CN113206832A

CN113206832A - Data processing method and device and data processing device

Info

Publication number: CN113206832A
Application number: CN202110352857.XA
Authority: CN
Inventors: 西方
Original assignee: Huakong Tsingjiao Information Technology Beijing Co Ltd
Current assignee: Huakong Tsingjiao Information Technology Beijing Co Ltd
Priority date: 2021-03-31
Filing date: 2021-03-31
Publication date: 2021-08-03
Anticipated expiration: 2041-03-31
Also published as: CN113206832B

Abstract

The embodiment of the invention provides a data processing method and device and a device for data processing. The method comprises the following steps: calling a data source initialization function in a preset development kit, and registering a data source of the data party in the multi-party security computing system by executing the data source initialization function, wherein the preset development kit also comprises a data processing function for realizing data interaction between the data party and the multi-party security computing system; receiving a data processing request sent by the multi-party secure computing system aiming at a data source of the data party; and responding to the data processing request, and executing data processing operation by calling a data processing function in the preset development kit. The embodiment of the invention can register the data source of the data side and execute the data processing operation in the multi-party security computing system directly by calling the corresponding function in the preset development kit, does not need manual development of a user, reduces the operation complexity of data processing and improves the data processing efficiency.

Description

Data processing method and device and data processing device

Technical Field

The present invention relates to the field of computer technologies, and in particular, to a data processing method and apparatus, and an apparatus for data processing.

Background

MPC (secure computing) systems typically include a control node, a compute node, and a data node. The control node is used for managing and controlling a computing node and a data node in the MPC system; the computing node is used for executing multi-party security computation; the data node, namely the data source access component, is used for accessing plaintext data provided by the data source, encrypting the plaintext data in a system-supported manner, and then sending the encrypted data to the computing node, so that the computing node performs ciphertext-based data computation. The data node can also pull the calculation result from the related calculation node after the execution of the multi-party security calculation task is completed, and restore the calculation result into plaintext data to be displayed to the data result party.

From the system architecture level, the data source access component belongs to a part of the client, belongs to a component in the user management range, and needs to be developed and maintained by a user. However, the interaction process of the data source access component and the MPC is complex, a user needs to know the construction details of the MPC system and the complex interaction logic of the data source access component and the MPC system, the requirement on the professional knowledge and the technical capability of the user is high, the development difficulty of the data source access component is large, and the data source access component is often required to provide necessary data processing operation when a multi-party security computing task is executed. The development operation of the data source development component with high difficulty undoubtedly increases the operation complexity of data processing in the multi-party security computing task, and reduces the data processing efficiency.

Disclosure of Invention

Embodiments of the present invention provide a data processing method and apparatus, and an apparatus for data processing, which can reduce the development difficulty of accessing a data source to a multi-party secure computing system, thereby reducing the operation complexity of data processing in a multi-party secure computing task, and improving the data processing efficiency.

In order to solve the above problem, an embodiment of the present invention discloses a data processing method, where the method includes:

calling a data source initialization function in a preset development kit, and registering a data source of the data party in the multi-party security computing system by executing the data source initialization function, wherein the preset development kit also comprises a data processing function for realizing data interaction between the data party and the multi-party security computing system;

receiving a data processing request sent by the multi-party secure computing system aiming at a data source of the data party;

and responding to the data processing request, and executing data processing operation by calling a data processing function in the preset development kit.

Optionally, the data processing request carries identity information of a data source, and the performing, in response to the data processing request, a data processing operation by calling a data processing function in the preset development kit includes:

responding to the data processing request, and comparing the identity information carried by the data processing request with the data source identification of the data party;

and if the data source identification of the data side is matched with the identity information carried by the data processing request, executing the data processing operation by calling a data processing function in the preset development kit.

Optionally, the data processing request includes a data obtaining request, and the executing the data processing operation by calling a data processing function in the preset development kit includes:

and encrypting the target data in the data source by calling a first data processing function, and sending the encrypted target data to the multi-party security computing system.

Optionally, the data processing request includes a result output request, and the executing the data processing operation by calling a data processing function in the preset development kit includes:

monitoring whether an execution result of a multi-party security computing task exists in the multi-party security computing system by calling a second data processing function;

if the execution result of the multi-party safety calculation task is monitored to exist, the execution result of the multi-party safety calculation task is obtained;

and decrypting the acquired execution result, and outputting the decrypted execution result in the data side.

Optionally, the preset development kit further includes a first interface function for configuring a data processing function, the data source initialization function in the preset development kit is called, and before the data source of the data party is registered in the multi-party secure computing system by executing the data source initialization function, the method further includes:

determining a development language supported by the data side;

and calling a first interface function in the preset development kit according to the development language, and configuring a data processing function in the preset development kit.

Optionally, the invoking a data source initialization function in a preset development kit, and registering a data source of the data party in the multi-party secure computing system by executing the data source initialization function includes:

establishing network connection between the data party and the multi-party security computing system by calling a data source initialization function of the preset development kit;

sending a data source registration request to the multi-party secure computing system based on the network connection, so that the multi-party secure computing system performs a registration operation on a data source of the data party based on the data source registration request.

Optionally, the preset development kit further includes a second interface function for implementing task control interaction between the data party and the multi-party secure computing system, the data source initialization function in the preset development kit is called, and after the data source of the data party is registered in the multi-party secure computing system by executing the data source initialization function, the method further includes:

receiving a task processing instruction aiming at a multi-party safe computing task;

and responding to the task processing instruction, and executing the task processing instruction by calling a second interface function in the preset development kit.

Optionally, the task processing instruction includes a task issuing instruction, the second interface function includes a task issuing function, and the executing the task processing instruction by calling the second interface function in the preset development kit in response to the task processing instruction includes:

and responding to the task issuing instruction, sending a multi-party safety computing task to the multi-party safety computing system by calling a task issuing function in the preset development kit, and triggering the multi-party safety computing system to execute the multi-party safety computing task.

Optionally, the task processing instruction further includes at least one of a task modification instruction, a task deletion instruction, a task suspension instruction, a result analysis instruction, and a fault repair instruction; the second interface function further comprises at least one of a task modification function, a task deletion function, a task termination function, a result analysis function, and a fault repair function.

In another aspect, an embodiment of the present invention discloses a data processing apparatus, where the apparatus includes:

the data source registration module is used for calling a data source initialization function in a preset development kit and registering the data source of the data party in the multi-party security computing system by executing the data source initialization function, and the preset development kit also comprises a data processing function for realizing data interaction between the data party and the multi-party security computing system;

the data processing request receiving module is used for receiving a data processing request sent by the multi-party security computing system aiming at a data source of the data party;

and the data processing request response module is used for responding to the data processing request and executing data processing operation by calling the data processing function in the preset development kit.

Optionally, the data processing request carries identity information of a data source, and the data processing request response module includes:

the information comparison submodule is used for responding to the data processing request and comparing the identity information carried by the data processing request with the data source identification of the data party;

and the data processing submodule is used for executing the data processing operation by calling a data processing function in the preset development kit if the data source identification of the data party is matched with the identity information carried by the data processing request.

Optionally, the data processing request includes a data obtaining request, and the data processing sub-module includes:

and the data encryption unit is used for encrypting the target data in the data source by calling a first data processing function and sending the encrypted target data to the multi-party secure computing system.

Optionally, the data processing request includes a result output request, and the data processing sub-module includes:

the execution result monitoring unit is used for monitoring whether the execution result of the multi-party safety computing task exists in the multi-party safety computing system or not by calling a second data processing function;

the execution result acquisition unit is used for acquiring the execution result of the multi-party safety calculation task if the execution result of the multi-party safety calculation task is monitored to exist;

and the execution result decryption unit is used for decrypting the acquired execution result and outputting the decrypted execution result in the data side.

Optionally, the preset development kit further includes a first interface function for configuring a data processing function, and the apparatus further includes:

the development language determining module is used for determining the development languages supported by the data side;

and the data processing function configuration module is used for calling a first interface function in the preset development kit according to the development language and configuring a data processing function in the preset development kit.

Optionally, the data source registration module includes:

the network connection establishing submodule is used for establishing network connection between the data party and the multi-party security computing system by calling a data source initialization function of the preset development kit;

a registration request sending submodule, configured to send a data source registration request to the multi-party secure computing system based on the network connection, so that the multi-party secure computing system performs a registration operation on a data source of the data party based on the data source registration request.

Optionally, the preset development kit further includes a second interface function for implementing task control interaction between the data party and the multi-party secure computing system, and the apparatus further includes:

the task processing instruction receiving module is used for receiving a task processing instruction aiming at the multi-party safety computing task;

and the task processing instruction execution module is used for responding to the task processing instruction and executing the task processing instruction by calling a second interface function in the preset development kit.

Optionally, the task processing instruction includes a task issuing instruction, the second interface function includes a task issuing function, and the task processing instruction execution module includes:

and the task issuing instruction execution submodule is used for responding to the task issuing instruction, sending a multi-party safety computing task to the multi-party safety computing system by calling a task issuing function in the preset development kit, and triggering the multi-party safety computing system to execute the multi-party safety computing task.

In yet another aspect, an embodiment of the present invention discloses an apparatus for data processing, including a memory, and one or more programs, where the one or more programs are stored in the memory, and configured to be executed by the one or more processors includes instructions for:

Optionally, also included in the preset development kit is a first interface function for configuring a data processing function, the apparatus being further configured to execute the one or more programs by one or more processors including instructions for:

determining a development language supported by the data side;

Optionally, also included in the preset development kit is a second interface function for enabling task control interaction between a data party and a multi-party secure computing system, the apparatus being further configured to execute the one or more programs by the one or more processors including instructions for:

In yet another aspect, an embodiment of the invention discloses a machine-readable medium having stored thereon instructions, which, when executed by one or more processors, cause an apparatus to perform a data processing method as described in one or more of the preceding.

The embodiment of the invention has the following advantages:

the embodiment of the invention encapsulates a preset development kit in advance, the preset development kit is encapsulated with a data source initialization function, and the data source of a data party can be registered in a multi-party security computing system by calling the data source initialization function, so that the multi-party security computing system can interact with the data source of the registered data party to operate data in the data source. In the embodiment of the invention, under the condition of receiving the data processing request sent by the multi-party security computing system aiming at the data source of the data party, the data processing operation can be executed by calling the data processing function in the preset development kit in response to the data processing request, so as to realize the data interaction between the data party and the multi-party security computing system. The embodiment of the invention can register the data source in the multi-party security system by calling the data source initialization component in the preset development kit, and a user does not need to develop a complex data source access component, thereby simplifying the registration operation step of accessing the data source to the multi-party security computing system; in addition, the embodiment of the invention can also realize the data interaction operation between the data party and the multi-party security computing system by calling the data processing function in the preset development kit, and does not need a user to develop the complex logic of the data interaction between the data party and the multi-party security computing system, thereby reducing the operation complexity of data processing and improving the data processing efficiency.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments of the present invention will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without inventive labor.

FIG. 1 is a flow chart of the steps of one data processing method embodiment of the present invention;

FIG. 2 is an interactive schematic of a data processing system of the present invention;

FIG. 3 is a block diagram of an embodiment of a data processing apparatus according to the present invention;

FIG. 4 is a block diagram of an apparatus 800 for data processing of the present invention;

fig. 5 is a schematic diagram of a server in some embodiments of the invention.

Detailed Description

The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

Method embodiment

Referring to fig. 1, a flowchart illustrating steps of an embodiment of a data processing method according to the present invention is shown, where the method may specifically include the following steps:

step 101, calling a data source initialization function in a preset development kit, and registering a data source of the data party in the multi-party security computing system by executing the data source initialization function, wherein the preset development kit further comprises a data processing function for realizing data interaction between the data party and the multi-party security computing system.

Step 102, receiving a data processing request sent by the multi-party secure computing system for a data source of the data party.

And 103, responding to the data processing request, and executing data processing operation by calling a data processing function in the preset development kit.

The embodiment of the invention provides a data processing method which can be applied to a data side. Through the embodiment of the invention, the data interaction operation between the data side and the MPC system can be simplified. The data party may be a mobile terminal, such as a mobile phone, a tablet computer, a notebook computer, a palmtop computer, a vehicle-mounted electronic device, a wearable device, a UMPC (ultra-mobile personal computer), a netbook, a PDA (personal digital assistant), or the like, or the electronic device may also be a non-mobile electronic device such as a server, a NAS (network attached storage), a PC (personal computer), a TV (television), a teller machine, or a self-service machine, and the embodiments of the present invention are not particularly limited.

The embodiment of the invention encapsulates a preset development kit in advance, wherein the preset development kit can be configured in a data side and is encapsulated by technical personnel according to the interactive logic between a data source of the data side and an MPC system. The functions encapsulated in the preset development kit include, but are not limited to, data source initialization functions, data processing functions, and interface functions. The data source initialization function is used for registering a data source of a data party to the MPC system, the data processing function is used for triggering the data party to perform data interaction with the MPC system and executing data processing operation, and the interface function is used for receiving and executing instructions sent by a user or other modules and realizing the interaction between the data party and the user or other modules.

It should be noted that, the data processing function in the embodiment of the present invention is encapsulated in a preset development kit, and the configured data processing function does not need to be oriented to a user, and a data party automatically calls a corresponding data processing function to perform a data processing operation in a data processing process.

Referring to fig. 2, an interaction diagram of a data processing system according to an embodiment of the present invention is shown. As shown in fig. 2, the preset development kit is configured in the data side, and the user performs an interactive operation with the preset development kit through a user interface provided by the preset development kit, for example, based on the user interface, calls a data source initialization function in the preset development kit, and registers a data source of the data side in the MPC system; or, the data side is used as a task publisher of the multi-party safety calculation task, the multi-party safety calculation task is submitted to a preset development kit based on a user interface, the multi-party safety calculation task is sent to the MPC system by the preset development kit, and the MPC system is triggered to execute the multi-party safety calculation task; or, the data side can also be used as a result acquirer for multi-party security calculation tasks, and based on a user interface, acquire result data acquired from the MPC system by automatically calling corresponding data processing functions by a preset development kit, and the like. The interaction process between the data party and the MPC system is executed by a preset development kit, and the specific interaction process is shielded when facing users.

In the data processing method provided by the embodiment of the invention, a user does not need to pay attention to specific interactive logic between a data side and an MPC system. In the embodiment of the invention, the complex interactive logic of the data party and the MPC system is encapsulated by the preset development kit, so that a user can register the data source of the data party into the MPC system only by calling the data source initialization function in the preset development kit, and the user does not need to manually develop a complex data source access component, thereby simplifying the registration process of accessing the data source into the MPC system.

Taking the interaction schematic diagram of the data processing system shown in fig. 2 as an example, the specific implementation process of the data processing method provided by the embodiment of the present invention is as follows:

when a data party needs to be accessed into the MPC system and performs data processing operation through interactive cooperation with the MPC system, a data source initialization function in a preset development kit is called, and the data source of the data party is registered in the MPC system by executing the data source initialization function. Specifically, the data side sends the identity information of the data source to the MPC system by calling the data source initialization function. The MPC system receives the identity information of the data source of the data party and stores the identity information of the data source so as to perform task configuration according to the stored identity information of each data source when executing the multi-party secure computation task. The identity information of the data source may be an identity number of the data source, a URL (Uniform resource locator) of the data source, and the like.

It should be noted that, after the data party successfully registers its data source in the MPC system, the data party serves as a data node in the MPC system, receives management and control of a control node in the MPC system, and may cooperate with a compute node in the MPC system to perform a multi-party secure computation task. As shown in fig. 2, in the embodiment of the present invention, since the data party does not directly interact with the MPC system, but interacts with the MPC system by calling the function in the preset development kit, after the data party successfully accesses the MPC system, no matter the data party interacts with the control node or interacts with the computing node, a specific interaction operation is implemented based on the corresponding function in the preset development kit.

After the data side successfully registers the data source thereof in the MPC system, the data side can interact with the MPC system, including receiving a data processing request sent by the MPC system. And after receiving the data processing request, the data side responds to the data processing request and calls a data processing function in a preset development kit to perform data processing operation. It should be noted that the calling operation of the data processing function in the preset development kit is automatically triggered by the data party after receiving the data processing request, and does not need user participation. The data side automatically analyzes the received data processing request by calling a data processing function in a preset development kit, and automatically executes corresponding data processing operations, such as: encrypting the target data and sending the encrypted target data to the MPC system; or monitoring the execution state of the MPC system for the multi-party security computing task, and automatically acquiring the execution result, and the like.

In the embodiment of the invention, the complex interactive logic of the data party and the MPC system is packaged by the preset development kit, so that a user can register the data source of the data party into the MPC system only by calling the data source initialization function in the preset development kit, and the user does not need to manually develop a data source access component, thereby simplifying the registration process of accessing the data source into the MPC system; in addition, the embodiment of the invention can also realize the data interaction operation between the data party and the multi-party security computing system by calling the data processing function in the preset development kit without the need of a user to develop the complex logic of the data interaction between the data party and the multi-party security computing system, thereby reducing the operation complexity of data processing based on the data source of the data party and improving the data processing efficiency.

In an optional embodiment of the present invention, the data processing request carries identity information of a data source, and the step 103, in response to the data processing request, performs a data processing operation by calling a data processing function in the preset development kit, where the data processing operation includes:

step S11, responding to the data processing request, and comparing the identity information carried by the data processing request with the data source identification of the data party;

step S12, if the data source identifier of the data party matches the identity information carried in the data processing request, then a data processing operation is performed by calling a data processing function in the preset development kit.

The MPC system comprises a control node, a computing node and a data node. After the MPC system receives the multi-party security calculation task, the control node analyzes the received multi-party security calculation task, and determines target data, calculation nodes, data sources corresponding to the target data, data parties for acquiring execution results of the multi-party security calculation task and the like, which are required by the multi-party security calculation task. Specifically, after the MPC system determines that target data required for executing the multiparty security computing task, a data source corresponding to the target data, and a data party acquiring an execution result of the multiparty security computing task are well executed, the MPC system may send a data processing request to the corresponding data party to trigger the corresponding data party to perform data processing operations, such as providing the target data, acquiring the execution result, and outputting the execution result.

It should be noted that the data processing request sent by the MPC system carries identity information of the data source, so that after the data processing request is received by the data party, the received identity information of the data source is compared with the data source identifier of the data party, and whether the received data processing request is a data processing request corresponding to the data source of the data party is determined. If the data source identification of the data side is matched with the identity information carried by the data processing request, it indicates that the received data processing request is for the data source of the data side, and in this case, the data side directly calls a data processing function in the preset development kit to perform a data processing operation. For example, by calling a first data processing function, providing target data to the MPC system; or acquiring the execution result of the multi-party safety calculation task from the MPC system by calling a second data processing function.

In the embodiment of the present invention, after analyzing the received multi-party secure computing task, the MPC system may generate task configuration information according to the determined target data, the computing nodes, the data source corresponding to the target data, the data party obtaining the execution result of the multi-party secure computing task, and the like, and determine the task allocation condition corresponding to each node in the MPC system in the process of executing the multi-party secure computing task according to the task configuration information. Wherein, each node in the MPC system comprises a data side accessing to the MPC system. The task configuration information is generated by a control node in the MPC system. Specifically, the control node analyzes the received multiparty security computing task and generates task configuration information about the multiparty security computing task. The task configuration information generated by the control node may be a task configuration list, as shown in table 1, which shows a task configuration list according to an embodiment of the present invention:

TABLE 1

Data source identification	Data set information	Name of data
			DS1	Data characteristics 1	Object data 1
DS2	Data characteristics 2	Object data 2
			DS3	Data characteristics 3	Object data 3

Table 1 shows a task configuration list for a data source, which includes a data source identifier of the data source to which the target data belongs, data set information corresponding to the target data, and a data name of the target data. The data source identifier may be an identity identifier of the data source, a data source URL, or the like, as long as the unique identity information of the data source can be reflected, which is not specifically limited in the embodiment of the present invention. The data characteristics of the data set information used for characterizing the target data may be a descriptive language for the target data, or may be conditions that the target data needs to satisfy, for example: cars with a speed of more than 40 km per hour, a data security level less than a preset level, and so on. The data name may be determined according to the data category of the target data, for example, for a "car with a speed of more than 40 km/h" as the data set information, the data name of the target data may be "car license plate number". The embodiment of the present invention is not further limited to the specific determination method of the data name.

In addition to the task configuration list related to the target data as shown in table 1, the task configuration list may also be related to the execution result of the multiparty secure computing task, and the task configuration list may include the identity corresponding to the data party that obtains the execution result, the task identity corresponding to the multiparty secure computing task that is to be obtained and the execution result, and the data name of the execution result.

After generating the task configuration information, the MPC system may send a data processing request to the corresponding data party according to the task configuration information, for example, send a data processing request for the target data 1 to the data party to which the data source DS1 belongs and send a data processing request for the target data 2 to the data source DS2 according to the task configuration list shown in table 1. The MPC system can also send data processing requests to each data party accessing the system, and after receiving the data processing requests, the data party obtains task configuration information in the MPC system and executes corresponding data processing operations according to the task configuration information. For example, after a data side to which the data source DS1 belongs receives a data processing request, a task configuration list shown in table 1 stored in the MPC system is obtained, and it is known from the task configuration list that it is necessary for the data source DS1 to provide data set information as target data 1 of the data feature 1, then the data side invokes a corresponding data processing function to encrypt the target data 1, and sends the encrypted target data 1 to the MPC system, so that the MPC system performs a multi-party secure computation task according to the received target data.

In an optional embodiment of the present invention, the data processing request includes a data obtaining request, and the performing, at step S12, the data processing operation by calling a data processing function in the preset development kit includes:

In the embodiment of the present invention, the data processing request is used to trigger data processing operations related to target data required by the multi-party secure computing task, result data of the multi-party secure computing task, and the like, including a data obtaining request, a result outputting request, and the like. And the data processing requests correspond to the data processing functions one to one. For the data processing request sent by the MPC system, the data side can perform the data processing operation by calling the corresponding data processing function in the preset development kit.

It should be noted that the data acquisition request is sent by the MPC system after determining the target data required for performing the multi-party secure computation task, and is used for acquiring the target data from the data source of the data party. Since plaintext data is stored in the data source of the data side, ciphertext data is transmitted in the MPC system in order to prevent data leakage, when the data side receives a data acquisition request sent by the MPC system, target data in the data source is encrypted by calling a first data processing function, and the encrypted target data is sent to the MPC system. The first data processing function may be a DataReader function, or may adopt other functions as long as the function of the first data processing function in the embodiment of the present invention can be implemented: and encrypting the target data in the data source and sending the encrypted target data to the multi-party secure computing system.

Specifically, the data side may encrypt target data defined in the task configuration information according to task configuration information generated by the MPC system, such as the task configuration table shown in table 1, and send the encrypted target data to the compute node in the MPC system, where the compute node performs multi-party secure computation according to the encrypted target data.

In the process of providing the target data to the MPC, the data side automatically calls the corresponding first data processing function to encrypt the target data according to the received data acquisition request and sends the encrypted target data to the MPC system, so that a user does not need to execute any operation, and does not need to perceive complex data processing processes such as a specific acquisition process of the target data, an encryption process of the target data and the like, the operation flow of data processing is simplified, and the data processing efficiency is improved.

In an optional embodiment of the present invention, the data processing request includes a result output request, and the performing, at step S12, the data processing operation by calling a data processing function in the preset development kit includes:

substep S121, monitoring whether an execution result of the multiparty security computing task exists in the multiparty security computing system by calling a second data processing function;

step S122, if the execution result of the multi-party safety calculation task is monitored to exist, the execution result of the multi-party safety calculation task is obtained;

and a substep S123 of performing decryption processing on the obtained execution result, and outputting the decrypted execution result in the data side.

The result data output request is sent after the MPC system analyzes the multi-party security computation task and determines a data party acquiring the execution result, and is used for triggering the data party to acquire and output the execution result of the multi-party security computation task. And after receiving a result output request aiming at the multi-party safety calculation task, the data party calls a second data processing function corresponding to the result output request, and continuously pulls and outputs an execution result of the multi-party safety calculation task. Specifically, the data side calls a second data processing function to monitor whether the execution result of the multi-party security calculation task exists in the MPC system, and once the execution result of the multi-party security calculation task exists in the MPC system is monitored, the execution result of the multi-party security calculation task is obtained from the MPC system. Because the MPC system directly performs multi-party secure computation according to the ciphertext data, the generated execution result is also in an encrypted form, so as to avoid that the execution result is tampered in the data transmission process to cause the inaccuracy of the execution result obtained by the data party. Therefore, after the data side acquires the execution result, it needs to further decrypt the acquired execution result and then output the decrypted execution result.

The MPC system can support a plurality of different cryptograph calculation protocols, execute multi-party safe calculation according to different cryptograph calculation protocols, and obtain execution results with different encryption modes. Therefore, in order to meet the requirement of the MPC system for executing multi-party secure computation for multiple ciphertext computation protocols, the preset development kit in the embodiment of the present invention may perform corresponding encryption and decryption operations on plaintext data for different ciphertext computation protocols. After the data side obtains the execution result corresponding to the multi-party safety calculation task by calling the second data processing function, a ciphertext calculation protocol adopted by the MPC system for executing the multi-party safety calculation task is further determined, the obtained execution result is decrypted according to the ciphertext calculation protocol corresponding to the multi-party safety calculation task, and then the decrypted execution result is output.

It should be noted that, in the embodiment of the present invention, the monitoring whether the MPC system has the execution result of the multi-party secure computing task in the substeps S121 to 123, obtaining the execution result of the multi-party secure computing task, decrypting the obtained execution result, and outputting the decrypted execution result in the data party is automatically implemented by the data party by calling the second data processing function, so that the user is not required to perform task operations, and the user is not required to perceive a complicated decryption process, thereby simplifying the step of obtaining the execution result, and improving the efficiency of outputting the execution result. The second data processing function may be a DataWriter, or may be another data processing function, as long as each function of the second data processing function can be implemented in the embodiment of the present invention.

In an optional embodiment of the present invention, the preset development kit further includes a first interface function for configuring a data processing function, the step 101 calls a data source initialization function in the preset development kit, and before registering a data source of the data party in the multi-party secure computing system by executing the data source initialization function, the method further includes:

step S21, determining the development language supported by the data side;

step S22, calling a first interface function in the preset development kit according to the development language, and configuring a data processing function in the preset development kit.

In the preset development kit of the embodiment of the present invention, in addition to the data source initialization function and the data processing function, various user-oriented interface functions are included for receiving and executing a user instruction. The interface function can be divided into a first interface function for configuring a data processing function and a second interface function for realizing task control interaction between a data party and the multi-party security computing system according to different realization functions.

In the embodiment of the invention, when the data processing operation corresponding to the data processing request is executed, the data side directly calls the corresponding data processing function, and the user does not need to execute any operation. However, before the data side registers the data source to the MPC system, the user is required to configure the data processing functions in the data side's pre-configured development kit based on the first interface function. Only the data side configured with the data processing function can directly call the data processing function to execute the data processing operation when receiving the data processing request.

Specifically, the development language supported by the data side, such as Python language, C language, etc., is first determined. Then, calling a corresponding first interface function in the preset development kit according to the development language, and configuring a data processing function in the preset development kit through the first interface function. The preset development kit in the embodiment of the invention can support multiple development languages, so that the configuration requirements of multiple data parties supporting different development languages can be met.

The user can configure the execution object of the data processing function, implement the function, and the like based on the first interface function. For example, based on the first interface function: an onRead function, which configures specific implementation parameters of the first data processing function, such as a data source identifier of a data party, data information included in a data source, and the like; it may also be based on the first interface function: and the onWrite function configures specific implementation parameters of the second data processing function, such as task identification of a multi-party security computing task needing to acquire an execution result, data source identification of data meal and the like. The configured data processing function is packaged in a preset development kit and is automatically called by a data party when a corresponding data processing request is received so as to execute data processing operation.

Compared with the prior art, the method and the device have the advantages that the user needs to manually develop the complete interaction function of the data party and the MPC system, in the embodiment of the invention, the user only needs to configure the specific implementation parameters of the bookkeeping processing function based on the first interface in the preset development kit, the user does not need to develop a complex interaction function, the development difficulty is reduced, the operation steps of interaction between the data party and the MPC system are simplified, and the interaction efficiency between the data party and the MPC system is improved.

In an optional embodiment of the present invention, the invoking a data source initialization function in the preset development kit in step 101, registering a data source of the data party in the multi-party secure computing system by executing the data source initialization function, includes:

step S31, establishing the network connection between the data party and the multi-party security computing system by calling the data source initialization function of the preset development kit;

step S32, sending a data source registration request to the multi-party secure computing system based on the network connection, so that the multi-party secure computing system performs a registration operation on the data source of the data party based on the data source registration request.

In the embodiment of the invention, when a data party needs to access to the MPC system and performs data processing operation through interactive cooperation with the MPC system, a data source initialization function in a preset development kit is called, and the data source of the data party is registered in the MPC system by executing the data source initialization function. Specifically, the data side establishes a network connection between the data side and the MPC system by calling a data source initialization function in a preset development kit, and then sends a data source registration request to the MPC system based on the network connection. The MPC system executes registration operation to the data source of the data side according to the received data source registration request.

Specifically, the data source registration request sent by the data party may carry information such as identity information of the data source, and data characteristics of each item of data included in the data source. After receiving the data source registration request, the MPC system may store the identity information of the data source and the data characteristic information of each item of data included in the data source in a preset data source information record file. The identity information of the data source corresponds to the data characteristic information of each item of data contained in the data source one to one. Therefore, after receiving the multi-party security calculation task, the MPC system can determine the data source corresponding to the target data according to the stored data source information record file, and thereby send a data acquisition request to the data source corresponding to the target data to acquire the required target data.

In an optional embodiment of the present invention, the preset development kit further includes a second interface function for implementing task control interaction between the data party and the multi-party secure computing system, the step 101 calls a data source initialization function in the preset development kit, and after the data source of the data party is registered in the multi-party secure computing system by executing the data source initialization function, the method further includes:

step S41, receiving a task processing instruction aiming at the multi-party safe computing task;

and step S42, responding to the task processing instruction, and executing the task processing instruction by calling a second interface function in the preset development kit.

In an embodiment of the present invention, the pre-set development kit further comprises a second interface function for implementing task control interaction between the data party and the multi-party secure computing system. And the data side receives a task processing instruction aiming at the multi-party safe computing task and executes the task processing instruction by calling a corresponding second interface function. The task processing instruction may be sent by a user through execution of a preset operation, or may be triggered by another module of the data side when a trigger condition of the task processing instruction is met.

It should be noted that each task processing instruction corresponds to a second interface function, and when the data party receives the task processing instruction for the multi-party secure computation task, the corresponding second interface function is called to execute the task processing instruction.

The response process to the data processing request does not need any operation performed by a user, and is different from the process that the data processing request is sent by the MPC system; the task processing instruction can be sent by a user or other modules, and when the data side responds to the task processing instruction, the corresponding second interface function can be manually called by the user, or the corresponding second interface function can be automatically called by the data side according to the preset corresponding relation between the task processing instruction and the second interface function. However, no matter the data processing request is responded or the task processing instruction is responded, the user does not need to pay attention to the specific interactive logic of the data party and the MPC system, the specific interactive process is automatically realized by calling a corresponding function, the user does not need to manually edit the data source access component according to the complex interactive logic of the data party and the MPC system so as to realize the interactive operation between the data source of the data party and the MPC system, and the interactive operation steps between the data party and the MPC system are simplified.

In an optional embodiment of the present invention, the task processing instruction includes a task issuing instruction, the second interface function includes a task issuing function, and the step S42, in response to the task processing instruction, executing the task processing instruction by calling the second interface function in the preset development kit includes:

In the embodiment of the invention, the task processing instruction is a processing instruction aiming at a multi-party security computing task and comprises a task issuing instruction. And presetting a second interface function corresponding to the task issuing instruction in the development kit as a task issuing function. When a data side receives a task issuing instruction aiming at the multi-party safety calculation task, a task issuing function in a preset development kit is called, the multi-party safety calculation task is sent to the MPC system, and the MPC system is triggered to execute the multi-party safety calculation task. The task issuing instruction can carry information such as task identification, task description and the like of the multi-party secure computing task. The data side sends information such as task identification, task description and the like of the multi-party safe computing task to the MPC system through the calling task issuing function, the MPC system generates task configuration information according to the received information such as the task identification, the task description and the like, and the control node coordinates the computing node in the MPC system and the data side accessed into the MPC system to execute the multi-party safe computing task.

In an optional embodiment of the present invention, the task processing instruction further includes at least one of a task modification instruction, a task deletion instruction, a task suspension instruction, a result analysis instruction, and a fault repair instruction; the second interface function further comprises at least one of a task modification function, a task deletion function, a task termination function, a result analysis function, and a fault repair function.

In the embodiment of the invention, the data side can receive other task processing instructions besides the task issuing instruction, and executes the task processing instruction by calling the corresponding second interface function.

For example, the task modification instruction is used for modifying task content of the multi-party secure computing task, and when the data party receives the task modification instruction, the task modification function corresponding to the task modification instruction is called to execute the task modification instruction. The task deleting instruction is used for deleting the multi-party safety computing task in the MPC system, and after the MPC system receives the multi-party safety computing task, the multi-party safety computing task and various information corresponding to the multi-party safety computing task, such as an execution record, an execution state and the like, are recorded. And if the data side receives the task deleting instruction, deleting various information corresponding to the multi-party safety computing task indicated by the task deleting instruction in the MPC system by calling a task deleting function. The task suspension instruction is used for suspending the multi-party secure computing task being executed in the MPC system, and when the data party receives the task suspension instruction, the execution process of the multi-party secure computing task indicated by the task suspension instruction is suspended in the MPC system by calling a task suspension function. Of course, the data side may also restart the suspended multi-party secure computing task in the MPC system by calling the task restart function in the case of receiving the task restart instruction. And the result analysis instruction is used for further analyzing the execution result after acquiring the execution result of the multi-party security calculation task and executing other data processing tasks. Alternatively, the user may configure the result analysis function according to the data processing operation performed on the execution result, and perform the data processing operation based on the execution result by calling the result analysis function when the data side receives the result analysis instruction. The fault repairing instruction is used for repairing the fault when the fault occurs in the execution process of the multi-party safety calculation task, and a user can configure a fault repairing function according to the fault type and the specific fault modifying operation, so that the data party can repair the fault occurring in the MPC system by calling the fault repairing function when receiving the fault modifying instruction.

In the embodiment of the invention, each task processing instruction aiming at the multi-party safe computing task can be realized by calling the corresponding second interface function, a user does not need to pay attention to the complex interaction logic between the data party and the MPC system, and the task processing efficiency is improved.

In summary, the embodiments of the present invention provide a data processing method, which can pre-encapsulate a preset development kit, where the preset development kit is encapsulated with a data source initialization function, and can register a data source of a data party in a multi-party security computing system by calling the data source initialization function, so that the multi-party security computing system can interact with the data source of the registered data party to operate data in the data source. In the embodiment of the invention, under the condition of receiving the data processing request sent by the multi-party security computing system aiming at the data source of the data party, the data processing operation can be executed by calling the data processing function in the preset development kit in response to the data processing request, so as to realize the data interaction between the data party and the multi-party security computing system. The embodiment of the invention can register the data source in the multi-party security system by calling the data source initialization component in the preset development kit, and a user does not need to develop a complex data source access component, thereby simplifying the registration operation step of accessing the data source to the multi-party security computing system; in addition, the embodiment of the invention can also realize the data interaction operation between the data party and the multi-party security computing system by calling the data processing function in the preset development kit, and does not need a user to develop the complex logic of the data interaction between the data party and the multi-party security computing system, thereby reducing the operation complexity of data processing and improving the data processing efficiency.

It should be noted that, for simplicity of description, the method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the illustrated order of acts, as some steps may occur in other orders or concurrently in accordance with the embodiments of the present invention. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred and that no particular act is required to implement the invention.

Device embodiment

Referring to fig. 3, a block diagram of a data processing apparatus according to an embodiment of the present invention is shown, where the apparatus may specifically include:

a data source registration module 201, configured to invoke a data source initialization function in a preset development kit, and register a data source of the data party in the multi-party security computing system by executing the data source initialization function, where the preset development kit further includes a data processing function for implementing data interaction between the data party and the multi-party security computing system;

a data processing request receiving module 202, configured to receive a data processing request sent by the multi-party secure computing system for a data source of the data party;

and the data processing request responding module 203 is configured to respond to the data processing request and perform a data processing operation by calling a data processing function in the preset development kit.

Optionally, the data processing request carries identity information of a data source, and the data processing request response module 203 includes:

Optionally, the data source registration module 201 includes:

In summary, the embodiment of the present invention provides a data processing apparatus, which may encapsulate a preset development kit in advance, where the preset development kit is encapsulated with a data source initialization function, and may register a data source of a data party in a multi-party secure computing system by calling the data source initialization function, so that the multi-party secure computing system may interact with the data source of the registered data party to operate data in the data source. In the embodiment of the invention, under the condition of receiving the data processing request sent by the multi-party security computing system aiming at the data source of the data party, the data processing operation can be executed by calling the data processing function in the preset development kit in response to the data processing request, so as to realize the data interaction between the data party and the multi-party security computing system. The embodiment of the invention can register the data source in the multi-party security system by calling the data source initialization component in the preset development kit, and a user does not need to develop a complex data source access component, thereby simplifying the registration operation step of accessing the data source to the multi-party security computing system; in addition, the embodiment of the invention can also realize the data interaction operation between the data party and the multi-party security computing system by calling the data processing function in the preset development kit, and does not need a user to develop the complex logic of the data interaction between the data party and the multi-party security computing system, thereby reducing the operation complexity of data processing and improving the data processing efficiency.

For the device embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, refer to the partial description of the method embodiment.

The embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.

With regard to the apparatus in the above-described embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be elaborated here.

An embodiment of the present invention provides an apparatus for data processing, applied to a data side, the apparatus comprising a memory, and one or more programs, wherein the one or more programs are stored in the memory, and the one or more programs configured to be executed by the one or more processors include instructions for: calling a data source initialization function in a preset development kit, and registering a data source of the data party in the multi-party security computing system by executing the data source initialization function, wherein the preset development kit also comprises a data processing function for realizing data interaction between the data party and the multi-party security computing system; receiving a data processing request sent by the multi-party secure computing system aiming at a data source of the data party; and responding to the data processing request, and executing data processing operation by calling a data processing function in the preset development kit.

Fig. 4 is a block diagram illustrating an apparatus 800 for data processing in accordance with an example embodiment. For example, the apparatus 800 may be a mobile phone, a computer, a digital broadcast terminal, a messaging device, a game console, a tablet device, a medical device, an exercise device, a personal digital assistant, and the like.

Referring to fig. 4, the apparatus 800 may include one or more of the following components: processing component 802, memory 804, power component 806, multimedia component 808, audio component 810, input/output (I/O) interface 812, sensor component 814, and communication component 816.

The processing component 802 generally controls overall operation of the device 800, such as operations associated with display, telephone calls, data communications, camera operations, and recording operations. The processing elements 802 may include one or more processors 820 to execute instructions to perform all or a portion of the steps of the methods described above. Further, the processing component 802 can include one or more modules that facilitate interaction between the processing component 802 and other components. For example, the processing component 802 can include a multimedia module to facilitate interaction between the multimedia component 808 and the processing component 802.

The memory 804 is configured to store various types of data to support operation at the device 800. Examples of such data include instructions for any application or method operating on device 800, contact data, phonebook data, messages, pictures, videos, and so forth. The memory 804 may be implemented by any type or combination of volatile or non-volatile memory devices such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disks.

Power components 806 provide power to the various components of device 800. The power components 806 may include a power management system, one or more power supplies, and other components associated with generating, managing, and distributing power for the apparatus 800.

The multimedia component 808 includes a screen that provides an output interface between the device 800 and a user. In some embodiments, the screen may include a Liquid Crystal Display (LCD) and a Touch Panel (TP). If the screen includes a touch panel, the screen may be implemented as a touch screen to receive an input signal from a user. The touch panel includes one or more touch sensors to sense touch, slide, and gestures on the touch panel. The touch sensor may not only sense the boundary of a touch or slide action, but also detect the duration and pressure associated with the touch or slide operation. In some embodiments, the multimedia component 808 includes a front facing camera and/or a rear facing camera. The front-facing camera and/or the rear-facing camera may receive external multimedia data when the device 800 is in an operating mode, such as a shooting mode or a video mode. Each front camera and rear camera may be a fixed optical lens system or have a focal length and optical zoom capability.

The audio component 810 is configured to output and/or input audio signals. For example, the audio component 810 includes a Microphone (MIC) configured to receive external audio signals when the apparatus 800 is in an operational mode, such as a call mode, a recording mode, and a voice information processing mode. The received audio signals may further be stored in the memory 804 or transmitted via the communication component 816. In some embodiments, audio component 810 also includes a speaker for outputting audio signals.

The I/O interface 812 provides an interface between the processing component 802 and peripheral interface modules, which may be keyboards, click wheels, buttons, etc. These buttons may include, but are not limited to: a home button, a volume button, a start button, and a lock button.

The sensor assembly 814 includes one or more sensors for providing various aspects of state assessment for the device 800. For example, the sensor assembly 814 may detect the open/closed state of the device 800, the relative positioning of the components, such as a display and keypad of the apparatus 800, the sensor assembly 814 may also detect a change in position of the apparatus 800 or a component of the apparatus 800, the presence or absence of user contact with the apparatus 800, orientation or acceleration/deceleration of the apparatus 800, and a change in temperature of the apparatus 800. Sensor assembly 814 may include a proximity sensor configured to detect the presence of a nearby object without any physical contact. The sensor assembly 814 may also include a light sensor, such as a CMOS or CCD image sensor, for use in imaging applications. In some embodiments, the sensor assembly 814 may also include an acceleration sensor, a gyroscope sensor, a magnetic sensor, a pressure sensor, or a temperature sensor.

The communication component 816 is configured to facilitate communications between the apparatus 800 and other devices in a wired or wireless manner. The device 800 may access a wireless network based on a communication standard, such as WiFi, 2G or 3G, or a combination thereof. In an exemplary embodiment, the communication component 816 receives a broadcast signal or broadcast related information from an external broadcast management system via a broadcast channel. In an exemplary embodiment, the communication component 816 further includes a Near Field Communication (NFC) module to facilitate short-range communications. For example, the NFC module may be implemented based on radio frequency information processing (RFID) technology, infrared data association (IrDA) technology, Ultra Wideband (UWB) technology, Bluetooth (BT) technology, and other technologies.

In an exemplary embodiment, the apparatus 800 may be implemented by one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DSPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), controllers, micro-controllers, microprocessors or other electronic components for performing the above-described methods.

In an exemplary embodiment, a non-transitory computer-readable storage medium comprising instructions, such as the memory 804 comprising instructions, executable by the processor 820 of the device 800 to perform the above-described method is also provided. For example, the non-transitory computer readable storage medium may be a ROM, a Random Access Memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like.

Fig. 5 is a schematic diagram of a server in some embodiments of the invention. The server 1900 may vary widely by configuration or performance and may include one or more Central Processing Units (CPUs) 1922 (e.g., one or more processors) and memory 1932, one or more storage media 1930 (e.g., one or more mass storage devices) storing applications 1942 or data 1944. Memory 1932 and storage medium 1930 can be, among other things, transient or persistent storage. The program stored in the storage medium 1930 may include one or more modules (not shown), each of which may include a series of instructions operating on a server. Still further, a central processor 1922 may be provided in communication with the storage medium 1930 to execute a series of instruction operations in the storage medium 1930 on the server 1900.

The server 1900 may also include one or more power supplies 1926, one or more wired or wireless network interfaces 1950, one or more input-output interfaces 1958, one or more keyboards 1956, and/or one or more operating systems 1941, such as Windows Server, MacOSXTM, UnixTM, LinuxTM, FreeBSDTM, etc.

A non-transitory computer-readable storage medium in which instructions, when executed by a processor of an apparatus (server or terminal), enable the apparatus to perform the data processing method shown in fig. 1.

A non-transitory computer readable storage medium in which instructions, when executed by a processor of an apparatus (server or terminal), enable the apparatus to perform a data processing method, the method comprising: calling a data source initialization function in a preset development kit, and registering a data source of the data party in the multi-party security computing system by executing the data source initialization function, wherein the preset development kit also comprises a data processing function for realizing data interaction between the data party and the multi-party security computing system; receiving a data processing request sent by the multi-party secure computing system aiming at a data source of the data party; and responding to the data processing request, and executing data processing operation by calling a data processing function in the preset development kit.

Other embodiments of the invention will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This invention is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the invention and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the invention being indicated by the following claims.

It will be understood that the invention is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the invention is limited only by the appended claims.

The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.

The data processing method, the data processing apparatus and the apparatus for data processing provided by the present invention are described in detail above, and specific examples are applied herein to illustrate the principles and embodiments of the present invention, and the description of the above embodiments is only used to help understand the method and the core idea of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.

Claims

1. A data processing method, applied to a data side, the method comprising:

2. The method according to claim 1, wherein the data processing request carries identity information of a data source, and the performing, in response to the data processing request, a data processing operation by calling a data processing function in the preset development kit includes:

3. The method of claim 2, wherein the data processing request comprises a data acquisition request, and wherein the performing the data processing operation by calling a data processing function in the preset development kit comprises:

4. The method of claim 2, wherein the data processing request comprises a result output request, and wherein the performing the data processing operation by calling a data processing function in the preset development kit comprises:

5. The method of claim 1, wherein the provisioning development kit further comprises a first interface function for configuring data processing functions, wherein the invoking of the data source initialization function in the provisioning development kit precedes registering the data source of the data party in the multi-party secure computing system by executing the data source initialization function, and wherein the method further comprises:

determining a development language supported by the data side;

6. The method of claim 1, wherein the invoking a data source initialization function in a provisioning development kit, the registering a data source of the data party in a multi-party secure computing system by executing the data source initialization function, comprises:

7. The method of claim 1, wherein the preset development kit further comprises a second interface function for implementing task control interaction between the data party and the multi-party secure computing system, the invoking of the data source initialization function in the preset development kit causes the data source initialization function to be executed after registering the data source of the data party in the multi-party secure computing system, and the method further comprises:

8. A data processing apparatus, for application to a data side, the apparatus comprising:

9. An apparatus for data processing, the apparatus comprising a memory, and one or more programs, wherein the one or more programs are stored in the memory, and wherein execution of the one or more programs by one or more processors comprises instructions for:

10. A machine-readable medium having stored thereon instructions, which when executed by one or more processors, cause an apparatus to perform the data processing method of any of claims 1 to 7.