CN113014625B

CN113014625B - Task processing method and device for task processing

Info

Publication number: CN113014625B
Application number: CN202110178290.9A
Authority: CN
Inventors: 李艺
Original assignee: Huakong Tsingjiao Information Technology Beijing Co Ltd
Current assignee: Huakong Tsingjiao Information Technology Beijing Co Ltd
Priority date: 2021-02-09
Filing date: 2021-02-09
Publication date: 2023-04-07
Anticipated expiration: 2041-02-09
Also published as: CN113014625A

Abstract

The embodiment of the invention provides a task processing method and device and a task processing device. The method comprises the following steps: receiving port registration information sent by a computing node, wherein the port registration information comprises a cluster address of a computing engine cluster to which the computing node belongs and a flow port registered by the computing node, and the flow port comprises a reverse proxy port of the computing engine cluster to which the computing node belongs or a self port of the computing node; sending configuration information of a security computing task to a task participating node, wherein the configuration information comprises description information of the security computing task and port registration information of the computing node participating in the security computing task, so that the task participating node interacts with the computing node through a flow port registered by the computing node to complete the security computing task. The embodiment of the invention can improve the safety of the multi-party safety computing system on the basis of ensuring the flexibility of the configuration of the computing engine cluster.

Description

Task processing method and device for task processing

Technical Field

The present invention relates to the field of computer technologies, and in particular, to a method and an apparatus for task processing.

Background

MPC (Secure Muti-Party computing) is an algorithm that protects data privacy and security. And a plurality of participants can perform collaborative calculation by using a multi-party security calculation technology on the premise of not leaking self data to obtain a calculation result.

A common technology of multi-party secure computing is called secret sharing, and the basic idea is that data is fragmented to different computing engine clusters, the computing engine clusters use a specified secure computing protocol to compute the data fragments, the computing engine clusters with more than specified number cannot be mutually communicated in the computing process, otherwise, the data fragments can be integrated together to recover plaintext data, and data leakage is caused.

Generally, each compute engine cluster may start a plurality of compute nodes to execute a plurality of compute tasks, and each compute node may also open a port to interact with each other, so that not only too many ports are occupied, but also each compute node of each compute engine exposes its own port to the outside, thereby increasing the risk of attack and intrusion of the compute node, and bringing potential safety hazard to a multi-party secure compute system.

Disclosure of Invention

The embodiment of the invention provides a task processing method and device and a task processing device, which can be used for carrying out port management on a computing engine cluster in a multi-party security computing system, reducing the risks of attack and invasion of computing nodes and further improving the security of the multi-party security computing system.

In order to solve the above problem, in a first aspect, an embodiment of the present invention discloses a task processing method, which is applied to a scheduling node in a multi-party secure computing system, where the multi-party secure computing system further includes compute engine clusters, each compute engine cluster includes at least one compute node, and the method includes:

receiving port registration information sent by a computing node, wherein the port registration information comprises a cluster address of a computing engine cluster to which the computing node belongs and a flow port registered by the computing node, and the flow port comprises a reverse proxy port of the computing engine cluster to which the computing node belongs or a self port of the computing node;

sending configuration information of a security computing task to a task participating node, wherein the configuration information comprises description information of the security computing task and port registration information of the computing node participating in the security computing task, so that the task participating node interacts with the computing node through a flow port registered by the computing node to complete the security computing task.

Optionally, the task participating node includes a computing node, and the sending configuration information of the secure computing task to the task participating node includes:

and sending the configuration information of the safety calculation task to the calculation nodes participating in the safety calculation task through the cluster address of the calculation engine cluster to which the calculation node belongs and the flow port registered by the calculation node.

Optionally, the sending, to the computing node participating in the secure computing task, the configuration information of the secure computing task through a cluster address of a computing engine cluster to which the computing node belongs and a traffic port registered in the computing node includes:

and under the condition that the flow port registered by the computing node participating in the safety computing task is a self port, sending configuration information of the safety computing task to the computing node participating in the safety computing task through the cluster address of the computing engine cluster to which the computing node belongs and the self port of the computing node.

Optionally, the sending, to a computing node participating in the secure computing task, configuration information of the secure computing task through a cluster address of a compute engine cluster to which the computing node belongs and a traffic port registered in the computing node includes:

and under the condition that the flow port registered by the computing node participating in the safety computing task is a reverse proxy port, sending the configuration information of the safety computing task to a reverse proxy of the computing engine cluster to which the computing node belongs through the cluster address of the computing engine cluster to which the computing node belongs and the reverse proxy port of the computing engine cluster to which the computing node belongs, so that the reverse proxy forwards the configuration information of the safety computing task to the computing node.

Optionally, the task participating node further includes a data node, and the sending configuration information of the secure computing task to the task participating node includes:

and sending the configuration information of the safety computing task to the data nodes participating in the safety computing task.

Optionally, the traffic port registered by the computing node is determined according to a port mode of a computing engine cluster to which the computing node belongs, where the traffic port registered by the computing node is a reverse proxy port of the computing engine cluster to which the computing node belongs when the port mode is a first port mode, and the traffic port registered by the computing node is a self port of the computing node when the port mode is a second port mode.

In a second aspect, an embodiment of the present invention discloses a task processing method, applied to a compute node in a multi-party secure computing system, where the multi-party secure computing system includes a dispatch node and compute engine clusters, each compute engine cluster includes at least one compute node, and the method includes:

acquiring port registration information, wherein the port registration information comprises a cluster address of a computing engine cluster to which a computing node belongs and a flow port registered by the computing node, and the flow port comprises a reverse proxy port of the computing engine cluster to which the computing node belongs or a self port of the computing node;

and sending the port registration information to a scheduling node so that the scheduling node sends configuration information of a security computing task to a task participating node, wherein the configuration information comprises description information of the security computing task and the port registration information of the computing node participating in the security computing task.

Optionally, the obtaining port registration information includes:

acquiring a port mode of a computing engine cluster to which the computing node belongs;

under the condition that the port mode is a first port mode, acquiring a reverse proxy port of a computing engine cluster to which the computing node belongs;

and under the condition that the port mode is a second port mode, acquiring the self port of the computing node.

Optionally, after the sending the port registration information to the scheduling node, the method further includes:

receiving configuration information of the safety calculation task sent by the scheduling node;

acquiring cluster addresses of computing engine clusters to which computing nodes participating in the safe computing task belong and flow ports registered by the computing nodes according to the configuration information;

and interacting with each computing node through the cluster address of the computing engine cluster to which each computing node participating in the safety computing task belongs and the flow port registered by each computing node to complete the safety computing task.

Optionally, the receiving the configuration information of the security computation task sent by the scheduling node includes:

and receiving the configuration information of the safety calculation task sent by the scheduling node through a self port registered by the calculation node.

Optionally, the receiving configuration information of the security computation task sent by the scheduling node includes:

and receiving configuration information of the safety computing task forwarded by a reverse proxy of a computing engine cluster to which the computing node belongs through a port of the computing node.

In a third aspect, an embodiment of the present invention discloses a task processing device, which is applied to a scheduling node in a multi-party secure computing system, where the multi-party secure computing system further includes computing engine clusters, each computing engine cluster includes at least one computing node, and the device includes:

a port information receiving module, configured to receive port registration information sent by a computing node, where the port registration information includes a cluster address of a computing engine cluster to which the computing node belongs and a traffic port registered by the computing node, and the traffic port includes a reverse proxy port of the computing engine cluster to which the computing node belongs or a port of the computing node itself;

the configuration information sending module is used for sending configuration information of a security computing task to a task participating node, wherein the configuration information comprises description information of the security computing task and port registration information of the computing node participating in the security computing task, so that the task participating node interacts with the computing node through a flow port registered by the computing node to complete the security computing task.

Optionally, the task participating node includes a computing node, and the configuration information sending module is specifically configured to send the configuration information of the secure computing task to the computing node participating in the secure computing task through a cluster address of a computing engine cluster to which the computing node belongs and a traffic port registered by the computing node.

Optionally, the configuration information sending module is specifically configured to send the configuration information of the secure computation task to the computing node participating in the secure computation task through a cluster address of a computing engine cluster to which the computing node belongs and a self port of the computing node, when a traffic port registered by the computing node participating in the secure computation task is the self port.

Optionally, the configuration information sending module is specifically configured to, when a traffic port registered by a computing node participating in the secure computation task is a reverse proxy port, send configuration information of the secure computation task to a reverse proxy of a computing engine cluster to which the computing node belongs through a cluster address of the computing engine cluster to which the computing node belongs and the reverse proxy port of the computing engine cluster to which the computing node belongs, so that the reverse proxy forwards the configuration information of the secure computation task to the computing node.

Optionally, the task participating node further includes a data node, and the configuration information sending module is specifically configured to send the configuration information of the security computing task to the data node participating in the security computing task.

In a fourth aspect, an embodiment of the present invention discloses a task processing device applied to a compute node in a multi-party secure computing system, where the multi-party secure computing system includes a dispatch node and compute engine clusters, each compute engine cluster includes at least one compute node, and the device includes:

a port information obtaining module, configured to obtain port registration information, where the port registration information includes a cluster address of a compute engine cluster to which a compute node belongs and a traffic port registered by the compute node, and the traffic port includes a reverse proxy port of the compute engine cluster to which the compute node belongs or a port of the compute node;

and the port information sending module is used for sending the port registration information to a scheduling node so as to enable the scheduling node to send configuration information of a security computing task to a task participating node, wherein the configuration information comprises description information of the security computing task and the port registration information of the computing node participating in the security computing task.

Optionally, the port information obtaining module includes:

the mode acquisition submodule is used for acquiring a port mode of a calculation engine cluster to which the calculation node belongs;

the first obtaining submodule is used for obtaining a reverse proxy port of a computing engine cluster to which the computing node belongs under the condition that the port mode is a first port mode;

and the second obtaining submodule is used for obtaining the self port of the computing node under the condition that the port mode is the second port mode.

Optionally, the apparatus further comprises:

the configuration information receiving module is used for receiving the configuration information of the safety calculation task sent by the scheduling node;

the port information determining module is used for acquiring cluster addresses of computing engine clusters to which computing nodes participating in the safety computing task belong and flow ports registered by the computing nodes according to the configuration information;

and the information interaction module is used for interacting with each computing node through the cluster address of the computing engine cluster to which each computing node participating in the safety computing task belongs and the flow port registered by each computing node so as to complete the safety computing task.

Optionally, the configuration information receiving module is specifically configured to receive, through a port registered by the computing node, the configuration information of the security computing task sent by the scheduling node.

Optionally, the configuration information receiving module is specifically configured to receive, through a port of the computing node itself, configuration information of the security computing task forwarded by a reverse proxy of a computing engine cluster to which the computing node belongs.

In a fifth aspect, an embodiment of the present invention discloses a multi-party secure computing system, where the multi-party secure computing system includes a scheduling node and computing engine clusters, and each computing engine cluster includes at least one computing node; wherein the content of the first and second substances,

the computing node is configured to obtain port registration information and send the port registration information to the scheduling node, where the port registration information includes a cluster address of a computing engine cluster to which the computing node belongs and a traffic port registered by the computing node, and the traffic port includes a reverse proxy port of the computing engine cluster to which the computing node belongs or a port of the computing node;

the scheduling node is used for receiving port registration information sent by the computing node and sending configuration information of a safe computing task to a task participating node, wherein the configuration information comprises description information of the safe computing task and port registration information of the computing node participating in the safe computing task, so that the task participating node interacts with the computing node through a flow port registered by the computing node to complete the safe computing task.

In a sixth aspect, an embodiment of the present invention discloses a device for task processing, applied to a scheduling node in a multi-party secure computing system, where the multi-party secure computing system further includes computing engine clusters, each computing engine cluster includes at least one computing node, the device includes a memory, and one or more programs, where the one or more programs are stored in the memory, and are configured to be executed by the one or more processors, and the one or more programs include instructions for:

and under the condition that the flow port registered by the computing node participating in the safety computing task is a self port, sending the configuration information of the safety computing task to the computing node participating in the safety computing task through the cluster address of the computing engine cluster to which the computing node belongs and the self port of the computing node.

In a seventh aspect, an embodiment of the present invention discloses an apparatus for task processing, which is applied to a computing node in a multi-party secure computing system, where the multi-party secure computing system includes a scheduling node and computing engine clusters, each computing engine cluster includes at least one computing node, the apparatus includes a memory, and one or more programs, where the one or more programs are stored in the memory, and are configured to be executed by the one or more processors, and the one or more programs include instructions for:

Optionally, the acquiring port registration information includes:

Optionally, the device is also configured to execute the one or more programs by the one or more processors including instructions for:

and receiving the configuration information of the safety calculation task sent by the scheduling node through the self port registered by the calculation node.

In a ninth aspect, the present invention discloses a machine-readable medium, on which instructions are stored, which when executed by one or more processors, cause an apparatus to perform a task processing method as described in one or more of the preceding.

The embodiment of the invention has the following advantages:

the embodiment of the invention adds the port management function of the dispatching node to the calculation engine cluster on the basis that the dispatching node has the task management function. The scheduling node may receive port registration information of each computing node in each compute engine cluster, and send task configuration information including the port registration information of the computing node to the task participating node, so that the task participating node interacts with the computing node through a traffic port registered by the computing node, where the traffic port may include a reverse proxy port of the compute engine cluster to which the computing node belongs or a port of the computing node itself. That is, in the embodiment of the present invention, the compute nodes in the compute engine cluster may interact with the outside world using the uniform reverse proxy port, or may interact with the outside world using the ports of the compute nodes themselves. On the basis of ensuring the flexibility of the configuration of the computing engine cluster, the safety of the computing engine cluster is ensured. In addition, the embodiment of the invention enables the multi-party secure computing system to support the collaborative computing of the computing engine clusters with different port modes, and can improve the flexibility and the safety of the computing engine clusters in the multi-party secure computing system.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required to be used in the description of the embodiments of the present invention will be briefly introduced below, and it is obvious that the drawings in the description below are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without inventive labor.

FIG. 1 is a flow chart of the steps of one embodiment of a method of task processing of the present invention;

FIG. 2 is a block diagram of a multi-party secure computing system of the present invention;

FIG. 3 is a block diagram of another multiparty secure computing system of the present invention;

FIG. 4 is a flowchart of the steps of another task processing method embodiment of the present invention;

FIG. 5 is a block diagram of an embodiment of a task processing device according to the present invention;

FIG. 6 is a block diagram of another embodiment of a task processing device according to the present invention;

FIG. 7 is a block diagram of a multi-party secure computing system of the present invention;

FIG. 8 is a block diagram of an apparatus 800 for task processing of the present invention;

fig. 9 is a schematic diagram of a server in some embodiments of the invention.

Detailed Description

The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

Method embodiment

Referring to fig. 1, a flowchart illustrating steps of an embodiment of a task processing method according to the present invention is shown, where the method is applicable to a scheduling node in a multi-party secure computing system, where the multi-party secure computing system further includes computing engine clusters, each computing engine cluster includes at least one computing node, and the method specifically includes the following steps:

step 101, receiving port registration information sent by a computing node, where the port registration information includes a cluster address of a computing engine cluster to which the computing node belongs and a traffic port registered by the computing node, and the traffic port includes a reverse proxy port of the computing engine cluster to which the computing node belongs or a port of the computing node;

102, sending configuration information of a security computing task to a task participating node, wherein the configuration information comprises description information of the security computing task and port registration information of the computing node participating in the security computing task, so that the task participating node interacts with the computing node through a flow port registered by the computing node to complete the security computing task.

The task processing method provided by the invention can be suitable for a multi-party security computing system, and the multi-party security computing system is a computing system for protecting data privacy and security. The embodiment of the present invention does not limit the security computation protocol adopted by the multi-party security computation system, for example, the multi-party security computation system may be based on a multi-party security computation MPC protocol, in the multi-party security computation system based on the MPC protocol, a plurality of parties may perform collaborative computation by using a multi-party security computation technique to obtain a computation result on the premise that their own data is not leaked, and the data, the intermediate result, and the final result participating in the computation may be ciphertext. Of course, the multi-party secure computing system may also be a multi-party secure computing protocol implemented based on techniques such as secret sharing, semi-homomorphism, and oblivious transmission.

Referring to fig. 2, a schematic structural diagram of a multi-party secure computing system according to an embodiment of the present invention is shown. As shown in fig. 2, the multi-party secure computing system includes a scheduling node and computing engine clusters, each computing engine cluster including at least one computing node. It should be noted that, the multi-party secure computing system shown in fig. 2 includes two compute engine clusters, each compute engine cluster includes four compute nodes, and in a specific implementation, the number of compute engine clusters in the multi-party secure computing system and the number of compute nodes included in each compute engine cluster are not limited in the embodiment of the present invention.

In particular, the task processing method provided by the invention can be applied to a scheduling node in a multi-party security computing system. The scheduling node is configured to generate a secure computing task and configure a task participating node for the secure computing task, where the task participating node may include a computing node, and further, the task participating node may also include a data node. The data nodes may provide services such as data storage, data provisioning, computation result storage, and the like. The computing node can perform multi-party collaborative computing according to a specified computing method based on the data provided by the data node to complete the safe computing task generated by the scheduling node. The secure computing task includes, but is not limited to, any one or more of: privacy-preserving-based computational operations, privacy-preserving-based model training and prediction, privacy-preserving-based database query operations, and the like. Wherein the computing operations include, but are not limited to: digital computation such as addition, subtraction, multiplication and division, and logical computation such as AND, OR and NOT. It is to be understood that embodiments of the present invention do not impose limitations on the specific types of secure computing tasks.

The embodiment of the invention can independently deploy each computing engine cluster, thereby realizing the cross-management domain deployment of the computing engine clusters, ensuring that a person (such as a cluster administrator) with certain cluster access authority cannot acquire the data fragments of a plurality of computing engine clusters, and avoiding the risk of data leakage caused by the fact that the data fragments are integrated together and recovered into plaintext data. In addition, each compute engine cluster may start multiple compute nodes to execute multiple secure compute tasks, and each compute node may also open its own port for interaction. In order to avoid that each computing node of each computing engine cluster exposes its own port to the outside, which causes the risk of attacking and invading the computing node, the embodiment of the invention adds the function of port management to the computing engine cluster in the multi-party security computing system. Specifically, the embodiment of the invention performs port management on the computing engine cluster through the scheduling node.

In the embodiment of the present invention, each computing node in the multi-party secure computing system may report port registration information to a scheduling node, where the port registration information may include a cluster address of a computing engine cluster to which the computing node belongs and a traffic port registered by the computing node, and the traffic port includes a reverse proxy port of the computing engine cluster to which the computing node belongs or a port of the computing node. The cluster Address may be an IP (Internet Protocol Address) of the compute engine cluster.

Further, the traffic port registered by the computing node may be determined according to a port mode of a computing engine cluster to which the computing node belongs, where the traffic port registered by the computing node is a reverse proxy port of the computing engine cluster to which the computing node belongs when the port mode is a first port mode, and the traffic port registered by the computing node is a self port of the computing node when the port mode is a second port mode.

In particular, embodiments of the present invention may deploy a cluster of compute engines in two port modes in a multi-party secure computing system. For a compute engine cluster in a first port mode, each compute node in the compute engine cluster interacts with the outside world using a unified reverse proxy port. For the computing engine cluster in the second port mode, each computing node in the computing engine cluster uses the own port of each computing node to interact with the outside world.

Each computing node can monitor its own port when being started, and obtain the port mode of the computing engine cluster to which it belongs, if the port mode of the computing engine cluster to which a certain computing node belongs is the first port mode, the computing node reports the reverse proxy port of the computing engine cluster to which the computing node belongs when reporting the port registration information to the scheduling node. If the port mode of the computing engine cluster to which a certain computing node belongs is the second port mode, the computing node reports the port of the computing node when reporting port registration information to the scheduling node.

The scheduling node may send configuration information of a security computation task to a task participating node, where the configuration information includes description information of the security computation task and port registration information of a computation node participating in the security computation task, so that the task participating node interacts with the computation node through a traffic port registered by the computation node to complete the security computation task.

In the embodiment of the invention, the scheduling node sends the description information of the safe computing task to the task participating node and also sends the port registration information of the computing node participating in the safe computing task to the task participating node. Therefore, the task participating node can acquire the flow ports registered by the computing nodes participating in executing the safe computing task, and further can interact with the computing nodes by accessing the flow ports registered by the computing nodes. And the computing nodes participating in the safety computing task can also interact by accessing a flow port registered by the other side.

For example, if a compute engine cluster to which a compute node participating in a secure compute task belongs employs a first port mode, the task participating node may interact with the compute node through a reverse proxy port registered by the compute node. If the computing engine cluster to which a certain computing node participating in the safe computing task belongs adopts the second port mode, the task participating node can interact with the computing node through the self port of the computing node registered by the computing node.

In embodiments of the invention, the reverse proxy may be a service, and the reverse proxy itself may contain one or more processes. Each compute node may listen to its own port, while the reverse-proxy may also listen to its own port. The compute engine cluster in the first port mode may start a reverse proxy, which may be a unified external interface for each compute node in the compute engine cluster. When data is sent to a certain computing node in the computing engine cluster, the data is sent to a reverse proxy port of the computing engine cluster to which the computing node belongs, and then the reverse proxy of the computing engine cluster forwards the data to the computing node.

In order to enable the reverse proxy to forward the data to the correct computing node, the reverse proxy may record the mapping relationship between the node identifier of each computing node in its computing engine cluster and the port of the computing node itself.

Specifically, each computing node in the multi-party secure computing system may generate a unique ID as its own node identifier at startup, and obtain the port mode of the computing engine cluster to which it belongs. If a certain computing node obtains that the port mode of the computing engine cluster to which the computing node belongs is the first port mode, the port registration information sent by the computing node to the scheduling node may further include a node identifier of the computing node, in addition to the cluster address of the computing engine cluster to which the computing node belongs and the reverse proxy port of the computing engine cluster to which the computing node belongs.

For a compute engine cluster employing the first port mode, the reverse proxy of the compute engine cluster may maintain a mapping table, where the mapping table records a mapping relationship between a node identifier of each compute node in the compute engine cluster and a port of the compute node. For example, assuming that the node identifier of a certain compute node in a certain compute engine cluster adopting the first port mode is ID1, and the own port of the compute node is 8899, the mapping table maintained by the reverse proxy of the compute engine cluster includes the mapping relationship between ID1 and 8899. When the reverse proxy receives data that needs to be sent to the computing node with the node ID of ID1, the reverse proxy may obtain that its own port of the computing node with the node ID of ID1 is 8899 by querying the mapping table, and may send the data to the port 8899 of the computing node.

It can be understood that the content included in the port registration information is not limited in the embodiment of the present invention. For example, the port registration information may further include information such as a cluster identifier of a compute engine cluster to which the compute node belongs, and when the multi-party secure computing system includes a plurality of compute engine clusters, different compute engine clusters may be distinguished by the cluster identifier.

If a certain computing node obtains that the port mode of the computing engine cluster to which the computing node belongs is the second port mode, the port registration information sent by the computing node to the scheduling node may include a cluster address of the computing engine cluster to which the computing node belongs and a port of the computing node itself, and of course, may also include information such as a cluster identifier of the computing engine cluster to which the computing node belongs.

The embodiment of the invention can deploy the computing engine clusters with different port modes in the multi-party security computing system, and deploy the scheduling node and each computing engine cluster independently. In a specific implementation, before deploying the compute engine clusters, a parameter may be configured for each compute engine cluster, where the parameter is used to indicate a port mode adopted by the compute engine cluster. When the computing node is started, the port mode adopted by the computing engine cluster to which the computing node belongs can be known by acquiring the parameter, and then the corresponding port registration information is sent to the scheduling node according to the port mode adopted by the computing engine cluster to which the computing node belongs.

For a compute engine cluster that employs the first port mode, a reverse proxy port that a reverse proxy of the compute engine cluster listens to may also be designated at deployment time, so that the compute engine cluster may automatically start a reverse proxy and listen to the designated reverse proxy port.

By the embodiment of the invention, the scheduling node and each computing engine cluster can be independently deployed, the scheduling node does not need to care which port mode each computing engine cluster adopts in implementation, namely, the same scheduling node can simultaneously support the computing engine clusters with different port modes (such as a first port mode and a second port mode), the deployment of the scheduling node is not influenced by the deployment modes of the computing engines, and the simplicity of the scheduling node in design and implementation can be ensured. In addition, the embodiment of the invention enables the multi-party secure computing system to support the collaborative computing of the computing engine clusters with different port modes, and can improve the flexibility and the safety of the computing engine clusters in the multi-party secure computing system.

In the embodiment of the present invention, the task participating node may include only the computing node, or the task participating node may include the computing node and the data node. In the case that the task participating node includes a data node, the data node may provide data participating in computation to the computing node, so that the computing node performs collaborative computation based on the data provided by the data node to complete a secure computation task issued by the scheduling node. In the case where no data node is involved, the data participating in the computation may be sent by the scheduling node to the computing nodes participating in the secure computation task. Wherein, the data participating in the calculation may be ciphertext.

In an optional embodiment of the present invention, the task participating node may include a computing node, and the sending, to the task participating node, configuration information of the secure computing task includes:

The scheduling node may issue the configuration information of the security computation task to all task participating nodes of the security computation task, such as the computation node and the data node participating in the security computation task.

When the scheduling node issues the configuration information of the security computing task to the computing nodes participating in the security computing task, the configuration information of the security computing task can be issued to the computing nodes by accessing the traffic ports registered by the computing nodes.

In an optional embodiment of the present invention, the sending, to a computing node participating in the secure computing task, configuration information of the secure computing task through a cluster address of a compute engine cluster to which the computing node belongs and a traffic port registered in the computing node includes:

In example one, assume that a multi-party secure computing system includes compute engine cluster 1 and compute engine cluster 2. The computing engine cluster 1 includes computing nodes s11, s12, s13, and s14, and the port mode of the computing engine cluster 1 is a first port mode, that is, traffic ports registered by the computing nodes s11, s12, s13, and s14 are all reverse proxy ports of the computing engine cluster 1. The compute engine cluster 2 includes compute nodes s21, s22, s23, and s24, and the port mode of the compute engine cluster 2 is a second port mode, that is, traffic ports registered by the compute nodes s21, s22, s23, and s24 are self ports of s21, s22, s23, and s24, respectively.

Assume in example one that the task participating nodes of a secure computing task include compute node s11 in compute engine cluster 1 and compute node s21 in compute engine cluster 2.

When the scheduling node issues the configuration information of the secure computation task to the computation node s11, the configuration information of the secure computation task may be issued by accessing the reverse proxy port of the computation engine cluster 1, and then the reverse proxy of the computation engine cluster 1 obtains the self port of the computation node s11 by querying the mapping table, and further forwards the configuration information of the secure computation task to the self port of the computation node s 11.

In an example one, the configuration information of the secure computing task includes port registration information of the computing node s11 and the computing node s21, the port registration information of the computing node s11 includes a traffic port registered by the computing node s11, and the port registration information of the computing node s21 includes a traffic port registered by the computing node s21. After receiving the configuration information of the secure computation task, the compute node s11 may know the traffic port registered by the compute node s21. Likewise, the computing node s21 may learn the traffic port registered by the computing node s11 after receiving the configuration information of the secure computing task. Thus, compute node s11 and compute node s21 may interact by accessing the traffic ports registered by each other.

In the embodiment of the invention, each computing node participating in the safety computing task carries out interaction according to the flow port registered by the other side, the other side adopts which port mode is transparent for each computing node, different computing nodes do not need to care about the port mode of the other side in the interaction process, and only need to use the cluster address and the flow port of the other side issued by the scheduling node. Therefore, the embodiment of the invention can realize the cooperative computing among the computing nodes under the computing engine clusters with different port modes on the basis of not changing the existing configuration mode of the computing nodes, and can improve the diversity and the flexibility of the cooperative computing.

In an optional embodiment of the present invention, the sending configuration information of the secure computing task to the computing node participating in the secure computing task through a cluster address of a computing engine cluster to which the computing node belongs and a traffic port registered in the computing node includes:

Still taking the example one as an example, when the scheduling node issues the configuration information of the secure computation task to the computing node s21, the scheduling node may issue the configuration information of the secure computation task to the computing node s21 by accessing the own port of the computing node s21.

In an optional embodiment of the present invention, the task participating node may further include a data node, and the sending configuration information of the secure computing task to the task participating node includes: and sending the configuration information of the safety computing task to the data nodes participating in the safety computing task.

Referring to FIG. 3, a block diagram of another multi-party secure computing system of an embodiment of the invention is shown. As shown in FIG. 3, the multi-party secure computing system includes a scheduling node, computing engine clusters, and a data node, where each computing engine cluster includes at least one computing node.

In example two, it is assumed that the multi-party secure computing system includes a compute engine cluster 1, a compute engine cluster 2, and a compute engine cluster 3. The computing engine cluster 1 includes computing nodes s11, s12, s13, and s14, and the port mode of the computing engine cluster 1 is a first port mode. The compute engine cluster 2 includes compute nodes s21, s22, s23, and s24, and the port mode of the compute engine cluster 2 is a second port mode. The computing engine cluster 3 includes computing nodes s31, s32, s33, and s34, and the port mode of the computing engine cluster 3 is a first port mode. As shown in fig. 3, compute engine cluster 1 and compute engine cluster 3 each include a reverse proxy.

Assume that in example two, the task participating nodes of a certain secure computing task include data node d1, data node d2, and computing node s11 in computing engine cluster 1, and computing node s21 in computing engine cluster 2 is computing node s31 in computing engine cluster 3.

When the scheduling node issues the configuration information of the secure computation task to the computing node s11, the configuration information of the secure computation task may be issued to the computing node s11 by accessing the reverse proxy port of the computing engine cluster 1, and then the reverse proxy of the computing engine cluster 1 obtains the self port of the computing node s11 by querying the mapping table, and further forwards the configuration information of the secure computation task to the self port of the computing node s 11.

Similarly, when the scheduling node issues the configuration information of the secure computation task to the computation node s31, the scheduling node may issue the configuration information of the secure computation task to the computation node s31 by accessing the reverse proxy port of the computation engine cluster 3, and then the reverse proxy of the computation engine cluster 3 obtains the self port of the computation node s31 by querying the mapping table, and further forwards the configuration information of the secure computation task to the self port of the computation node s31.

When the scheduling node issues the configuration information of the secure computation task to the computing node s21, the scheduling node may issue the configuration information of the secure computation task to the computing node s21 by accessing a self port of the computing node s21.

In addition, the scheduling node also issues the configuration information of the security computation task to the data node d1 and the data node d2, respectively. The configuration information of the secure computation task includes port registration information of the compute node s11, the compute node s21, and the compute node s31. When the computing node s11, the computing node s21, and the computing node s31 interact with each other, the interaction may be performed through accessing a traffic port registered by the other. When the data node d1 and the data node d2 interact with the computing node s11, the computing node s21, and the computing node s31, respectively, the data node d1 and the data node d2 may interact by accessing traffic ports registered in the computing nodes. For example, suppose data node d1 needs to provide data to compute node s11 and compute node s21, and data node d2 needs to provide data to compute node s31. As shown in fig. 3, data node d1 may send data to compute node s11 through a reverse proxy port accessing compute engine cluster 1, and may send data to compute node s21 through its own port accessing compute node s21. Data node d2 may send data to compute node s31 by accessing its own port of compute node s31.

It should be noted that the scheduling node only needs to issue port registration information of each computing node to task participating nodes (e.g., the data node d1, the data node d2, the computing node s11, the computing node s21, and the computing node s 31), without considering what port mode is used by the computing engine cluster to which each computing node belongs, and the simplicity of the scheduling node can be ensured. In addition, when a plurality of computing engine clusters participating in the same safe computing task are interacted, the computing engine clusters can access the flow port registered by the computing node of the other side, and the port mode adopted by the computing engine clusters of the other side does not need to be concerned, so that the simplicity of the computing engine clusters in design and implementation can be ensured.

In summary, the embodiment of the present invention adds the port management function of the scheduling node to the compute engine cluster on the basis that the scheduling node has the task management function. The scheduling node may receive port registration information of each computing node in each compute engine cluster, and send task configuration information including the port registration information of the computing node to the task participating node, so that the task participating node interacts with the computing node through a traffic port registered by the computing node, where the traffic port may include a reverse proxy port of the compute engine cluster to which the computing node belongs or a port of the computing node itself. That is, in the embodiment of the present invention, the compute nodes in the compute engine cluster may interact with the outside world using the unified reverse proxy port, or may interact with the outside world using the ports of the compute nodes themselves. On the basis of ensuring the flexibility of the configuration of the computing engine cluster, the safety of the computing engine cluster is ensured. In addition, the embodiment of the invention enables the multi-party secure computing system to support the computing engine clusters with different port modes to be capable of performing collaborative computing, and can improve the flexibility and the safety of the computing engine clusters in the multi-party secure computing system.

Referring to fig. 4, a flowchart illustrating steps of an embodiment of a task processing method according to the present invention is shown, where the method is applicable to a computing node in a multi-party secure computing system, where the multi-party secure computing system includes a scheduling node and computing engine clusters, each computing engine cluster includes at least one computing node, and the method specifically includes:

step 401, obtaining port registration information, where the port registration information includes a cluster address of a compute engine cluster to which a compute node belongs and a traffic port registered by the compute node, and the traffic port includes a reverse proxy port of the compute engine cluster to which the compute node belongs or a port of the compute node;

step 402, sending the port registration information to a scheduling node, so that the scheduling node sends configuration information of a security computation task to a task participating node, where the configuration information includes description information of the security computation task and port registration information of the computation node participating in the security computation task.

In the embodiment of the invention, each computing node in the multi-party security computing system can acquire the respective port registration information when being started, and report the port registration information to the scheduling node.

The embodiment of the invention can deploy the computing engine clusters of two port modes in a multi-party safe computing system. For a first port mode compute engine cluster, each compute node in the compute engine cluster interacts with the outside world using a unified reverse proxy port. Therefore, for the computing node in the computing engine cluster in the first port mode, the traffic port in the reported port registration information is the reverse proxy port of the computing engine cluster to which the computing node belongs. For the computing engine cluster in the second port mode, each computing node in the computing engine cluster uses the own port of each computing node to interact with the outside world. Therefore, for the compute node in the compute engine cluster in the second port mode, the traffic port in the reported port registration information is the own port of the compute node.

In an optional embodiment of the present invention, the acquiring port registration information includes:

s11, acquiring a port mode of a computing engine cluster to which the computing node belongs;

step S12, under the condition that the port mode is a first port mode, acquiring a reverse proxy port of a computing engine cluster to which the computing node belongs;

and S13, acquiring the self port of the computing node under the condition that the port mode is the second port mode.

In the embodiment of the invention, the flow port registered by each computing node in the multi-party security computing system is determined according to the port mode of the computing engine cluster to which each computing node belongs.

Each computing node can monitor its own port when being started, and obtain the port mode of the computing engine cluster to which it belongs, if the port mode of the computing engine cluster to which a certain computing node belongs is the first port mode, the computing node obtains the reverse proxy port of the computing engine cluster to which it belongs, and reports the reverse proxy port of the computing engine cluster to which the computing node belongs when reporting port registration information to the scheduling node. If the port mode of the computing engine cluster to which a certain computing node belongs is the second port mode, the computing node reports the port of the computing node when reporting port registration information to the scheduling node.

In the embodiment of the invention, the scheduling node sends the description information of the security computing task to the task participating node, and also sends the port registration information of the target computing node participating in the security computing task to the task participating node. Therefore, the task participating node can acquire the registered flow ports of the computing nodes participating in executing the safe computing task, and further can interact with the computing nodes by accessing the registered flow ports of the computing nodes.

In an optional embodiment of the present invention, after sending the port registration information to the scheduling node, the method further includes:

step S21, receiving configuration information of the safety calculation task sent by the scheduling node;

step S22, acquiring cluster addresses of computing engine clusters to which computing nodes participating in the secure computing task belong and flow ports registered by the computing nodes according to the configuration information;

and step S23, interacting with each computing node through the cluster address of the computing engine cluster to which each computing node participating in the safety computing task belongs and the flow port registered by each computing node to complete the safety computing task.

In the embodiment of the invention, the computing nodes can participate in the safe computing task, and each computing node participating in the safe computing task can receive the configuration information of the safe computing task sent by the scheduling node. The configuration information comprises description information of the safety calculation task and port registration information of each calculation node participating in the safety calculation task. The port registration information includes a cluster address of a compute engine cluster to which a compute node belongs and a traffic port registered by the compute node, and the traffic port includes a reverse proxy port of the compute engine cluster to which the compute node belongs or a self port of the compute node.

Therefore, each computing node participating in the safety computing task can acquire the cluster address of the computing engine cluster to which each computing node participating in the safety computing task belongs and the flow port registered by each computing node according to the configuration information, and then each computing node participating in the safety computing task can interact by accessing the flow port registered by the other side so as to cooperatively complete the safety computing task.

In an optional embodiment of the present invention, the receiving configuration information of the secure computation task sent by the scheduling node includes:

In the embodiment of the present invention, a computing node may participate in a secure computing task, and when a computing engine cluster to which the computing node participating in the secure computing task belongs is in a first port mode, a scheduling node sends configuration information of the secure computing task to a reverse proxy of the computing engine cluster to which the computing node belongs according to a cluster address of the computing engine cluster to which the computing node belongs and a reverse proxy port of the computing engine cluster to which the computing node belongs, so that the reverse proxy forwards the configuration information of the secure computing task to the computing node. That is, the compute node receives, through its own port, configuration information of a secure compute task forwarded by a reverse proxy of a compute engine cluster to which the compute node belongs.

In the embodiment of the present invention, a computing node may participate in a secure computing task, and when a compute engine cluster to which the computing node participating in the secure computing task belongs is in a second port mode, a scheduling node directly sends configuration information of the secure computing task to a self port of the computing node according to a cluster address of the compute engine cluster to which the computing node belongs and the self port of the computing node. That is, the computing node directly receives, through its own port, the configuration information of the secure computation task sent by the scheduling node.

In addition, under the condition that the task participating node comprises the data node, the scheduling node also issues configuration information of the safety computing task to the data node, and the data node can acquire the flow ports registered by each computing node participating in the safety computing task according to the configuration information, so that data can be provided for the computing nodes participating in the safety computing task through the flow ports registered by each computing node.

The interaction process between the computing nodes participating in the secure computing task, and the interaction process between the data node participating in the secure computing task and the computing node participating in the secure computing task are already described in detail in fig. 2 and 3, and are not described again here.

In summary, the embodiment of the present invention adds the port management function of the scheduling node to the compute engine cluster on the basis that the scheduling node has the task management function. The scheduling node may receive port registration information of each computing node in each compute engine cluster, and send task configuration information including the port registration information of the computing node to the task participating node, so that the task participating node interacts with the computing node through a traffic port registered by the computing node, where the traffic port may include a reverse proxy port of the compute engine cluster to which the computing node belongs or a port of the computing node itself. That is, in the embodiment of the present invention, the compute nodes in the compute engine cluster may interact with the outside world using the uniform reverse proxy port, or may interact with the outside world using the ports of the compute nodes themselves. On the basis of ensuring the flexibility of the configuration of the computing engine cluster, the safety of the computing engine cluster is ensured. In addition, the embodiment of the invention enables the multi-party secure computing system to support the computing engine clusters with different port modes to be capable of performing collaborative computing, and can improve the flexibility and the safety of the computing engine clusters in the multi-party secure computing system.

It should be noted that for simplicity of description, the method embodiments are shown as a series of combinations of acts, but those skilled in the art will recognize that the embodiments are not limited by the order of acts, as some steps may occur in other orders or concurrently in accordance with the embodiments. Further, those of skill in the art will appreciate that the embodiments described in the specification are presently preferred and that no particular act is required to implement the embodiments of the invention.

Device embodiment

Referring to fig. 5, a block diagram of a task processing apparatus according to an embodiment of the present invention is shown, where the apparatus is applicable to a scheduling node in a multi-party secure computing system, where the multi-party secure computing system further includes computing engine clusters, each computing engine cluster includes at least one computing node, and the apparatus may specifically include:

a port information receiving module 501, configured to receive port registration information sent by a computing node, where the port registration information includes a cluster address of a computing engine cluster to which the computing node belongs and a traffic port registered by the computing node, and the traffic port includes a reverse proxy port of the computing engine cluster to which the computing node belongs or a self port of the computing node;

a configuration information sending module 502, configured to send configuration information of a security computing task to a task participating node, where the configuration information includes description information of the security computing task and port registration information of a computing node participating in the security computing task, so that the task participating node interacts with the computing node through a flow port registered by the computing node to complete the security computing task.

Referring to fig. 6, a block diagram illustrating another embodiment of a task processing apparatus according to the present invention is shown, where the apparatus is applicable to a computing node in a multi-party secure computing system, where the multi-party secure computing system includes a scheduling node and computing engine clusters, each computing engine cluster includes at least one computing node, and the apparatus may specifically include:

a port information obtaining module 601, configured to obtain port registration information, where the port registration information includes a cluster address of a compute engine cluster to which a compute node belongs and a traffic port registered by the compute node, and the traffic port includes a reverse proxy port of the compute engine cluster to which the compute node belongs or a port of the compute node;

a port information sending module 602, configured to send the port registration information to a scheduling node, so that the scheduling node sends configuration information of a security computation task to a task participating node, where the configuration information includes description information of the security computation task and port registration information of a computation node participating in the security computation task.

Optionally, the port information obtaining module includes:

a first obtaining sub-module, configured to obtain a reverse proxy port of a compute engine cluster to which the compute node belongs when the port mode is a first port mode;

Optionally, the apparatus further comprises:

the port information determining module is used for acquiring the cluster address of a computing engine cluster to which each computing node participating in the safety computing task belongs and the flow port registered by each computing node according to the configuration information;

Referring to fig. 7, a block diagram 700 of a multi-party secure computing system according to an embodiment of the present invention is shown, where the multi-party secure computing system includes a scheduling node 701 and computing engine clusters 702, and each computing engine cluster includes at least one computing node 703; wherein the content of the first and second substances,

the computing node is configured to obtain port registration information and send the port registration information to the scheduling node, where the port registration information includes a cluster address of a computing engine cluster to which the computing node belongs and a traffic port registered by the computing node, and the traffic port includes a reverse proxy port of the computing engine cluster to which the computing node belongs or a self port of the computing node;

The embodiment of the invention adds the port management function of the dispatching node on the calculation engine cluster on the basis that the dispatching node has the task management function. The scheduling node may receive port registration information of each computing node in each computing engine cluster, and send task configuration information including the port registration information of the computing node to the task participating node, so that the task participating node interacts with the computing node through a traffic port registered by the computing node, where the traffic port may include a reverse proxy port of the computing engine cluster to which the computing node belongs or a self port of the computing node. That is, in the embodiment of the present invention, the compute nodes in the compute engine cluster may interact with the outside world using the uniform reverse proxy port, or may interact with the outside world using the ports of the compute nodes themselves. On the basis of ensuring the flexibility of the configuration of the computing engine cluster, the safety of the computing engine cluster is ensured. In addition, the embodiment of the invention enables the multi-party secure computing system to support the computing engine clusters with different port modes to be capable of performing collaborative computing, and can improve the flexibility and the safety of the computing engine clusters in the multi-party secure computing system.

For the apparatus embodiment, since it is substantially similar to the method embodiment, the description is relatively simple, and reference may be made to the partial description of the method embodiment for relevant points.

The embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.

With regard to the apparatus in the above-described embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be elaborated here.

The embodiment of the invention provides a device for task processing, which is applied to a scheduling node in a multi-party secure computing system, wherein the multi-party secure computing system further comprises computing engine clusters, each computing engine cluster comprises at least one computing node, the device comprises a memory and one or more programs, wherein the one or more programs are stored in the memory and are configured to be executed by one or more processors, and the one or more programs comprise instructions for: receiving port registration information sent by a computing node, wherein the port registration information comprises a cluster address of a computing engine cluster to which the computing node belongs and a flow port registered by the computing node, and the flow port comprises a reverse proxy port of the computing engine cluster to which the computing node belongs or a self port of the computing node; sending configuration information of a security computing task to a task participating node, wherein the configuration information comprises description information of the security computing task and port registration information of the computing node participating in the security computing task, so that the task participating node interacts with the computing node through a flow port registered by the computing node to complete the security computing task.

An embodiment of the present invention provides a device for task processing, which is applied to a computing node in a multi-party secure computing system, where the multi-party secure computing system includes a scheduling node and computing engine clusters, each computing engine cluster includes at least one computing node, the device includes a memory, and one or more programs, where the one or more programs are stored in the memory and configured to be executed by one or more processors, and the one or more programs include instructions for: acquiring port registration information, wherein the port registration information comprises a cluster address of a computing engine cluster to which a computing node belongs and a flow port registered by the computing node, and the flow port comprises a reverse proxy port of the computing engine cluster to which the computing node belongs or a self port of the computing node; and sending the port registration information to a scheduling node so that the scheduling node sends configuration information of a security computing task to a task participating node, wherein the configuration information comprises description information of the security computing task and the port registration information of the computing node participating in the security computing task.

FIG. 8 is a block diagram illustrating an apparatus 800 for task processing according to an example embodiment. For example, the apparatus 800 may be a mobile phone, a computer, a digital broadcast terminal, a messaging device, a game console, a tablet device, a medical device, an exercise device, a personal digital assistant, and the like.

Referring to fig. 8, the apparatus 800 may include one or more of the following components: processing component 802, memory 804, power component 806, multimedia component 808, audio component 810, input/output (I/O) interface 812, sensor component 814, and communication component 816.

The processing component 802 generally controls overall operation of the device 800, such as operations associated with display, telephone calls, data communications, camera operations, and recording operations. The processing elements 802 may include one or more processors 820 to execute instructions to perform all or a portion of the steps of the methods described above. Further, the processing component 802 can include one or more modules that facilitate interaction between the processing component 802 and other components. For example, the processing component 802 can include a multimedia module to facilitate interaction between the multimedia component 808 and the processing component 802.

The memory 804 is configured to store various types of data to support operation at the device 800. Examples of such data include instructions for any application or method operating on device 800, contact data, phonebook data, messages, pictures, videos, and so forth. The memory 804 may be implemented by any type or combination of volatile or non-volatile memory devices, such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disks.

Power components 806 provide power to the various components of device 800. The power components 806 may include a power management system, one or more power supplies, and other components associated with generating, managing, and distributing power for the device 800.

The multimedia component 808 includes a screen that provides an output interface between the device 800 and a user. In some embodiments, the screen may include a Liquid Crystal Display (LCD) and a Touch Panel (TP). If the screen includes a touch panel, the screen may be implemented as a touch screen to receive an input signal from a user. The touch panel includes one or more touch sensors to sense touch, slide, and gestures on the touch panel. The touch sensor may not only sense the boundary of a touch or slide action, but also detect the duration and pressure associated with the touch or slide operation. In some embodiments, the multimedia component 808 includes a front facing camera and/or a rear facing camera. The front-facing camera and/or the rear-facing camera may receive external multimedia data when the device 800 is in an operating mode, such as a shooting mode or a video mode. Each front camera and rear camera may be a fixed optical lens system or have a focal length and optical zoom capability.

The audio component 810 is configured to output and/or input audio signals. For example, the audio component 810 includes a Microphone (MIC) configured to receive external audio signals when the apparatus 800 is in an operational mode, such as a call mode, a recording mode, and a voice information processing mode. The received audio signals may further be stored in the memory 804 or transmitted via the communication component 816. In some embodiments, audio component 810 also includes a speaker for outputting audio signals.

The I/O interface 812 provides an interface between the processing component 802 and peripheral interface modules, which may be keyboards, click wheels, buttons, etc. These buttons may include, but are not limited to: a home button, a volume button, a start button, and a lock button.

The sensor assembly 814 includes one or more sensors for providing various aspects of state assessment for the device 800. For example, the sensor assembly 814 may detect the open/closed state of the device 800, the relative positioning of components, such as a display and keypad of the apparatus 800, the sensor assembly 814 may also detect a change in position of the apparatus 800 or a component of the apparatus 800, the presence or absence of user contact with the apparatus 800, orientation or acceleration/deceleration of the apparatus 800, and a change in temperature of the apparatus 800. Sensor assembly 814 may include a proximity sensor configured to detect the presence of a nearby object without any physical contact. The sensor assembly 814 may also include a light sensor, such as a CMOS or CCD image sensor, for use in imaging applications. In some embodiments, the sensor assembly 814 may also include an acceleration sensor, a gyroscope sensor, a magnetic sensor, a pressure sensor, or a temperature sensor.

The communication component 816 is configured to facilitate communication between the apparatus 800 and other devices in a wired or wireless manner. The device 800 may access a wireless network based on a communication standard, such as WiFi,2G or 3G, or a combination thereof. In an exemplary embodiment, the communication component 816 receives broadcast signals or broadcast related information from an external broadcast management system via a broadcast channel. In an exemplary embodiment, the communication component 816 further includes a Near Field Communication (NFC) module to facilitate short-range communications. For example, the NFC module may be implemented based on radio frequency information processing (RFID) technology, infrared data association (IrDA) technology, ultra Wideband (UWB) technology, bluetooth (BT) technology, and other technologies.

In an exemplary embodiment, the apparatus 800 may be implemented by one or more Application Specific Integrated Circuits (ASICs), digital Signal Processors (DSPs), digital Signal Processing Devices (DSPDs), programmable Logic Devices (PLDs), field Programmable Gate Arrays (FPGAs), controllers, micro-controllers, microprocessors or other electronic components for performing the above-described methods.

In an exemplary embodiment, a non-transitory computer-readable storage medium comprising instructions, such as the memory 804 comprising instructions, executable by the processor 820 of the device 800 to perform the above-described method is also provided. For example, the non-transitory computer readable storage medium may be a ROM, a Random Access Memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like.

Fig. 9 is a schematic diagram of a server in some embodiments of the invention. The server 1900 may vary widely by configuration or performance and may include one or more Central Processing Units (CPUs) 1922 (e.g., one or more processors) and memory 1932, one or more storage media 1930 (e.g., one or more mass storage devices) storing applications 1942 or data 1944. Memory 1932 and storage medium 1930 can be, among other things, transient or persistent storage. The program stored in the storage medium 1930 may include one or more modules (not shown), each of which may include a series of instructions operating on a server. Still further, a central processor 1922 may be provided in communication with the storage medium 1930 to execute a series of instruction operations in the storage medium 1930 on the server 1900.

The server 1900 may also include one or more power supplies 1926, one or more wired or wireless network interfaces 1950, one or more input-output interfaces 1958, one or more keyboards 1956, and/or one or more operating systems 1941, such as Windows Server, mac OS XTM, unixTM, linuxTM, freeBSDTM, etc.

A non-transitory computer-readable storage medium in which instructions, when executed by a processor of an apparatus (server or terminal), enable the apparatus to perform a task processing method shown in fig. 1 or 4.

A non-transitory computer-readable storage medium in which instructions, when executed by a processor of an apparatus (server or terminal), enable the apparatus to perform a method of task processing, the method comprising: receiving port registration information sent by a computing node, wherein the port registration information comprises a cluster address of a computing engine cluster to which the computing node belongs and a flow port registered by the computing node, and the flow port comprises a reverse proxy port of the computing engine cluster to which the computing node belongs or a self port of the computing node; sending configuration information of a security computing task to a task participating node, wherein the configuration information comprises description information of the security computing task and port registration information of the computing node participating in the security computing task, so that the task participating node interacts with the computing node through a flow port registered by the computing node to complete the security computing task.

A non-transitory computer-readable storage medium in which instructions, when executed by a processor of an apparatus (server or terminal), enable the apparatus to perform a method of task processing, the method comprising: acquiring port registration information, wherein the port registration information comprises a cluster address of a computing engine cluster to which a computing node belongs and a flow port registered by the computing node, and the flow port comprises a reverse proxy port of the computing engine cluster to which the computing node belongs or a self port of the computing node; and sending the port registration information to a scheduling node so that the scheduling node sends configuration information of a security computing task to a task participating node, wherein the configuration information comprises description information of the security computing task and the port registration information of the computing node participating in the security computing task.

Other embodiments of the invention will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. The invention is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the invention and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the invention being indicated by the following claims.

It will be understood that the invention is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the invention is limited only by the appended claims.

The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.

The above detailed description is provided for a task processing method, a task processing device and a device for task processing, and the principle and the implementation of the present invention are explained by applying specific examples, and the description of the above examples is only used to help understanding the method and the core idea of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.

Claims

1. A task processing method applied to a scheduling node in a multi-party secure computing system, wherein the multi-party secure computing system further includes computing engine clusters, each computing engine cluster including at least one computing node, the method comprising:

2. The method of claim 1, wherein the task participating nodes comprise computing nodes, and wherein sending configuration information for the secure computing task to the task participating nodes comprises:

and sending the configuration information of the safety computing task to the computing nodes participating in the safety computing task through the cluster address of the computing engine cluster to which the computing nodes belong and the flow port registered by the computing nodes.

3. The method of claim 2, wherein sending configuration information of the secure computing task to the computing nodes participating in the secure computing task through a cluster address of a computing engine cluster to which the computing node belongs and a traffic port on which the computing node is registered comprises:

4. The method according to claim 2, wherein the sending configuration information of the secure computing task to the computing node participating in the secure computing task through a cluster address of a computing engine cluster to which the computing node belongs and a traffic port on which the computing node is registered comprises:

5. The method according to any one of claims 2 to 4, wherein the task participating node further comprises a data node, and the sending configuration information of the secure computing task to the task participating node comprises:

6. The method according to any one of claims 1 to 4, wherein the traffic port registered by the computing node is determined according to a port mode of a computing engine cluster to which the computing node belongs, wherein the traffic port registered by the computing node is a reverse proxy port of the computing engine cluster to which the computing node belongs in a case where the port mode is a first port mode, and the traffic port registered by the computing node is a self port of the computing node in a case where the port mode is a second port mode.

7. A task processing method is applied to a computing node in a multi-party security computing system, wherein the multi-party security computing system comprises a scheduling node and computing engine clusters, and each computing engine cluster comprises at least one computing node, and the method comprises the following steps:

sending the port registration information to a scheduling node so that the scheduling node sends configuration information of a security computing task to a task participating node, wherein the configuration information comprises description information of the security computing task and the port registration information of the computing node participating in the security computing task;

after the sending the port registration information to the scheduling node, the method further includes:

8. The method of claim 7, wherein the obtaining port registration information comprises:

and acquiring the self port of the computing node under the condition that the port mode is a second port mode.

9. The method according to claim 7, wherein the receiving configuration information of the secure computation task sent by the scheduling node comprises:

10. The method of claim 7, wherein the receiving configuration information of the secure computing task sent by the scheduling node comprises:

11. A task processing apparatus applied to a scheduling node in a multi-party secure computing system, the multi-party secure computing system further comprising compute engine clusters, each compute engine cluster comprising at least one compute node, the apparatus comprising:

the system comprises a configuration information sending module and a task participation node, wherein the configuration information sending module is used for sending configuration information of a safety computing task to the task participation node, and the configuration information comprises description information of the safety computing task and port registration information of the computing node participating in the safety computing task, so that the task participation node interacts with the computing node through a flow port registered by the computing node to complete the safety computing task.

12. The apparatus according to claim 11, wherein the task participating node includes a computing node, and the configuration information sending module is specifically configured to send the configuration information of the secure computing task to the computing node participating in the secure computing task through a cluster address of a computing engine cluster to which the computing node belongs and a traffic port registered in the computing node.

13. The apparatus according to claim 12, wherein the configuration information sending module is specifically configured to, when a traffic port registered by a computing node participating in the secure computing task is a self port, send the configuration information of the secure computing task to the computing node participating in the secure computing task through a cluster address of a computing engine cluster to which the computing node belongs and the self port of the computing node.

14. The apparatus according to claim 12, wherein the configuration information sending module is specifically configured to, when a traffic port registered by a computing node participating in the secure computation task is a reverse proxy port, send the configuration information of the secure computation task to a reverse proxy of a computing engine cluster to which the computing node belongs through a cluster address of the computing engine cluster to which the computing node belongs and the reverse proxy port of the computing engine cluster to which the computing node belongs, so that the reverse proxy forwards the configuration information of the secure computation task to the computing node.

15. The apparatus according to any one of claims 12 to 14, wherein the task participating node further includes a data node, and the configuration information sending module is specifically configured to send the configuration information of the secure computing task to the data node participating in the secure computing task.

16. The apparatus according to any one of claims 11 to 14, wherein the traffic port registered by the computing node is determined according to a port mode of a computing engine cluster to which the computing node belongs, where the traffic port registered by the computing node is a reverse proxy port of the computing engine cluster to which the computing node belongs in a case where the port mode is a first port mode, and the traffic port registered by the computing node is a self port of the computing node in a case where the port mode is a second port mode.

17. A task processing apparatus applied to a computing node in a multi-party secure computing system, the multi-party secure computing system including a scheduling node and computing engine clusters, each computing engine cluster including at least one computing node, the apparatus comprising:

a port information sending module, configured to send the port registration information to a scheduling node, so that the scheduling node sends configuration information of a security computation task to a task participating node, where the configuration information includes description information of the security computation task and port registration information of a computation node participating in the security computation task;

the device further comprises:

18. The apparatus of claim 17, wherein the port information obtaining module comprises:

the mode acquisition submodule is used for acquiring a port mode of a computing engine cluster to which the computing node belongs;

19. The apparatus according to claim 17, wherein the configuration information receiving module is specifically configured to receive, through a self port registered by the computing node, configuration information of the security computing task sent by the scheduling node.

20. The apparatus according to claim 17, wherein the configuration information receiving module is specifically configured to receive, through a port of the computing node itself, configuration information of the security computing task forwarded by a reverse proxy of a computing engine cluster to which the computing node belongs.

21. A multi-party secure computing system is characterized in that the multi-party secure computing system comprises scheduling nodes and computing engine clusters, and each computing engine cluster comprises at least one computing node; wherein the content of the first and second substances,

22. An apparatus for task processing, for use in a scheduling node in a multi-party secure computing system that further includes compute engine clusters, each compute engine cluster including at least one compute node, the apparatus comprising a memory, and one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by the one or more processors, the one or more programs including instructions for performing the method of task processing according to any one of claims 1 to 6.

23. A machine-readable medium having stored thereon instructions, which when executed by one or more processors, cause an apparatus to perform a method of task processing according to any one of claims 1 to 6 or 7 to 10.