据一个实施例的隐私计算中计算资源的确定装置结构示意图;Fig. 7 shows a schematic structural diagram of an apparatus for determining computing resources in privacy computing according to an embodiment;
图8示出根据另一个实施例的隐私计算中计算资源的确定装置结构示意图。Fig. 8 shows a schematic structural diagram of an apparatus for determining computing resources in privacy computing according to another embodiment.
具体实施方式detailed description
下面结合附图,对本说明书提供的方案进行描述。The solutions provided in this specification will be described below in conjunction with the accompanying drawings.
为了完成某个隐私计算任务,可能需要用到第三方提供的计算资源,例如,MPC随 机数服务器或TEE服务器等。对于第三方及计算资源的选定,往往通过线下点对点的方式进行问询和协商。本说明书提供另一方案来确定隐私计算中的计算资源。In order to complete a privacy computing task, it may be necessary to use computing resources provided by a third party, such as MPC random number server or TEE server. For the selection of third parties and computing resources, inquiries and negotiations are often conducted in an offline point-to-point manner. This specification provides another solution to determine computing resources in private computing.
发明人提出的这种方案,引入管理节点来收集第三方发布的计算资源,建立计算资源池,从而让具有计算资源使用需求的需求方,可以向管理节点发送资源查询请求,并基于管理节点根据查询请求返回的资源列表,确定用于执行目标隐私计算任务的目标资源,进而,该需求方可以将该目标资源的寻址信息告知隐私计算的各个参与方,使得该各个参与方可以共同利用该目标资源完成对目标隐私计算任务的执行。The solution proposed by the inventor introduces management nodes to collect computing resources released by third parties, and establishes computing resource pools, so that demanders who have computing resource usage requirements can send resource query requests to management nodes, and based on the management nodes according to Query the resource list returned by the request to determine the target resource used to perform the target privacy computing task, and then, the demander can inform each participant of the privacy computing of the addressing information of the target resource, so that each participant can jointly use the The target resource completes the execution of the target privacy computing task.
为便于直观理解,图1示出根据一个实施例的针对计算资源的交互场景示意图。如图1所示,银行A向管理节点发送查询请求,其中包括其要求计算资源支持TEE算法;管理节点基于其计算资源池中各资源的资源信息,向银行A返回计算资源列表,其中包括3台TEE服务器各自的使用状态;然后,银行A选取处于空闲状态的3号TEE服务器,并将3号TEE服务器的网际协议(Internet Protocol,简称IP)地址发送至银行B,进而与银行B共同利用3号TEE服务器,完成目标隐私计算任务(例如,联合建立商户分类模型)。To facilitate intuitive understanding, FIG. 1 shows a schematic diagram of an interaction scenario for computing resources according to an embodiment. As shown in Figure 1, bank A sends a query request to the management node, including its request for computing resources to support the TEE algorithm; the management node returns a list of computing resources to bank A based on the resource information of each resource in its computing resource pool, including 3 The usage status of each TEE server; then, bank A selects No. 3 TEE server in an idle state, and sends the Internet Protocol (Internet Protocol, IP) address of No. 3 TEE server to bank B, and then uses it with bank B No. 3 TEE server completes the target privacy calculation task (for example, jointly establishes a merchant classification model).
下面,结合具体的实施例,描述实现上述发明构思的实施步骤。图2示出根据一个实施例的确定隐私计算中计算资源的多方交互示意图,该多方至少包括计算资源使用需求方和管理节点。示例性地,计算资源使用需求方可以是图1中示出的银行A。需理解,该多方中的各方均可以实现为具有计算、处理能力的设备、平台、服务器或设备集群。Below, in conjunction with specific embodiments, the implementation steps for realizing the above inventive concept will be described. Fig. 2 shows a schematic diagram of multi-party interaction in determining computing resources in privacy computing according to an embodiment, and the multi-party at least includes a computing resource usage demander and a management node. Exemplarily, the computing resource usage demander may be bank A shown in FIG. 1 . It should be understood that each of the multiple parties can be implemented as a device, platform, server or device cluster with computing and processing capabilities.
如图2所示,所述交互过程包括以下步骤:步骤S210,计算资源使用需求方向管理节点发送针对计算资源的查询请求,该计算资源预先注册在管理节点。As shown in FIG. 2 , the interaction process includes the following steps: Step S210 , the computing resource usage demander sends a query request for the computing resource to the management node, and the computing resource is registered in the management node in advance.
需说明,计算资源是支持隐私算法的公共资源,其中部署有隐私算法的相关计算逻辑,和/或,用于提供相关的算法参数,可供多个隐私计算任务共用。相应地,该计算资源可由公共资源平台承载,该公共资源平台在发布和提供该隐私算法的过程中承担算法提供方的角色;一旦,该计算资源被参与方利用进行多方隐私的计算,该公共资源平台就还承担了计算方的角色。因计算资源是公共资源,这意味着,公共资源平台仅需提供计算资源,其本身并不直接或间接地提供的与隐私计算有关的样本数据,并且该公共资源平台可以基于其提供的计算资源,在多次隐私计算中与不同的、非特定的隐私计算参与方灵活建立合作关系,共同进行隐私计算。It should be noted that computing resources are public resources that support privacy algorithms, where relevant computing logic for privacy algorithms is deployed, and/or are used to provide relevant algorithm parameters, which can be shared by multiple privacy computing tasks. Correspondingly, the computing resource can be carried by the public resource platform, and the public resource platform assumes the role of the algorithm provider in the process of publishing and providing the privacy algorithm; The resource platform also assumes the role of computing party. Because computing resources are public resources, it means that the public resource platform only needs to provide computing resources, and it does not directly or indirectly provide sample data related to privacy computing, and the public resource platform can use the computing resources it provides , to flexibly establish cooperative relationships with different, non-specific privacy computing participants in multiple privacy calculations, and jointly perform privacy calculations.
在一种实施情况中,隐私计算中的数据提供方依赖设有隐私计算引擎的计算方进行 隐私计算。具体,数据提供方将自身持有的隐私样本数据发送给第一类计算资源以进行隐私计算,比如说将样本数据进行加密后给到计算方进行隐私计算;还比如将样本数据进行分片后发给计算方进行隐私计算。图3示出根据一个实施例的多方协同隐私计算的示意图,如图3所示,n个数据提供方基于t个计算节点提供的算力进行隐私计算。在一个具体的实施例中,t个计算节点的资源形式可以是TEE服务器;在另一个实施例中,t个计算节点可以是具有MPC计算引擎的服务器。In one implementation, the data provider in the privacy calculation relies on the calculation party with the privacy calculation engine to perform privacy calculation. Specifically, the data provider sends the private sample data held by itself to the first type of computing resources for privacy computing, for example, after encrypting the sample data and sending it to the computing party for privacy computing; for example, after sharding the sample data Send it to the computing party for privacy calculation. Fig. 3 shows a schematic diagram of multi-party collaborative privacy computing according to an embodiment. As shown in Fig. 3, n data providers perform privacy computing based on computing power provided by t computing nodes. In a specific embodiment, the resources of the t computing nodes may be TEE servers; in another embodiment, the t computing nodes may be servers with MPC computing engines.
在另一种实施情况中,数据提供方在隐私计算中自身也参与进来承担一部分计算方的角色。此时,可以进一步寻求第二类计算资源(或称辅助计算资源)和其一起参与隐私计算。在某些情况下,这种合作的隐私计算方式可以采用简化的或更优的隐私计算协议。图4示出根据另一个实施例的多方协同隐私计算的示意图,如图4所示,其中的两个数据提供方亦作为计算节点,并协同辅助计算资源(图4中示意为辅助服务器)一起进行隐私计算。在一个具体的实施例中,其中辅助计算资源可以是MPC随机数提供方。在另一个实施例中,该辅助计算资源可以是联邦学习中心服务器。In another implementation situation, the data provider itself also participates in the privacy calculation and assumes a part of the role of the calculation party. At this point, the second type of computing resources (or auxiliary computing resources) can be further sought to participate in privacy computing together with it. In some cases, this cooperative privacy computing method can adopt a simplified or better privacy computing protocol. Fig. 4 shows a schematic diagram of multi-party collaborative privacy computing according to another embodiment. As shown in Fig. 4, the two data providers also serve as computing nodes and cooperate with auxiliary computing resources (shown as auxiliary servers in Fig. 4) Perform privacy calculations. In a specific embodiment, the auxiliary computing resource may be an MPC random number provider. In another embodiment, the secondary computing resource may be a Federated Learning Center server.
需理解,上述计算资源的载体可以是任何具有计算、处理能力的模块、设备或设备集群等。It should be understood that the carrier of the above computing resources may be any module, device or device cluster with computing and processing capabilities.
另一方面,在一个实施例中,上述查询请求指示请求查询处于可用状态的计算资源。在一个具体的实施例中,其中处于可用状态可以包括处于部分空闲或完全空闲状态。On the other hand, in one embodiment, the above query request indicates a request to query computing resources in an available state. In a specific embodiment, being in the available state may include being in a partially idle state or a completely idle state.
在一个实施例中,计算资源使用需求方确定针对目标隐私计算任务采用的目标隐私算法,并将该目标隐私算法包含在查询请求中。需说明,其中目标隐私计算任务的任务类型可以有多种。在一个具体的实施例中,该任务类型可以包括针对指定数据项的联合统计分析。在一个更具体的实施例中,其中指定数据项可以是用户年龄、用户性别、商户平均营业额、商户类别、企业规模等。在一个更具体的实施例中,其中联合统计分析可以是分析指定数据项在其定义域内的数值分布,或者,不同方之间对指定数据项所对应数值的大小比较,又或者,不同方之间对指定数据项的求和、求交或求平均等分析计算操作。在一个示例中,上述针对指定数据项的联合统计分析可以是:统计不同方中女性用户的总数量。在另一个示例中,也可以是:统计不同方中相同用户的数量。在还一个示例中,还可以是:统计多方中所有用户的年龄分布。在又一个示例中,可以是:比较多方的商户平均营业额。In one embodiment, the computing resource usage requester determines the target privacy algorithm adopted for the target privacy computing task, and includes the target privacy algorithm in the query request. It should be noted that there may be multiple types of target privacy computing tasks. In a specific embodiment, the task type may include joint statistical analysis for specified data items. In a more specific embodiment, the specified data items may be user age, user gender, merchant average turnover, merchant category, enterprise scale, and the like. In a more specific embodiment, the joint statistical analysis may be to analyze the numerical distribution of the specified data item within its definition domain, or, between different parties, to compare the value corresponding to the specified data item, or, between different parties Analysis and calculation operations such as summation, intersection, or averaging of specified data items. In an example, the joint statistical analysis for the specified data item may be: counting the total number of female users in different parties. In another example, it may also be: counting the number of identical users in different parties. In yet another example, it may also be: counting age distributions of all users in the multi-party. In yet another example, it may be: comparing the average turnover of merchants of multiple parties.
在另一个具体的实施例中,目标计算任务的任务类型可以包括指定模型的联合训练。在一个更具体的实施例中,指定模型可以是逻辑回归模型、决策树模型、神经网络模型 等机器学习模型。在一个更具体的实施例中,指定模型可以是分类模型或回归模型。在一个更具体的实施例中,指定模型针对的样本对象可以是:用户、商户、商品、事件(如登录事件或访问事件)、设备(如用户终端或物联网设备)等。在一个示例中,指定模型可以是用户分类模型或用户打分模型,具体如消费人群划分模型、用户风险评估模型、用户异常识别模型等。在另一个示例中,指定模型可以是商品分类模型或商品评分模型,具体如商品热度评分模型等。In another specific embodiment, the task type of the target computing task may include joint training of specified models. In a more specific embodiment, the specified model may be a machine learning model such as a logistic regression model, a decision tree model, or a neural network model. In a more specific embodiment, the specified model may be a classification model or a regression model. In a more specific embodiment, the sample objects targeted by the specified model may be: users, merchants, commodities, events (such as login events or access events), devices (such as user terminals or Internet of Things devices), and so on. In an example, the specified model may be a user classification model or a user scoring model, such as a consumer group segmentation model, a user risk assessment model, a user anomaly identification model, and the like. In another example, the specified model may be a commodity classification model or a commodity scoring model, specifically such as a commodity popularity scoring model.
在又一个具体的实施例中,目标计算任务的任务类型可以包括指定模型的联合预测。在一个更具体的实施例中,指定模型可以是分类模型或回归模型,相应,联合预测可以是基于分类模型预测分类类别,或者,基于回归模型预测回归值。在一个例子中,上述指定模型的联合预测可以是:基于用户风险评估模型预测用户风险评分,或者,基于用户异常识别模型识别异常用户。In yet another specific embodiment, the task type of the target computing task may include joint prediction of a specified model. In a more specific embodiment, the specified model may be a classification model or a regression model, and correspondingly, the joint prediction may be to predict a classification category based on a classification model, or to predict a regression value based on a regression model. In an example, the joint prediction of the above specified models may be: predicting user risk scores based on the user risk assessment model, or identifying abnormal users based on the user anomaly identification model.
以上介绍描述信息中包括的目标计算任务类型,需理解,任务类型除了可以包括上述针对指定数据项的联合统计分析、指定模型的联合训练和联合预测以外,还可以包括其他类型,不作穷举。The above description describes the target computing task types included in the description information. It should be understood that in addition to the above-mentioned joint statistical analysis for specified data items, joint training and joint prediction of specified models, task types can also include other types, which are not exhaustive.
一般地,可以确定出执行上述目标隐私任务的一种或多种隐私算法。例如,假定目标隐私任务是确定多个服务平台中拥有的相同用户的数量,相应,确定出的隐私算法可以包括隐私集合求交(Private Set Intersection,简称PSI)算法,TEE算法等。进一步,在一个具体的实施例中,在确定出多种隐私算法的情况下,可以从中随机选取一种,作为目标隐私算法。在另一个具体的实施例中,可以对该多个隐私算法进行优先级排序,并将优先级最高的隐私算法作为目标隐私算法,包含在查询请求中。更进一步,在一个例子中,工作人员预先针对所有可能被采用的隐私算法进行优先级设定,从而本步骤中可以根据预先设定的优先级信息,对上述多种隐私算法进行优先级排序。在另一个例子中,可以根据历史上对隐私算法的实施效果,对上述多种隐私算法进行优先级排序。Generally, one or more privacy algorithms that perform the above target privacy tasks can be determined. For example, assuming that the target privacy task is to determine the number of identical users in multiple service platforms, correspondingly, the determined privacy algorithm may include a Private Set Intersection (PSI) algorithm, a TEE algorithm, and the like. Further, in a specific embodiment, when multiple privacy algorithms are determined, one of them may be randomly selected as the target privacy algorithm. In another specific embodiment, the plurality of privacy algorithms may be prioritized, and the privacy algorithm with the highest priority may be included in the query request as the target privacy algorithm. Furthermore, in an example, the staff sets priorities for all privacy algorithms that may be adopted in advance, so that in this step, the above-mentioned multiple privacy algorithms can be prioritized according to the preset priority information. In another example, the above-mentioned multiple privacy algorithms may be prioritized according to the historical implementation effects of the privacy algorithms.
由上,计算资源使用需求方可以确定出针对隐私目标任务采用的目标隐私算法,并包含在上述查询请求中。在一个具体的实施例中,上述查询请求中还可以包括对支持目标隐私算法的计算资源的需求数量(如2台服务器等)。Based on the above, the computing resource usage demander can determine the target privacy algorithm adopted for the privacy target task, and include it in the above query request. In a specific embodiment, the above query request may also include the required number of computing resources supporting the target privacy algorithm (such as 2 servers, etc.).
计算资源使用需求方将生成的上述查询请求发送至管理节点。相应,管理节点可以接收到该查询请求,并在步骤S220,基于该查询请求和其本地注册的多个计算资源的资源信息,确定资源列表。The computing resource usage demander sends the generated query request to the management node. Correspondingly, the management node may receive the query request, and in step S220, determine a resource list based on the query request and the resource information of the plurality of computing resources registered locally.
在一个实施例中,资源信息可以包括计算资源的资源ID(Identity)、寻址信息、公钥、支持的隐私算法等。在一个具体的实施例中,其中寻址信息可以包括IP地址。在另一个具体的实施例中,寻址信息可以包括域名。In an embodiment, the resource information may include resource ID (Identity) of the computing resource, addressing information, public key, supported privacy algorithm, and the like. In a specific embodiment, the addressing information may include an IP address. In another specific embodiment, the addressing information may include a domain name.
对于资源信息的来源,在一个实施例中,参见图5,上述多方还可以包括计算资源持有方,在步骤S210之前,多方交互过程中还可以包括步骤S205和步骤S206,在步骤S205,管理节点从计算资源持有方接收注册请求,其中包括针对计算资源的注册信息,该注册信息包括对应计算资源支持的隐私算法;在步骤S206,在上述注册请求通过审核的情况下,管理节点将上述注册信息归入所述资源信息。需理解,计算资源持有方可以通过将自身持有的计算资源注册到管理节点,成为计算资源发布方,从而使得管理节点基于注册的计算资源建立资源池,供计算资源的需求方查询和使用。此外,资源发布方可以发布支持相同或不同隐私算法的多个计算资源。Regarding the source of resource information, in one embodiment, referring to Figure 5, the above-mentioned multiple parties may also include computing resource holders. Before step S210, the process of multi-party interaction may also include steps S205 and S206. In step S205, the management The node receives the registration request from the computing resource holder, which includes the registration information for the computing resource, and the registration information includes the privacy algorithm supported by the corresponding computing resource; in step S206, when the above registration request is approved, the management node will Registration information falls under the resource information. It should be understood that computing resource holders can become computing resource issuers by registering their own computing resources with management nodes, so that management nodes can establish resource pools based on registered computing resources for query and use by demanders of computing resources . In addition, resource issuers can issue multiple computing resources that support the same or different privacy algorithms.
在一个具体的实施例中,上述注册信息还可以包括对应资源的IP地址、域名或者公钥。在一个具体的实施例中,对于上述注册请求的审核,可以包括对计算资源持有方进行资质审核、信用审核,以及对注册请求涉及的计算资源的有效性进行审核。在一个具体的实施例中,上述管理节点将注册信息归入资源信息可以包括:为上述注册请求对应的计算资源分配资源ID;对该资源ID和注册信息进行关联存储。In a specific embodiment, the above registration information may also include the IP address, domain name or public key of the corresponding resource. In a specific embodiment, the review of the above-mentioned registration request may include conducting qualification review and credit review of the computing resource holder, and reviewing the validity of the computing resources involved in the registration request. In a specific embodiment, the management node adding the registration information to the resource information may include: allocating a resource ID to the computing resource corresponding to the registration request; and storing the resource ID and the registration information in association.
在另一个实施例中,上述资源信息还可以包括计算资源的当前使用状态,例如,使用中、空闲中。在一个具体的实施例中,还可以包括使用详请。在一个更具体的实施例中,该使用详情可以包含:计算资源被多少商户或数据节点使用,近一分钟内计算资源的CPU、内存、磁盘、网络等的占用情况和剩余可以情况。在一个示例中,管理节点可以通过主动查询的方式获取上述使用详情。在另一个示例中,上述使用详情可以由上述多个计算资源定时主动上报至管理节点。In another embodiment, the above resource information may also include the current usage status of computing resources, for example, in use and idle. In a specific embodiment, usage details may also be included. In a more specific embodiment, the usage details may include: how many merchants or data nodes the computing resource is used by, the CPU, memory, disk, network, etc. occupancy and remaining availability of the computing resource in the last minute. In an example, the management node may obtain the above usage details through active query. In another example, the above usage details may be proactively reported to the management node by the above multiple computing resources at regular intervals.
在一个实施例中,查询请求中包括针对上述目标隐私计算任务采用的目标隐私算法,上述资源信息中包括计算资源支持的隐私算法。相应,在本步骤中,管理节点可以从多个计算资源中确定支持该目标隐私算法的若干计算资源,形成上述资源列表。在一个具体的实施例中,资源信息中还包括计算资源的当前使用状态,相应,本步骤中还可以包括:将上述若干计算资源的当前使用状态信息包含在上述资源列表中。在另一个具体的实施例中,查询请求中指示计算资源使用需求方委托管理节点确定目标资源,相应,本步骤还可以包括:管理节点基于若干计算资源的当前使用状态信息,从该若干计算资源中选取当前使用状态为空闲状态的计算资源,形成上述资源列表,以使得计算资源使用 需求方可以直接将该资源列表中的计算资源确定为目标资源。In one embodiment, the query request includes the target privacy algorithm adopted for the target privacy computing task, and the resource information includes the privacy algorithm supported by the computing resource. Correspondingly, in this step, the management node may determine a number of computing resources supporting the target privacy algorithm from a plurality of computing resources to form the above-mentioned resource list. In a specific embodiment, the resource information also includes the current usage status of the computing resources, and accordingly, this step may further include: including the current usage status information of the above-mentioned several computing resources in the above-mentioned resource list. In another specific embodiment, the query request indicates that the demander for computing resources entrusts the management node to determine the target resource. Correspondingly, this step may also include: the management node, based on the current usage status information of several computing resources, selects the Computing resources whose current use status is idle are selected from the list to form the above resource list, so that the computing resource usage demand side can directly determine the computing resources in the resource list as target resources.
在一个实施例中,查询请求中没有包括上述目标隐私算法,相应,在本步骤中,管理节点可以确定上述多个计算资源中当前处于空闲状态的若干计算资源,进而利用该若干计算资源中各资源的资源ID和支持的隐私算法,形成资源列表。在一个具体的实施例中,其中空闲状态可以是完全空闲状态(没有被任何方使用),或部分空闲状态(部分空间被使用,还有剩余空间尚未被使用)。在一个具体的实施例中,资源列表中还可以包括若干计算资源的使用详情。In one embodiment, the above-mentioned target privacy algorithm is not included in the query request. Correspondingly, in this step, the management node can determine some computing resources that are currently idle among the above-mentioned multiple computing resources, and then use each of the several computing resources to The resource ID of the resource and the supported privacy algorithms form a resource list. In a specific embodiment, the idle state may be a completely idle state (not used by any party), or a partially idle state (partial space is used, and the remaining space has not been used). In a specific embodiment, the resource list may also include usage details of several computing resources.
在一个实施例中,上述资源列表还可以包括其中各个计算资源的寻址信息(如IP地址或域名),用于后续定位到对应的计算资源进而对该资源进行使用。在一个实施例中,上述资源列表中还可以包括其中各个计算资源的资源ID。In an embodiment, the above resource list may also include addressing information (such as IP address or domain name) of each computing resource, which is used to subsequently locate the corresponding computing resource and then use the resource. In an embodiment, the above resource list may further include resource IDs of respective computing resources therein.
如此,管理节点可以根据接收的查询请求和存储的资源信息,确定资源列表。进而在步骤S230,管理节点向计算资源使用需求方发送该资源列表。相应,计算资源使用需求方可以接收到该资源列表,进而在步骤S240,计算资源使用需求方基于该资源列表,确定用于执行目标隐私计算任务的目标资源。In this way, the management node can determine the resource list according to the received query request and the stored resource information. Furthermore, in step S230, the management node sends the resource list to the computing resource usage demander. Correspondingly, the computing resource usage demander may receive the resource list, and then in step S240, the computing resource usage demander determines the target resource for executing the target privacy computing task based on the resource list.
在一个实施例中,上述查询请求中包括针对目标隐私计算任务采用的目标隐私算法,相应确定出的资源列表中的各个计算资源均支持该目标隐私算法。基于此,在一个具体的实施例中,本步骤可以包括:计算资源使用需求方从资源列表中随机选取一个计算资源,作为上述目标资源。在另一个具体的实施例中,该资源列表中还包括其中各个计算资源的当前使用状态,相应,可以从中选取当前处于空闲状态的计算资源,作为上述目标资源。在还一个具体的实施例中,该资源列表中还包括各个计算资源的当前使用详情,如计算资源被多少商户或数据节点使用,近一分钟内计算资源的CPU、内存、磁盘、网络等的占用情况,相应,可以基于使用详情对相应的计算资源进行评分,并将分数最高的计算资源,确定为目标资源。在一个示例中,可以将各个计算资源的使用详情输入预先训练的资源评分模型中,得到对应的资源评分。在另一个示例中,可以结合预先指定的评分规则,根据使用详情进行资源评分。In one embodiment, the query request includes a target privacy algorithm adopted for the target privacy computing task, and each computing resource in the correspondingly determined resource list supports the target privacy algorithm. Based on this, in a specific embodiment, this step may include: the demander for computing resource use randomly selects a computing resource from the resource list as the above-mentioned target resource. In another specific embodiment, the resource list also includes the current usage status of each of the computing resources, and correspondingly, the computing resource that is currently in an idle state can be selected as the above-mentioned target resource. In another specific embodiment, the resource list also includes the current usage details of each computing resource, such as how many merchants or data nodes the computing resource is used by, and the CPU, memory, disk, network, etc. of the computing resource in the past one minute. Corresponding to the occupancy situation, the corresponding computing resource can be scored based on the usage details, and the computing resource with the highest score can be determined as the target resource. In an example, usage details of each computing resource may be input into a pre-trained resource scoring model to obtain a corresponding resource score. In another example, resource scoring based on usage details can be combined with pre-specified scoring rules.
在一个实施例中,上述资源列表中包括其中各个计算资源支持的隐私算法,相应,本步骤中可以包括:计算资源使用需求方基于上述目标隐私算法,从上述资源列表中选取支持该目标隐私算法的计算资源,作为上述目标资源。进一步,在一个具体的实施例中,资源列表中的计算资源均处于空闲状态,这意味着其可以马上投入使用。在另一个具体的实施例中,资源列表中的计算资源处于使用状态或空闲状态,若计算资源使用需 求方确定出的目标资源处于使用状态,其可以向管理节点预约对该目标资源的使用。In one embodiment, the above resource list includes the privacy algorithms supported by each computing resource. Correspondingly, this step may include: based on the above target privacy algorithm, the computing resource usage demander selects from the above resource list to support the target privacy algorithm Computing resources of , as the target resource above. Further, in a specific embodiment, the computing resources in the resource list are all in an idle state, which means they can be put into use immediately. In another specific embodiment, the computing resources in the resource list are in use state or idle state. If the target resource determined by the computing resource usage demander is in use state, it can reserve the use of the target resource with the management node.
在一个实施例中,计算资源使用需求方预先委托管理节点选取目标资源,相应,计算资源使用需求方可以直接将资源列表中的计算资源确定为目标资源。In one embodiment, the computing resource usage demander entrusts the management node to select the target resource in advance, and accordingly, the computing resource usage demander can directly determine the computing resource in the resource list as the target resource.
如此,计算资源使用需求方可以确定用于执行目标隐私任务的目标资源。In this way, the computing resource usage demander can determine the target resource for performing the target privacy task.
根据另一方面的实施例,参见图5,上述多方还可以包括其他参与方(例如图1中示出的银行B),该其他参与方可以包括除上述计算资源使用需求方和目标资源的发布方以外的、参与上述目标计算任务执行的其他方。在一个示例中,假定计算资源使用需求方是某个数据提供方,相应,其他参与方可以包括其他的数据提供方。According to another embodiment, referring to FIG. 5, the above-mentioned multiple parties may also include other participants (for example, bank B shown in FIG. Other parties that participate in the execution of the above-mentioned target computing tasks. In an example, it is assumed that the demander for computing resource usage is a certain data provider, and correspondingly, other participants may include other data providers.
如图5所示,在步骤S240之后,上述交互过程还可以包括步骤S245和步骤S246。在步骤S245,计算资源使用需求方将目标资源的寻址信息(如IP地址或域名)发送给其他参与方。在一个具体的实施例中,还将目标资源的公钥发送给其他参与方,以便于后续对数据的加密传输或对目标资源的数字验签等。步骤S246,计算资源使用需求方与其他参与方共同利用上述目标资源,执行上述目标隐私计算任务。在一个示例中,假定图5中示出的计算资源发布方发布上述目标资源,则该计算资源发布方可以作为参与方,参与目标隐私计算任务的执行。As shown in FIG. 5, after step S240, the above interaction process may further include step S245 and step S246. In step S245, the computing resource usage requesting party sends the addressing information (such as IP address or domain name) of the target resource to other participating parties. In a specific embodiment, the public key of the target resource is also sent to other participants, so as to facilitate subsequent encrypted transmission of data or digital signature verification of the target resource. In step S246, the computing resource usage demander and other participants jointly use the above target resources to execute the above target privacy computing tasks. In an example, assuming that the computing resource issuer shown in FIG. 5 publishes the above-mentioned target resource, the computing resource issuer may participate in the execution of the target privacy computing task as a participant.
根据又一方面的实施例,在步骤S240之后,上述交互过程还可以包括:计算资源使用需求方向管理节点发送针对目标资源的授权使用请求;管理节点根据该授权使用请求生成对应的授权令牌,并发送给计算资源使用需求方;计算资源使用需求方将该授权令牌发送至上述其他参与方,之后,计算资源使用需求方和其他参与方各自向目标资源的发布方发送针对目标资源的资源使用请求,资源使用请求中包括授权令牌,在该发布方确定授权令牌通过验证后,向计算资源使用需求方和其他参与方开放目标资源的使用权限,允许其接入及使用目标资源。According to yet another embodiment, after step S240, the above-mentioned interaction process may further include: sending an authorization use request for the target resource to the management node from the computing resource usage demand direction; the management node generates a corresponding authorization token according to the authorization use request, And send it to the demander for computing resource use; the demander for computing resource use sends the authorization token to the above-mentioned other participants, after that, the demander for computing resource use and other participants each send resources for the target resource to the publisher of the target resource Use request, the resource use request includes an authorization token, and after the issuer confirms that the authorization token has passed the verification, open the use permission of the target resource to the computing resource usage demander and other participants, allowing them to access and use the target resource.
根据还一方面的实施例,在步骤S240之后,上述交互过程还可以包括:计算资源使用需求方向管理节点发送针对目标资源的授权使用请求,该授权使用请求中包括其他参与方的标识信息;管理节点根据计算资源使用需求方的标识生成第一授权令牌,并将该第一授权令牌发送至计算资源使用需求方,以及,管理节点根据其他参与方的标识生成第三授权令牌,并将该第三授权令牌发送至其他参与方;之后,计算资源使用需求方和其他参与方各自向目标资源的发布方发送针对目标资源的资源使用请求,资源使用请求中包括对应参与方的授权令牌,在发布方确定授权令牌通过验证后,向计算资源使用 需求方和其他参与方开放目标资源的使用权限,允许其接入及使用目标资源。如此,管理节点针对不同参与方分别发放授权令牌,可以防止授权令牌被盗用而造成目标资源被非法占用。According to yet another embodiment, after step S240, the above interaction process may further include: sending an authorized use request for the target resource to the management node from the computing resource usage request, and the authorized use request includes identification information of other participants; The node generates a first authorization token according to the identification of the computing resource usage demander, and sends the first authorization token to the computing resource usage demander, and the management node generates a third authorization token according to the identification of other participants, and Send the third authorization token to other participants; after that, the computing resource use demander and other participants each send a resource usage request for the target resource to the issuer of the target resource, and the resource usage request includes the authorization of the corresponding participant Token, after the issuer confirms that the authorization token has passed the verification, open the usage authority of the target resource to the computing resource usage demander and other participants, allowing them to access and use the target resource. In this way, the management node issues authorization tokens to different participants, which can prevent the authorization token from being stolen and cause the target resource to be illegally occupied.
在一个示例中,假定上述目标隐私计算任务是隐私数据统计任务,上述多方中的计算资源使用需求方和其他参与方分别为数据方A和数据方B,确定的目标资源是提供SGX DB服务的SGX服务器,基于此,图6示出根据一个实施例的执行隐私数据统计任务的架构示意图,数据方A和数据方B基于其安装的SGX客户端,分别利用SGX服务器的公钥对自身持有的隐私数据进行加密,并将得到的加密数据发送给SGX服务器;接着,数据方A向SGX服务器发送SQL查询语句,查询隐私数据的统计指标(如用户的年平均支出),此时,SGX服务器可以利用上述公钥对应的私钥,分别解密数据方A和数据方B发送的加密数据,并基于得到的解密数据计算该统计指标的指标值,进而将该指标值作为查询结果返回给数据方A。如此,可以通过多方协同完成对目标隐私计算任务的执行。In an example, it is assumed that the above-mentioned target privacy computing task is a privacy data statistics task, the computing resource usage demander and other participants in the above-mentioned multiple parties are data party A and data party B respectively, and the determined target resources are those that provide SGX DB services SGX server, based on this, Figure 6 shows a schematic diagram of the architecture of performing private data statistics tasks according to an embodiment, data party A and data party B are based on their installed SGX client, respectively use the public key of the SGX server to hold Encrypt the private data, and send the encrypted data to the SGX server; then, the data party A sends a SQL query statement to the SGX server to query the statistical indicators of the private data (such as the average annual expenditure of the user), at this time, the SGX server The private key corresponding to the above public key can be used to decrypt the encrypted data sent by data party A and data party B respectively, and calculate the index value of the statistical indicator based on the obtained decrypted data, and then return the index value to the data party as the query result a. In this way, the execution of the target privacy computing task can be completed through multi-party collaboration.
根据又一方面的实施例,在步骤S240之后,上述交互过程还可以包括:计算资源使用需求方向管理节点发送第一通知,其指示上述目标资源被该计算资源使用需求方使用;管理节点基于该第一通知,修改资源信息中目标资源的当前使用状态,例如,修改为使用中。进一步,在一个具体的实施例中,之后还可以包括:计算资源使用需求方向管理节点发送第二通知,其指示计算资源使用需求方停止使用该目标资源,或者说,指示计算资源使用需求方已解除对该目标资源的占用。由此,在一个更具体的实施例中,管理节点基于该第二通知,修改资源信息中目标资源的当前使用状态,例如,修改为空闲中。在另一个更具体的实施例中,管理节点基于该第一通知和第二通知,对计算资源使用需求方使用该目标资源产生的费用进行计算。在一个例子中,第一通知和第二通知中均包括目标资源的资源ID,以使管理节点可以快速查询到该目标资源。在一个例子中,第一通知和第二通知中各自包括时间戳,相应,可以根据计算得到的使用时长和预设的单位时长的使用单价,计算出对目标资源的使用费用。在另一个例子中,第一通知中还包括对目标资源使用的内存空间和计算芯片(如CPU、GPU、FPGA等)数量等信息,相应,还可以结合这些具体的使用信息进行使用费用的计算。在还一个例子中,管理节点可以获取目标资源的使用日志,并通过对使用日志进行分析,确定上述计算资源使用需求方和其他参与方对目标资源的使用信息,进而根据该使用信息和预先设定的收费标准,计算出使用费用。进一步,在一个示例中,上述第一通知和/或第二通知中可以包括参与任务执行的其他参与方的身份标识信息,以便于管理节点从使用日志中对应提 取出使用信息。According to yet another embodiment, after step S240, the above-mentioned interaction process may further include: sending a first notification to the management node from the computing resource usage demander, which indicates that the above-mentioned target resource is used by the computing resource usage demander; the management node based on the The first notification is to modify the current usage state of the target resource in the resource information, for example, to be in use. Further, in a specific embodiment, the subsequent step may also include: sending a second notification to the management node instructing the computing resource usage demander to stop using the target resource, or instructing the computing resource usage demander to stop using the target resource. Release the occupancy of the target resource. Therefore, in a more specific embodiment, based on the second notification, the management node modifies the current usage status of the target resource in the resource information, for example, modifies it to be idle. In another more specific embodiment, based on the first notification and the second notification, the management node calculates the cost generated by the computing resource usage requester for using the target resource. In an example, both the first notification and the second notification include the resource ID of the target resource, so that the management node can quickly query the target resource. In one example, the first notification and the second notification each include a time stamp, and correspondingly, the usage fee for the target resource can be calculated according to the calculated usage duration and the preset usage unit price per unit duration. In another example, the first notification also includes information such as the memory space used by the target resource and the number of computing chips (such as CPU, GPU, FPGA, etc.), and accordingly, the usage fee can be calculated in combination with these specific usage information . In another example, the management node can obtain the usage log of the target resource, and by analyzing the usage log, determine the usage information of the target resource by the above-mentioned computing resource usage demander and other participants, and then according to the usage information and preset Calculate the usage fee according to the specified charging standard. Further, in an example, the first notification and/or the second notification may include identification information of other participants participating in the task execution, so that the management node can correspondingly extract the usage information from the usage log.
由此,管理节点可以计算出执行上述目标隐私计算任务的过程中使用上述目标资源而产生的费用,进而向计算资源使用需求方收取该费用,或者,向计算资源使用需求方和其他参与方收取费用,例如,可以根据计算资源使用需求方和其他参与方的参与方总数量,对总费用进行均分,再根据均分后的费用向各个参与方分别收取。进一步,管理节点可以从收取到的总费用中抽取一部分作为手续费,将剩余部分转入目标资源的发布方的账户。如此,可以实现计算资源使用需求方、发布方和管理节点的共同受益,合作共赢。As a result, the management node can calculate the cost of using the above-mentioned target resources in the process of performing the above-mentioned target privacy computing tasks, and then charge the fee to the computing resource usage demander, or charge the computing resource usage demander and other participants Fees, for example, can be divided equally according to the total number of participants of computing resource usage demanders and other participants, and then charged to each participant according to the equally divided fees. Furthermore, the management node can draw a part of the total fee collected as a handling fee, and transfer the remaining part to the account of the publisher of the target resource. In this way, it is possible to realize the mutual benefits of computing resource usage demanders, publishers and management nodes, and win-win cooperation.
综上,在本说明书实施例披露的隐私计算中计算资源的确定方法中,管理节点支持计算资源持有方对其持有的计算资源进行注册,从而建立资源池,由此,具有计算资源使用需求的需求方,可以向管理节点发送资源查询请求,并基于管理节点返回的资源列表,确定用于执行目标隐私计算任务的目标资源,进而该计算资源使用需求方可以协同其他参与方,共同利用目标资源,完成对目标隐私计算任务的执行。如此,通过引入管理节点建立并管理计算资源池,使得计算资源的持有方和需求方可以方便、快捷地实现对资源的发布和发现。To sum up, in the method for determining computing resources in privacy computing disclosed in the embodiment of this specification, the management node supports computing resource holders to register their computing resources, thereby establishing a resource pool. The demander of the demand can send a resource query request to the management node, and based on the resource list returned by the management node, determine the target resource used to perform the target privacy computing task, and then the computing resource usage demander can cooperate with other participants to jointly use The target resource completes the execution of the target privacy computing task. In this way, by introducing management nodes to establish and manage computing resource pools, the holders and demanders of computing resources can release and discover resources conveniently and quickly.
与上述确定方法相对应的,本说明书实施例还披露确定装置和确定系统。Corresponding to the above determination method, the embodiment of this specification also discloses a determination device and a determination system.
图7示出根据一个实施例的隐私计算中计算资源的确定装置结构示意图,所述装置集成于管理节点。如图7所示,所述装置700包括:Fig. 7 shows a schematic structural diagram of an apparatus for determining computing resources in privacy computing according to an embodiment, and the apparatus is integrated in a management node. As shown in Figure 7, the device 700 includes:
查询请求接收单元710,配置为从计算资源使用需求方接收针对计算资源的查询请求,其中计算资源是支持隐私算法的公共资源,所述计算资源预先注册在所述管理节点;资源列表确定单元720,配置为基于所述查询请求和本地注册的多个计算资源的资源信息,确定资源列表;资源列表发送单元730,配置为向所述计算资源使用需求方发送所述资源列表,以使得所述计算资源使用需求方从所述资源列表中确定目标资源,用于执行目标隐私计算任务。The query request receiving unit 710 is configured to receive a query request for computing resources from a computing resource usage demander, wherein the computing resources are public resources that support privacy algorithms, and the computing resources are pre-registered at the management node; the resource list determining unit 720 , configured to determine a resource list based on the query request and the resource information of a plurality of locally registered computing resources; the resource list sending unit 730 is configured to send the resource list to the computing resource usage demander, so that the The computing resource usage demander determines the target resource from the resource list to execute the target privacy computing task.
在一个实施例中,所述查询请求中包括针对所述目标隐私计算任务采用的目标隐私算法,所述资源信息中包括计算资源支持的隐私算法;所述资源列表确定单元720具体配置为:确定支持所述目标隐私算法的若干计算资源,形成所述资源列表。In one embodiment, the query request includes the target privacy algorithm adopted for the target privacy computing task, and the resource information includes the privacy algorithm supported by the computing resource; the resource list determining unit 720 is specifically configured to: determine Several computing resources supporting the target privacy algorithm form the resource list.
在一个具体的实施例中,所述资源列表确定单元720进一步配置为:将所述若干计算资源的当前使用状态信息包含在所述资源列表中。In a specific embodiment, the resource list determining unit 720 is further configured to: include the current usage status information of the several computing resources in the resource list.
在一个实施例中,所述资源信息中包括计算资源支持的隐私算法;所述资源列表确定单元720具体配置为:确定所述多个计算资源中当前处于空闲状态的若干计算资源;根据所述若干计算资源和其中各个计算资源支持的隐私算法,确定所述资源列表。In one embodiment, the resource information includes privacy algorithms supported by computing resources; the resource list determining unit 720 is specifically configured to: determine several computing resources that are currently idle among the multiple computing resources; according to the A plurality of computing resources and privacy algorithms supported by each computing resource determine the resource list.
在一个实施例中,所述装置还包括:第一通知接收单元742,配置为从所述计算资源使用需求方接收第一通知,其指示所述目标资源被所述计算资源使用需求方使用;第一状态更新单元744,配置为根据所述第一通知,更新所述资源信息中目标资源的使用状态。In one embodiment, the apparatus further includes: a first notification receiving unit 742 configured to receive a first notification from the computing resource usage demander, which indicates that the target resource is used by the computing resource usage demander; The first status updating unit 744 is configured to update the usage status of the target resource in the resource information according to the first notification.
在一个具体的实施例中,所述装置700还包括:第二通知接收单元752,配置为从所述计算资源使用需求方接收第二通知,其指示所述计算资源使用需求方停止使用所述目标资源;第二状态更新单元754,配置为根据所述第二通知,更新所述资源信息中目标资源的使用状态;费用计算单元756,配置为基于所述第一通知和第二通知,计算所述计算资源使用需求方使用所述目标资源产生的费用。In a specific embodiment, the apparatus 700 further includes: a second notification receiving unit 752 configured to receive a second notification from the computing resource usage demander, which instructs the computing resource usage demander to stop using the The target resource; the second status update unit 754 is configured to update the usage status of the target resource in the resource information according to the second notification; the fee calculation unit 756 is configured to calculate based on the first notification and the second notification The computing resources use the costs generated by the demand side for using the target resources.
在一个实施例中,所述资源列表中包括其中各个计算资源的IP地址。In one embodiment, the resource list includes IP addresses of each computing resource therein.
在一个实施例中,所述装置700还包括:注册请求接收单元762,配置为从计算资源持有方接收注册请求,其中包括针对计算资源的注册信息,所述注册信息包括对应计算资源支持的隐私算法;注册信息存储单元764,配置为在所述注册请求通过审核的情况下,将所述注册信息归入所述资源信息。In one embodiment, the apparatus 700 further includes: a registration request receiving unit 762 configured to receive a registration request from the computing resource holder, which includes registration information for the computing resource, and the registration information includes the information supported by the corresponding computing resource. Privacy algorithm; registration information storage unit 764, configured to include the registration information into the resource information when the registration request is approved.
在一个具体的实施例中,注册信息存储单元764具体配置为:为所述注册请求对应的计算资源分配资源ID;对所述资源ID和注册信息进行关联存储。In a specific embodiment, the registration information storage unit 764 is specifically configured to: allocate a resource ID to the computing resource corresponding to the registration request; and associate and store the resource ID and registration information.
在一个实施例中,所述注册信息还包括以下中的至少一项:对应计算资源的IP地址,域名,公钥。In one embodiment, the registration information further includes at least one of the following: IP address, domain name, and public key of the corresponding computing resource.
图8示出根据另一个实施例的隐私计算中计算资源的确定装置结构示意图,所述装置集成于计算资源使用需求方。如图8所示,所述装置800包括:Fig. 8 shows a schematic structural diagram of an apparatus for determining computing resources in privacy computing according to another embodiment, and the apparatus is integrated in a demand side for computing resource usage. As shown in Figure 8, the device 800 includes:
查询请求发送单元810,配置为向管理节点发送针对计算资源的查询请求,其中计算资源是支持隐私算法的公共资源,所述计算资源预先注册在所述管理节点;资源列表接收单元820,配置为从所述管理节点接收资源列表,该资源列表基于所述查询请求和本地注册的多个计算资源的资源信息而确定;目标资源确定单元830,配置为基于所述资源列表,确定用于执行目标隐私计算任务的目标资源。The query request sending unit 810 is configured to send a query request for computing resources to the management node, where the computing resources are public resources that support privacy algorithms, and the computing resources are pre-registered at the management node; the resource list receiving unit 820 is configured to Receive a resource list from the management node, the resource list is determined based on the query request and the resource information of a plurality of locally registered computing resources; the target resource determining unit 830 is configured to determine an execution target based on the resource list Target resource for private computing tasks.
在一个实施例中,所述查询请求发送单元810还配置为:确定针对所述目标隐私计 算任务采用的目标隐私算法,并将该目标隐私算法包含在所述查询请求中。In one embodiment, the query request sending unit 810 is further configured to: determine the target privacy algorithm adopted for the target privacy computing task, and include the target privacy algorithm in the query request.
在一个具体的实施例中,目标资源确定单元830具体配置为:从所述资源列表中随机选取一个计算资源,作为所述目标资源。In a specific embodiment, the target resource determining unit 830 is specifically configured to: randomly select a computing resource from the resource list as the target resource.
在一个具体的实施例中,所述资源列表包括其中各个计算资源的当前使用状态信息;目标资源确定单元830具体配置为:从所述资源列表中选取当前使用状态为空闲状态的计算资源,作为所述目标资源。In a specific embodiment, the resource list includes current usage status information of each computing resource; the target resource determining unit 830 is specifically configured to: select a computing resource whose current usage status is idle from the resource list, as The target resource.
在一个实施例中,所述资源列表中包括其中各个计算资源支持的隐私算法;目标资源确定单元830具体配置为:基于针对所述目标隐私计算任务采用的目标隐私算法,从所述资源列表中选取支持目标隐私算法的计算资源,作为所述目标资源。In one embodiment, the resource list includes privacy algorithms supported by each computing resource; the target resource determining unit 830 is specifically configured to: based on the target privacy algorithm adopted for the target privacy computing task, select from the resource list A computing resource that supports the target privacy algorithm is selected as the target resource.
在一个实施例中,所述装置800还包括:IP地址发送单元840,配置为将所述目标资源的IP地址发送给其他参与方;隐私任务执行单元850,配置为利用所述目标资源,与所述其他参与方共同执行所述目标隐私计算任务。In one embodiment, the apparatus 800 further includes: an IP address sending unit 840, configured to send the IP address of the target resource to other participants; a privacy task execution unit 850, configured to utilize the target resource, and The other participants jointly execute the target privacy computing task.
本说明书实施例还披露一种隐私计算中计算资源的确定系统。该确定系统包括:The embodiment of this specification also discloses a system for determining computing resources in privacy computing. The determination system includes:
计算资源使用需求方,用于向管理节点发送针对计算资源的查询请求,其中计算资源是支持隐私算法的公共资源,所述计算资源预先注册在所述管理节点;所述管理节点,用于基于所述查询请求和其本地注册的多个计算资源的资源信息,确定资源列表,以及向所述计算资源使用需求方发送所述资源列表;所述计算资源使用需求方,用于基于所述资源列表,确定用于执行目标隐私计算任务的目标资源。Computing resource use demand side, used to send a query request for computing resources to the management node, wherein the computing resources are public resources that support privacy algorithms, and the computing resources are pre-registered with the management node; the management node is used to The query request and resource information of a plurality of computing resources registered locally, determining a resource list, and sending the resource list to the computing resource usage demander; the computing resource usage demander is configured to list, identifying the target resource for performing the target private computing task.
在一个实施例中,所述计算资源使用需求方还用于:确定针对目标隐私计算任务采用的目标隐私算法,并将该目标隐私算法包含在所述查询请求中;所述管理节点具体用于:确定支持所述目标隐私算法的若干计算资源,形成所述资源列表。In one embodiment, the computing resource usage requester is further configured to: determine the target privacy algorithm adopted for the target privacy computing task, and include the target privacy algorithm in the query request; the management node is specifically used to : Determine a number of computing resources supporting the target privacy algorithm, and form the resource list.
在一个具体的实施例中,所述管理节点还用于:将所述若干计算资源的当前使用状态信息包含在所述资源列表中;所述计算资源使用需求方具体用于:从所述资源列表中选取当前使用状态为空闲状态的计算资源,作为所述目标资源。In a specific embodiment, the management node is further configured to: include the current usage status information of the several computing resources in the resource list; the computing resource usage demander is specifically configured to: A computing resource whose current use state is idle is selected from the list as the target resource.
在另一个具体的实施例中,所述管理节点具体用于:基于所述若干计算资源的当前使用状态信息,从该若干计算资源中选取当前使用状态为空闲状态的计算资源,形成所述资源列表;所述计算资源使用需求方具体用于:将资源列表中的计算资源,确定为所述目标资源。In another specific embodiment, the management node is specifically configured to: select a computing resource whose current usage state is idle from the several computing resources based on the current usage state information of the several computing resources, and form the resource list; the computing resource use demander is specifically configured to: determine the computing resource in the resource list as the target resource.
在一个实施例中,所述管理节点具体用于:确定所述多个计算资源中当前处于空闲状态的若干计算资源,形成所述资源列表;所述计算资源使用需求方具体用于:基于针对所述目标隐私计算任务采用的目标隐私算法,从所述资源列表中选取支持目标隐私算法的计算资源,作为所述目标资源。In one embodiment, the management node is specifically configured to: determine several computing resources that are currently idle among the multiple computing resources, and form the resource list; the computing resource usage demander is specifically configured to: based on For the target privacy algorithm adopted by the target privacy computing task, computing resources supporting the target privacy algorithm are selected from the resource list as the target resource.
根据另一方面的实施例,还提供一种计算机可读存储介质,其上存储有计算机程序,当所述计算机程序在计算机中执行时,令计算机执行结合图2或图5所描述的方法。According to another embodiment, there is also provided a computer-readable storage medium on which a computer program is stored. When the computer program is executed in a computer, the computer is instructed to execute the method described in conjunction with FIG. 2 or FIG. 5 .
根据再一方面的实施例,还提供一种计算设备,包括存储器和处理器,所述存储器中存储有可执行代码,所述处理器执行所述可执行代码时,实现结合图2或图5所述的方法。According to yet another embodiment, there is also provided a computing device, including a memory and a processor, wherein executable code is stored in the memory, and when the processor executes the executable code, the implementation in conjunction with FIG. 2 or FIG. 5 is realized. the method described.
本领域技术人员应该可以意识到,在上述一个或多个示例中,本发明所描述的功能可以用硬件、软件、固件或它们的任意组合来实现。当使用软件实现时,可以将这些功能存储在计算机可读介质中或者作为计算机可读介质上的一个或多个指令或代码进行传输。Those skilled in the art should be aware that, in the above one or more examples, the functions described in the present invention may be implemented by hardware, software, firmware or any combination thereof. When implemented in software, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium.
以上所述的具体实施方式,对本发明的目的、技术方案和有益效果进行了进一步详细说明,所应理解的是,以上所述仅为本发明的具体实施方式而已,并不用于限定本发明的保护范围,凡在本发明的技术方案的基础之上,所做的任何修改、等同替换、改进等,均应包括在本发明的保护范围之内。The specific embodiments described above have further described the purpose, technical solutions and beneficial effects of the present invention in detail. It should be understood that the above descriptions are only specific embodiments of the present invention and are not intended to limit the scope of the present invention. Protection scope, any modification, equivalent replacement, improvement, etc. made on the basis of the technical solution of the present invention shall be included in the protection scope of the present invention.

Claims (25)

  1. 一种隐私计算中计算资源的确定方法,所述方法由管理节点执行,所述方法包括:A method for determining computing resources in privacy computing, the method is executed by a management node, and the method includes:
    从计算资源使用需求方接收针对计算资源的查询请求,其中计算资源是支持隐私算法的公共资源,所述计算资源预先注册在所述管理节点;Receive a query request for computing resources from a computing resource usage demander, where the computing resources are public resources that support privacy algorithms, and the computing resources are pre-registered at the management node;
    基于所述查询请求和本地注册的多个计算资源的资源信息,确定资源列表;determining a resource list based on the query request and resource information of a plurality of locally registered computing resources;
    向所述计算资源使用需求方发送所述资源列表,以使得所述计算资源使用需求方从所述资源列表中确定目标资源,用于执行目标隐私计算任务。Sending the resource list to the computing resource usage demander, so that the computing resource usage demander determines a target resource from the resource list for executing a target privacy computing task.
  2. 根据权利要求1所述的方法,其中,所述查询请求中包括针对所述目标隐私计算任务采用的目标隐私算法,所述资源信息中包括计算资源支持的隐私算法;其中,基于所述查询请求和本地注册的多个计算资源的资源信息,确定资源列表,包括:The method according to claim 1, wherein the query request includes a target privacy algorithm adopted for the target privacy computing task, and the resource information includes a privacy algorithm supported by computing resources; wherein, based on the query request and the resource information of multiple computing resources registered locally to determine the resource list, including:
    确定支持所述目标隐私算法的若干计算资源,形成所述资源列表。A number of computing resources supporting the target privacy algorithm are determined to form the resource list.
  3. 根据权利要求2所述的方法,还包括:The method of claim 2, further comprising:
    将所述若干计算资源的当前使用状态信息包含在所述资源列表中。Include the current usage state information of the several computing resources in the resource list.
  4. 根据权利要求1所述的方法,其中,所述资源信息中包括计算资源支持的隐私算法;其中,基于所述查询请求和本地注册的多个计算资源的资源信息,确定资源列表,包括:The method according to claim 1, wherein the resource information includes a privacy algorithm supported by computing resources; wherein, based on the query request and resource information of a plurality of locally registered computing resources, determining a resource list includes:
    确定所述多个计算资源中当前处于空闲状态的若干计算资源;determining a number of computing resources that are currently in an idle state among the plurality of computing resources;
    根据所述若干计算资源和其中各个计算资源支持的隐私算法,确定所述资源列表。The resource list is determined according to the plurality of computing resources and the privacy algorithm supported by each of the computing resources.
  5. 根据权利要求1所述的方法,其中,在向所述计算资源使用需求方发送所述资源列表之后,所述方法还包括:The method according to claim 1, wherein, after sending the resource list to the computing resource usage demander, the method further comprises:
    从所述计算资源使用需求方接收第一通知,其指示所述目标资源被所述计算资源使用需求方使用;receiving a first notification from the computing resource usage demander indicating that the target resource is used by the computing resource usage demander;
    根据所述第一通知,更新所述资源信息中目标资源的使用状态。According to the first notification, update the usage status of the target resource in the resource information.
  6. 根据权利要求5所述的方法,其中,在从所述计算资源使用需求方接收第一通知之后,所述方法还包括:The method according to claim 5, wherein, after receiving the first notification from the computing resource usage demander, the method further comprises:
    从所述计算资源使用需求方接收第二通知,其指示所述计算资源使用需求方停止使用所述目标资源;receiving a second notification from the computing resource usage demander, which instructs the computing resource usage demander to stop using the target resource;
    根据所述第二通知,更新所述资源信息中目标资源的使用状态;updating the usage status of the target resource in the resource information according to the second notification;
    基于所述第一通知和第二通知,计算所述计算资源使用需求方使用所述目标资源产生的费用。Based on the first notification and the second notification, calculate the cost generated by the computing resource usage demand side for using the target resource.
  7. 根据权利要求1-6中任一项所述的方法,其中,所述资源列表中包括其中各个计 算资源的IP地址。The method according to any one of claims 1-6, wherein the resource list includes the IP addresses of each computing resource therein.
  8. 根据权利要求1所述的方法,其中,在从计算资源使用需求方接收针对计算资源的查询请求之前,所述方法还包括:The method according to claim 1, wherein, before receiving a query request for computing resources from a computing resource usage demander, the method further comprises:
    从计算资源持有方接收注册请求,其中包括针对计算资源的注册信息,所述注册信息包括对应计算资源支持的隐私算法;Receive a registration request from a computing resource holder, including registration information for the computing resource, where the registration information includes a privacy algorithm supported by the corresponding computing resource;
    在所述注册请求通过审核的情况下,将所述注册信息归入所述资源信息。In the case that the registration request is approved, the registration information is included in the resource information.
  9. 根据权利要求8所述的方法,其中,将所述注册信息归入所述资源信息,包括:The method according to claim 8, wherein categorizing the registration information into the resource information comprises:
    为所述注册请求对应的计算资源分配资源ID;Allocating a resource ID to the computing resource corresponding to the registration request;
    对所述资源ID和注册信息进行关联存储。The resource ID and the registration information are associated and stored.
  10. 根据权利要求8或9所述的方法,其中,所述注册信息还包括以下中的至少一项:对应计算资源的IP地址,域名,公钥。The method according to claim 8 or 9, wherein the registration information further includes at least one of the following: IP address, domain name, and public key of the corresponding computing resource.
  11. 一种隐私计算中计算资源的确定方法,所述方法由计算资源使用需求方执行,所述方法包括:A method for determining computing resources in privacy computing, the method is executed by a computing resource usage demander, and the method includes:
    向管理节点发送针对计算资源的查询请求,其中计算资源是支持隐私算法的公共资源,所述计算资源预先注册在所述管理节点;Send a query request for computing resources to the management node, where the computing resources are public resources that support privacy algorithms, and the computing resources are pre-registered with the management node;
    从所述管理节点接收资源列表,该资源列表基于所述查询请求和本地注册的多个计算资源的资源信息而确定;receiving a resource list from the management node, the resource list being determined based on the query request and resource information of a plurality of locally registered computing resources;
    基于所述资源列表,确定用于执行目标隐私计算任务的目标资源。Based on the resource list, a target resource for executing a target privacy computing task is determined.
  12. 根据权利要求11所述的方法,其中,所述方法还包括:The method according to claim 11, wherein the method further comprises:
    确定针对所述目标隐私计算任务采用的目标隐私算法,并将该目标隐私算法包含在所述查询请求中。Determine the target privacy algorithm adopted for the target privacy computing task, and include the target privacy algorithm in the query request.
  13. 根据权利要求12所述的方法,所述资源列表包括其中各个计算资源的当前使用状态信息;其中,基于所述资源列表,确定用于执行目标隐私计算任务的目标资源,包括:The method according to claim 12, wherein the resource list includes current usage status information of each computing resource; wherein, based on the resource list, determining a target resource for executing a target privacy computing task comprises:
    从所述资源列表中选取当前使用状态为空闲状态的计算资源,作为所述目标资源。Selecting a computing resource that is currently in an idle state from the resource list as the target resource.
  14. 根据权利要求11所述的方法,其中,所述资源列表中包括其中各个计算资源支持的隐私算法;其中,基于所述资源列表,确定用于执行目标隐私计算任务的目标资源,包括:The method according to claim 11, wherein the resource list includes privacy algorithms supported by each computing resource; wherein, based on the resource list, determining a target resource for executing a target privacy computing task includes:
    基于针对所述目标隐私计算任务采用的目标隐私算法,从所述资源列表中选取支持目标隐私算法的计算资源,作为所述目标资源。Based on the target privacy algorithm adopted for the target privacy computing task, a computing resource supporting the target privacy algorithm is selected from the resource list as the target resource.
  15. 根据权利要求11所述的方法,其中,在确定用于执行目标隐私计算任务的目标 资源之后,所述方法还包括:The method according to claim 11, wherein, after determining the target resource for performing the target privacy computing task, the method further comprises:
    将所述目标资源的IP地址发送给其他参与方;sending the IP address of the target resource to other participants;
    利用所述目标资源,与所述其他参与方共同执行所述目标隐私计算任务。Using the target resource, jointly execute the target privacy computing task with the other participants.
  16. 一种隐私计算中计算资源的确定方法,包括:A method for determining computing resources in privacy computing, comprising:
    计算资源使用需求方向管理节点发送针对计算资源的查询请求,其中计算资源是支持隐私算法的公共资源,所述计算资源预先注册在所述管理节点;Sending a query request for computing resources to the management node on demand for computing resources, where the computing resources are public resources that support privacy algorithms, and the computing resources are pre-registered with the management node;
    所述管理节点基于所述查询请求和其本地注册的多个计算资源的资源信息,确定资源列表;The management node determines a resource list based on the query request and resource information of a plurality of computing resources locally registered by it;
    所述管理节点向所述计算资源使用需求方发送所述资源列表;The management node sends the resource list to the computing resource usage demander;
    所述计算资源使用需求方基于所述资源列表,确定用于执行目标隐私计算任务的目标资源。Based on the resource list, the computing resource usage demander determines the target resource for executing the target privacy computing task.
  17. 根据权利要求16所述的方法,其中,所述方法还包括:所述计算资源使用需求方确定针对目标隐私计算任务采用的目标隐私算法,并将该目标隐私算法包含在所述查询请求中;The method according to claim 16, wherein, the method further comprises: the computing resource utilization requesting party determining the target privacy algorithm adopted for the target privacy computing task, and including the target privacy algorithm in the query request;
    其中,所述管理节点基于所述查询请求和其存储的多个计算资源的资源信息,确定资源列表,包括:确定支持所述目标隐私算法的若干计算资源,形成所述资源列表。Wherein, the management node determines a resource list based on the query request and resource information of multiple computing resources stored therein, including: determining several computing resources supporting the target privacy algorithm to form the resource list.
  18. 根据权利要求17所述的方法,其中,所述方法还包括:所述管理节点将所述若干计算资源的当前使用状态信息包含在所述资源列表中;The method according to claim 17, wherein the method further comprises: the management node includes current usage status information of the several computing resources in the resource list;
    其中,所述计算资源使用需求方基于所述资源列表,确定用于执行目标隐私计算任务的目标资源,包括:从所述资源列表中选取当前使用状态为空闲状态的计算资源,作为所述目标资源。Wherein, the computing resource use requesting party determines the target resource for executing the target privacy computing task based on the resource list, including: selecting a computing resource that is currently in an idle state from the resource list as the target resource.
  19. 根据权利要求17所述的方法,其中,确定支持所述目标隐私算法的若干计算资源,形成所述资源列表,包括:所述管理节点基于所述若干计算资源的当前使用状态信息,从该若干计算资源中选取当前使用状态为空闲状态的计算资源,形成所述资源列表;The method according to claim 17, wherein determining several computing resources that support the target privacy algorithm and forming the resource list includes: the management node, based on the current usage status information of the several computing resources, from the several Selecting computing resources whose current use status is idle from the computing resources to form the resource list;
    其中,所述计算资源使用需求方基于所述资源列表,确定用于执行目标隐私计算任务的目标资源,包括:所述计算资源使用需求方将资源列表中的计算资源,确定为所述目标资源。Wherein, the computing resource usage demander determines the target resource for executing the target privacy computing task based on the resource list, including: the computing resource usage demander determines the computing resource in the resource list as the target resource .
  20. 根据权利要求17所述的方法,其中,所述管理节点基于所述查询请求和其存储的多个计算资源的资源信息,确定资源列表,包括:确定所述多个计算资源中当前处于空闲状态的若干计算资源,形成所述资源列表;The method according to claim 17, wherein the management node determines the resource list based on the query request and the resource information of multiple computing resources stored therein, comprising: determining that the multiple computing resources are currently in an idle state A number of computing resources to form the resource list;
    其中,基于所述资源列表,确定用于执行目标隐私计算任务的目标资源,包括:基 于针对所述目标隐私计算任务采用的目标隐私算法,从所述资源列表中选取支持目标隐私算法的计算资源,作为所述目标资源。Wherein, based on the resource list, determining the target resource for executing the target privacy computing task includes: based on the target privacy algorithm adopted for the target privacy computing task, selecting computing resources supporting the target privacy algorithm from the resource list , as the target resource.
  21. 一种隐私计算中计算资源的确定装置,所述装置集成于管理节点,所述装置包括:A device for determining computing resources in privacy computing, the device is integrated in a management node, and the device includes:
    查询请求接收单元,配置为从计算资源使用需求方接收针对计算资源的查询请求,其中计算资源是支持隐私算法的公共资源,所述计算资源预先注册在所述管理节点;The query request receiving unit is configured to receive a query request for computing resources from a demander for computing resources, where the computing resources are public resources that support privacy algorithms, and the computing resources are pre-registered at the management node;
    资源列表确定单元,配置为基于所述查询请求和本地注册的多个计算资源的资源信息,确定资源列表;A resource list determining unit configured to determine a resource list based on the query request and resource information of a plurality of locally registered computing resources;
    资源列表发送单元,配置为向所述计算资源使用需求方发送所述资源列表,以使得所述计算资源使用需求方从所述资源列表中确定目标资源,用于执行目标隐私计算任务。A resource list sending unit configured to send the resource list to the computing resource usage demander, so that the computing resource usage demander can determine target resources from the resource list for executing target privacy computing tasks.
  22. 一种隐私计算中计算资源的确定装置,所述装置集成于计算资源使用需求方,所述装置包括:A device for determining computing resources in privacy computing, the device is integrated with a computing resource usage demand side, and the device includes:
    查询请求发送单元,配置为向管理节点发送针对计算资源的查询请求,其中计算资源是支持隐私算法的公共资源,所述计算资源预先注册在所述管理节点;A query request sending unit configured to send a query request for computing resources to a management node, where the computing resources are public resources that support privacy algorithms, and the computing resources are pre-registered with the management node;
    资源列表接收单元,配置为从所述管理节点接收资源列表,该资源列表基于所述查询请求和本地注册的多个计算资源的资源信息而确定;A resource list receiving unit configured to receive a resource list from the management node, the resource list is determined based on the query request and resource information of a plurality of locally registered computing resources;
    目标资源确定单元,配置为基于所述资源列表,确定用于执行目标隐私计算任务的目标资源。The target resource determining unit is configured to determine a target resource for executing a target privacy computing task based on the resource list.
  23. 一种隐私计算中计算资源的确定系统,包括:A system for determining computing resources in privacy computing, including:
    计算资源使用需求方,用于向管理节点发送针对计算资源的查询请求,其中计算资源是支持隐私算法的公共资源,所述计算资源预先注册在所述管理节点;The demander for computing resource use is used to send a query request for computing resources to the management node, where the computing resources are public resources that support privacy algorithms, and the computing resources are pre-registered with the management node;
    所述管理节点,用于基于所述查询请求和其本地注册的多个计算资源的资源信息,确定资源列表,以及向所述计算资源使用需求方发送所述资源列表;The management node is configured to determine a resource list based on the query request and resource information of a plurality of computing resources locally registered by it, and send the resource list to the computing resource usage demander;
    所述计算资源使用需求方,还用于基于所述资源列表,确定用于执行目标隐私计算任务的目标资源。The computing resource usage demand side is further configured to determine target resources for executing target privacy computing tasks based on the resource list.
  24. 一种计算机可读存储介质,其上存储有计算机程序,其中,当所述计算机程序在计算机中执行时,令计算机执行权利要求1-20中任一项的所述的方法。A computer-readable storage medium, on which a computer program is stored, wherein, when the computer program is executed in a computer, the computer is caused to execute the method described in any one of claims 1-20.
  25. 一种计算设备,包括存储器和处理器,其中,所述存储器中存储有可执行代码,所述处理器执行所述可执行代码时,实现权利要求1-20中任一项所述的方法。A computing device, comprising a memory and a processor, wherein executable code is stored in the memory, and the method according to any one of claims 1-20 is implemented when the processor executes the executable code.
PCT/CN2022/094323 2021-06-25 2022-05-23 Method, apparatus, and system for determining computation resource in privacy computation WO2022267787A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202110713060.8 2021-06-25
CN202110713060.8A CN115525919A (en) 2021-06-25 2021-06-25 Method, device and system for determining computing resources in privacy computing

Publications (1)

Publication Number Publication Date
WO2022267787A1 true WO2022267787A1 (en) 2022-12-29

Family

ID=84544076

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/094323 WO2022267787A1 (en) 2021-06-25 2022-05-23 Method, apparatus, and system for determining computation resource in privacy computation

Country Status (2)

Country Link
CN (1) CN115525919A (en)
WO (1) WO2022267787A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106453146A (en) * 2016-11-17 2017-02-22 华胜信泰信息产业发展有限公司 Private cloud computing resource distribution method and system
CN106502796A (en) * 2016-10-27 2017-03-15 广东浪潮大数据研究有限公司 A kind of software development test platform, system and using method
US20190294471A1 (en) * 2016-11-30 2019-09-26 Yokogawa Electric Corporation Information processing device, resource allocation system, and resource allocation method
CN111355731A (en) * 2020-02-28 2020-06-30 北京奇艺世纪科技有限公司 Resource access method, device, resource access system, equipment and storage medium
CN112787812A (en) * 2021-01-15 2021-05-11 中国工商银行股份有限公司 Block chain-based calculation job processing method, device and system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106502796A (en) * 2016-10-27 2017-03-15 广东浪潮大数据研究有限公司 A kind of software development test platform, system and using method
CN106453146A (en) * 2016-11-17 2017-02-22 华胜信泰信息产业发展有限公司 Private cloud computing resource distribution method and system
US20190294471A1 (en) * 2016-11-30 2019-09-26 Yokogawa Electric Corporation Information processing device, resource allocation system, and resource allocation method
CN111355731A (en) * 2020-02-28 2020-06-30 北京奇艺世纪科技有限公司 Resource access method, device, resource access system, equipment and storage medium
CN112787812A (en) * 2021-01-15 2021-05-11 中国工商银行股份有限公司 Block chain-based calculation job processing method, device and system

Also Published As

Publication number Publication date
CN115525919A (en) 2022-12-27

Similar Documents

Publication Publication Date Title
Aledhari et al. Federated learning: A survey on enabling technologies, protocols, and applications
US11030681B2 (en) Intermediate blockchain system for managing transactions
Lopez et al. A multi-layered blockchain framework for smart mobility data-markets
US11568437B2 (en) Systems, methods, and apparatuses for implementing commerce rewards across tenants for commerce cloud customers utilizing blockchain
JP7304118B2 (en) Secure, consensual endorsements for self-monitoring blockchains
US20210357997A1 (en) Benefit allocation method, apparatus, and electronic device
EP3655905B1 (en) Distributed ledger technology
CN109447648A (en) The method of recorded data zone block, accounting nodes and medium in block chain network
TW202024944A (en) Data sharing method, apparatus, and system, and electronic device
WO2020082883A1 (en) Object selection method and device and electronic device
CN108428122A (en) It is a kind of distribution account book on trade financing method and system
WO2020182005A1 (en) Method for information processing in digital asset certificate inheritance transfer, and related device
CN109102269A (en) Transfer account method and device, block chain node and storage medium based on block chain
US11488156B2 (en) Confidential asset transaction system
EP4000236A1 (en) Secure resource management to prevent fraudulent resource access
WO2022257720A1 (en) Method, apparatus, and system for multi-party algorithm negotiation for privacy computing
CN112861084A (en) Service processing method, device, equipment and computer readable storage medium
US20230142659A1 (en) System and method for registering share of asset of which owner cannot be specified or ownership does not exist
Lazareva et al. The Innovative Blockchain Technology in the Sharing Economy Subject Decision Making
KR102128875B1 (en) Method and system for distributing revenue on project results generated by a specialist based on contribution information
KR102240888B1 (en) Method and system for managing project results generated by a specialist based on bigdata stored in blockchain
WO2022267787A1 (en) Method, apparatus, and system for determining computation resource in privacy computation
KR102128874B1 (en) Method and system for managing project results generated by a specialist based on contribution information
WO2021262073A1 (en) Method and system for controlling a bidding process
WO2020062119A1 (en) Method and system for incentivizing data exchange

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22827284

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE