CN113645294B - Message acquisition method and device, computer equipment and message transmission system - Google Patents
Message acquisition method and device, computer equipment and message transmission system Download PDFInfo
- Publication number
- CN113645294B CN113645294B CN202110903977.4A CN202110903977A CN113645294B CN 113645294 B CN113645294 B CN 113645294B CN 202110903977 A CN202110903977 A CN 202110903977A CN 113645294 B CN113645294 B CN 113645294B
- Authority
- CN
- China
- Prior art keywords
- message
- transmitted
- information
- identifier
- acquisition
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Abstract
The application relates to a message acquisition method, a message acquisition device, computer equipment, a storage medium and a message transmission system. The method comprises the following steps: acquiring a message acquisition instruction, wherein the message acquisition instruction carries a message identifier to be acquired; generating a message acquisition request based on the message identification to be acquired, sending the message acquisition request to a message storage end through an established message acquisition long connecting channel, acquiring a target message corresponding to the message identification to be acquired from a stored message queue by the message storage end based on the message acquisition request, generating response information based on the message identification to be acquired and the target message, and responding to the message acquisition request; the message acquisition long connection channel is established with the message storage end through the generated first dynamic connection information; and acquiring response information returned by the message storage end through the message acquisition long connecting channel. By adopting the method, the information stored in the information storage terminal can be acquired while the data security is ensured.
Description
Technical Field
The present application relates to the field of internet technologies, and in particular, to a method and an apparatus for acquiring a message, a computer device, a storage medium, and a message transmission system.
Background
With the development of internet technology, an artificial intelligence technology appears, which takes big data as a support, and at present, the big data needs to be obtained from different data sources from combing, and then can be subsequently processed. For example, when a financial wind control model is trained by using financial data, financial related data of a user needs to be acquired from different data sources to train the financial wind control model. Currently, two-way active communication is generally performed when large data is acquired. However, the bidirectional active communication is not suitable for a scenario with high data security requirements, for example, in the field of finance, the security requirements on financial data are high. At this time, if the financial party needs to acquire data, the real port information needs to be exposed to the outside, and then the two-way active communication can be performed. However, the financial party exposes the real port information to the outside, and there is a risk of data leakage.
Disclosure of Invention
In view of the above, it is necessary to provide a message acquisition method, an apparatus, a computer device and a message transmission system capable of ensuring data security.
A method of message acquisition, the method comprising:
acquiring a message acquisition instruction, wherein the message acquisition instruction carries a message identifier to be acquired;
generating a message acquisition request based on the message identification to be acquired, sending the message acquisition request to a message storage end through an established message acquisition long connecting channel, acquiring a target message corresponding to the message identification to be acquired from a stored message queue by the message storage end based on the message acquisition request, generating response information based on the message identification to be acquired and the target message, and responding to the message acquisition request; the message acquisition long connection channel is established with the message storage end through the generated first dynamic connection information;
and acquiring response information returned by the message storage end through the message acquisition long connecting channel.
A message acquisition apparatus, the apparatus comprising:
the instruction acquisition module is used for acquiring a message acquisition instruction, and the message acquisition instruction carries a message identifier to be acquired;
the request sending module is used for generating a message acquisition request based on the message identifier to be acquired, sending the message acquisition request to the message storage end through the established message acquisition long connecting channel, acquiring a target message corresponding to the message identifier to be acquired from the message storage end based on the message acquisition request, generating response information based on the message identifier to be acquired and the target message, and responding to the message acquisition request; the message acquisition long connection channel is established with the message storage end through the generated first dynamic connection information;
and the information acquisition module is used for acquiring response information returned by the message storage end through the message acquisition long connecting channel.
A computer device comprising a memory and a processor, the memory storing a computer program, the processor implementing the following steps when executing the computer program:
acquiring a message acquisition instruction, wherein the message acquisition instruction carries a message identifier to be acquired;
generating a message acquisition request based on the message identification to be acquired, sending the message acquisition request to a message storage end through an established message acquisition long connecting channel, acquiring a target message corresponding to the message identification to be acquired from a stored message queue by the message storage end based on the message acquisition request, generating response information based on the message identification to be acquired and the target message, and responding to the message acquisition request; the message acquisition long connection channel is established with a message storage end through the generated first dynamic connection information;
and acquiring response information returned by the message storage end through the message acquisition long connecting channel.
A computer-readable storage medium, on which a computer program is stored which, when executed by a processor, carries out the steps of:
acquiring a message acquisition instruction, wherein the message acquisition instruction carries a message identifier to be acquired;
generating a message acquisition request based on the message identification to be acquired, sending the message acquisition request to a message storage end through an established message acquisition long connecting channel, acquiring a target message corresponding to the message identification to be acquired from a stored message queue by the message storage end based on the message acquisition request, generating response information based on the message identification to be acquired and the target message, and responding to the message acquisition request; the message acquisition long connection channel is established with a message storage end through the generated first dynamic connection information;
and acquiring response information returned by the message storage end through the message acquisition long connecting channel.
The message acquisition method, the device, the computer equipment and the storage medium are characterized in that a message acquisition instruction is acquired, the message acquisition instruction carries a message identifier to be acquired, a message acquisition request is generated based on the message identifier to be acquired, the message acquisition request is sent to a message storage end through an established message acquisition long connecting channel, the message storage end acquires a target message corresponding to the message identifier to be acquired from a storage message queue based on the message acquisition request, response information is generated and responded to the message acquisition request based on the message identifier to be acquired and the target message, then response information returned by the message storage end is acquired through the message acquisition long connecting channel, namely the message acquisition request is generated through the message identifier to be acquired, the message acquisition request is sent to the message storage end through the established message acquisition long connecting channel, and then the response of the message storage end to the message acquisition request is acquired, the message acquisition long connection channel is established with the message storage end through the generated first dynamic connection information, so that the actual port information can be prevented from being exposed outwards, and the message stored in the message storage end can be acquired while the data security is ensured.
A message transmission system, the system comprising: the message sending end is connected with the server through a message transmission long connecting channel, and the message receiving end is connected with the server through a message pulling long connecting channel; the message transmission long connecting channel is established by the dynamic port information generated by the message sending end and the server end; the message pulling long connecting channel is established by the dynamic port information generated by the message receiving end and the server end;
the message sending end is used for obtaining a message transmission instruction, the message transmission instruction carries a message identifier to be transmitted and a corresponding message to be transmitted, and the message identifier to be transmitted and the corresponding message to be transmitted are sent to the server end through the message transmission long connection channel;
the server is used for storing the message identification to be transmitted and the corresponding message to be transmitted into a target message queue;
the message receiving end is used for acquiring a message acquisition instruction, the message acquisition instruction carries a message identifier to be transmitted, a target message acquisition request is generated based on the message identifier to be transmitted, and the target message acquisition request is sent to the server end through the message pull long connecting channel;
the server is also used for acquiring a message to be transmitted corresponding to the message identifier to be transmitted from the target message queue based on the target message acquisition request, generating a target response message based on the message identifier to be transmitted and the message to be transmitted and responding to the target message acquisition request;
the message receiving end is also used for acquiring the returned target response message through the message pulling long connecting channel.
In the message transmission system, the message sending end sends the message identification to be transmitted and the corresponding message to be transmitted to the server end through the message transmission long connecting channel, the message receiving end obtains the returned target response message from the server end through the message pulling long connecting channel, the message transmission long connecting channel is established between the dynamic port information generated by the message sending end and the server end, and the message pulling long connecting channel is established between the dynamic port information generated by the message receiving end and the server end. Therefore, the message sending end and the message receiving end can avoid exposing the real port information outwards, and the message transmission can be carried out while the data security in the message sending end and the message receiving end is ensured.
Drawings
FIG. 1 is a diagram of an application environment of a message retrieval method in one embodiment;
FIG. 2 is a flow diagram illustrating a message acquisition method according to one embodiment;
fig. 3 is a schematic flow chart illustrating obtaining a message setup to acquire a long connection channel in one embodiment;
FIG. 4 is a flow diagram illustrating a request for encrypted transmission in one embodiment;
FIG. 5 is a flow diagram illustrating a process for obtaining digital signature information in one embodiment;
FIG. 6 is a flow diagram illustrating the process of obtaining at least two response messages according to one embodiment;
FIG. 7 is a flowchart illustrating homomorphic operation in one embodiment;
FIG. 8 is a flow diagram illustrating message transmission in one embodiment;
FIG. 9 is a flow diagram illustrating encrypted transmission of a message in one embodiment;
FIG. 10 is a schematic flow chart of asynchronous transmission in one embodiment;
fig. 11 is a schematic view of an application scenario of a message acquisition method in an embodiment;
fig. 12 is a schematic view of an application scenario of a message acquisition method in another embodiment;
FIG. 13 is a flow diagram illustrating parallel asynchronous transfer in the embodiment of FIG. 12;
FIG. 14 is a flowchart illustrating a message retrieval method according to an exemplary embodiment;
FIG. 15 is a schematic diagram of a messaging system in one embodiment;
FIG. 16 is a schematic diagram of a messaging system in accordance with another embodiment;
FIG. 17 is a diagram illustrating an exemplary implementation of a messaging system in accordance with one embodiment;
FIG. 18 is a block diagram showing a configuration of a message acquisition apparatus according to an embodiment;
FIG. 19 is a diagram showing an internal structure of a computer device in one embodiment;
FIG. 20 is a diagram illustrating an internal structure of a computer device in one embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
Machine Learning (ML) is a multi-domain cross discipline, and relates to a plurality of disciplines such as probability theory, statistics, approximation theory, convex analysis, algorithm complexity theory and the like. The method specially studies how a computer simulates or realizes the learning behavior of human beings so as to acquire new knowledge or skills and reorganize the existing knowledge structure to continuously improve the performance of the computer. Machine learning is the core of artificial intelligence, is the fundamental approach to make computers have intelligence, and is applied in various fields of artificial intelligence. Machine learning and deep learning generally include techniques such as artificial neural networks, belief networks, reinforcement learning, migratory learning, inductive learning, formal learning, and federal learning.
The scheme provided by the embodiment of the application relates to the technologies of artificial intelligence, such as federal learning and the like, and is specifically explained by the following embodiments:
the message acquisition method provided by the application can be applied to the application environment shown in fig. 1. The terminal 102 and the server 104 communicate with each other through a network, and the server 104 communicates with the message storage server 106 through the network. The terminal 102 sends a message acquisition instruction to the server 104, and the server 104 acquires the message acquisition instruction, wherein the message acquisition instruction carries the identifier of the message to be acquired; generating a message acquisition request based on the message identification to be acquired, sending the message acquisition request to the message storage server 106 through the established message acquisition long connecting channel, acquiring a target message corresponding to the message identification to be acquired from a stored message queue based on the message acquisition request by the message storage server 106, and generating response information and responding to the message acquisition request based on the message identification to be acquired and the target message; the message acquisition long connection channel is established with the message storage end through the generated first dynamic connection information; the server 104 acquires the response information returned by the message storage end through the message acquisition long connection channel. The terminal 102 may be, but not limited to, various personal computers, notebook computers, smart phones, tablet computers, and portable wearable devices, and the server 104 may be implemented by an independent server or a server cluster formed by a plurality of servers. The server 106 may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing basic cloud computing services such as a cloud service, a cloud database, cloud computing, a cloud function, cloud storage, a network service, cloud communication, middleware service, a domain name service, a security service, a CDN, a big data and artificial intelligence platform, and the like. The terminal may be, but is not limited to, a smart phone, a tablet computer, a laptop computer, a desktop computer, a smart speaker, a smart watch, and the like. The terminal and the server may be directly or indirectly connected through wired or wireless communication, and the application is not limited herein.
In an embodiment, as shown in fig. 2, a message obtaining method is provided, which is described by taking the application of the method to the server 104 in fig. 1 as an example, it can be understood that the method can also be applied to a terminal, and can also be applied to a system including the terminal and the server, and is implemented by interaction between the terminal and the server, and in this embodiment, the following steps are included:
step 202, a message acquisition instruction is acquired, and the message acquisition instruction carries a message identifier to be acquired.
The message identifier to be acquired is used for uniquely identifying a message to be acquired, and may be a name, a code, a character string, or the like. The message may be a message in a format of a message identifier to be acquired and a message content, where the message content is data to be specifically acquired. The message content may be various types of data, such as text data, image data, video data, audio data, and the like, or may be data in different data formats, such as numerical values, characters, binary numbers, and the like. And may be data of different data structures, such as data of an array structure, data of a collection structure, data of a file structure, and the like. The message identifier to be acquired is an identifier corresponding to the same message content agreed in advance by the server and the message storage terminal.
Specifically, the server acquires a message acquisition instruction sent by the terminal, wherein the message acquisition instruction carries a message identifier to be acquired. In an embodiment, the server may obtain the message obtaining instruction through a preset trigger condition, where the message obtaining instruction carries a message identifier to be obtained. The preset trigger condition may be implemented by a script, and may include reaching a preset time point, reaching a preset service processing node, and the like.
Step 204, generating a message acquisition request based on the message identifier to be acquired, sending the message acquisition request to a message storage end through the established message acquisition long connecting channel, acquiring a target message corresponding to the message identifier to be acquired from a stored message queue by the message storage end based on the message acquisition request, and generating response information and responding to the message acquisition request based on the message identifier to be acquired and the target message; the message acquisition long connection channel is established with the message storage end through the generated first dynamic connection information.
The message acquisition request is a request for acquiring a message, and the request carries an identifier of the message to be acquired. The message acquisition long connection channel is established with the message storage end through the generated first dynamic connection information and is established in advance. The first dynamic connection information is dynamically generated information for establishing a long connection channel with the message storage end. The message storage end refers to a server end for storing messages, and the message storage end can be a message storage server. The storage message queue refers to a message queue used for storing messages in a message storage terminal. The target message refers to the message content to be acquired, that is, the message content corresponding to the message identifier to be acquired. The response information refers to a message acquired by the server, and the response information comprises a message identifier to be acquired and a target message.
Specifically, the server generates first dynamic connection information in advance, acquires connection information of the message storage end, and then generates a message acquisition long connection channel according to the first dynamic connection information and the connection information of the message storage end. The connection information of the message storage end refers to information for establishing long connection with the server. And then generating a message acquisition request by using the message identification to be acquired, sending the message acquisition request to a message storage end through the established message acquisition long connecting channel, receiving the message acquisition request by the message storage end, analyzing the message acquisition request to obtain the message identification to be acquired, acquiring a target message corresponding to the message identification to be acquired from a message storage queue based on the message acquisition request, generating Response information based on the message identification to be acquired and the target message, responding to the (Response) message acquisition request, and responding the Response information to the server through the message acquisition long connecting channel. The message queue of the message storage end stores the message content corresponding to the same message identifier to be acquired, and the server can store the response message into the message queue according to the message identifier to be acquired when acquiring the response message corresponding to the message identifier to be acquired. Namely, the server acquires the target message from the message queue of the message storage end through the message identifier to be acquired, and stores the target message into the message queue of the server through the message identifier to be acquired.
And step 206, acquiring the response information returned by the message storage end through the message acquisition long connection channel.
Specifically, the server obtains the response information returned by the message storage end through the message obtaining long connection channel, and may store the response information, and perform subsequent processing, such as performing model training or performing data analysis using message contents in the response information.
The message acquiring method comprises the steps of acquiring a message acquiring instruction which carries a message identifier to be acquired, generating a message acquiring request based on the message identifier to be acquired, sending the message acquiring request to a message storage terminal through an established message acquisition long connecting channel, acquiring a target message corresponding to the message identifier to be acquired from a message storage queue by the message storage terminal based on the message acquiring request, generating response information and responding to the message acquiring request based on the message identifier to be acquired and the target message, acquiring response information returned by the message storage terminal through the message acquisition long connecting channel, namely generating the message acquiring request through the message identifier to be acquired, sending the message acquiring request to the message storage terminal through the established message acquisition long connecting channel, and then acquiring the response of the message storage terminal to the message acquiring request, namely the response information generated based on the message identifier to be acquired and the target message, the message acquisition long connection channel is established with the message storage end through the generated first dynamic connection information, so that the fact that real port information is exposed outwards can be avoided, and the message stored in the message storage end can be acquired while the message security is ensured.
In one embodiment, as shown in fig. 3, after step 202, i.e. after acquiring the message acquisition instruction, the method further comprises the steps of:
step 302, obtaining a static port identifier of a message storage terminal and a corresponding internet protocol address of the message storage terminal based on a message obtaining instruction, and generating first dynamic connection information, where the first dynamic connection information includes the first dynamic port identifier and the corresponding first internet protocol address.
The message storage end static port identifier is a static port for uniquely identifying the message storage end, and the message storage end Internet Protocol address is an IP (Internet Protocol) address bound with the static port of the message storage end. The first dynamic port identifier is used to uniquely identify a first dynamic port, where the first dynamic port is a dynamic port allocated by the server, and the dynamic port is a TCP (Transmission Control Protocol) port. The first internet protocol address refers to an IP address bound to the first dynamic port.
Specifically, the message storage end exposes port information to an external network, that is, the server can obtain a static port identifier of the message storage end and a corresponding internet protocol address of the message storage end. At this time, the server randomly allocates unused dynamic ports according to the set dynamic port range to obtain first dynamic connection information, wherein the first dynamic connection information comprises a first dynamic port identifier and a corresponding first internet protocol address.
Step 304, a message acquisition long connection establishment request is sent to the message storage end based on the message storage end static port identification and the message storage end internet protocol address, the message acquisition long connection establishment request carries a first dynamic port identification and a corresponding first internet protocol address, the message storage end monitors a static port corresponding to the message storage end static port identification, a target thread is established based on the message acquisition long connection establishment request, and a target thread is used for establishing a message acquisition long connection channel according to the first dynamic port identification, the first internet protocol address, the message storage end static port identification and the message storage end internet protocol address.
The message acquisition long connection establishment request is a request for establishing a message acquisition long connection, and the request carries a first dynamic port identifier and a corresponding first internet protocol address. The target thread refers to a thread for performing long connection (Socket) channel establishment.
Specifically, the server sends a message acquisition long connection establishment request to the message storage end by using a message storage end static port identifier and a message storage end internet protocol address, the message acquisition long connection establishment request carries a first dynamic port identifier and a corresponding first internet protocol address, the message storage end monitors a static port corresponding to the message storage end static port identifier, creates a target thread based on the message acquisition long connection establishment request, and establishes a message acquisition long connection channel by using the target thread according to the first dynamic port identifier, the first internet protocol address, the message storage end static port identifier and the message storage end internet protocol address. The message is established through the dynamic port to obtain the long connecting channel, so that the server can be prevented from exposing the real port information outwards, the safety of the privacy data in the server can be protected, and the privacy data can be prevented from being leaked.
In one embodiment, the message acquisition long connection channel transmits based on a preset secure transmission protocol;
as shown in fig. 4, step 204, sending a message acquisition request to the message storage end through the established message acquisition long connection channel, includes:
step 402, digital signature information is obtained, wherein the digital signature information is obtained by performing digital signature by using a public key.
The preset secure transport protocol is a protocol which is preset by the server and the message storage terminal and guarantees security when a long connection channel is used for message transmission, and may be a TLS (security transport layer protocol) protocol which is used for providing confidentiality and data integrity between two communication application programs. The digital signature is a digital string which can be generated only by a sender of the information and cannot be forged by others, and the digital string is also a valid proof of the authenticity of the information sent by the sender of the information. The public key refers to a public key in an asymmetric key generated by the server using an asymmetric encryption Algorithm, and the asymmetric encryption Algorithm may be an RSA (an asymmetric encryption Algorithm) Algorithm, a DSA (Digital Signature Algorithm, which is used as a part of a Digital Signature standard) Algorithm, an elliptic curve encryption Algorithm, or the like. The digital signature information is a digital certificate sent by the digital signature authentication center, and the digital signature information is obtained by the digital signature authentication center performing digital signature on the public key, namely the digital signature authentication center uses the digital signature authentication private key to encrypt the public key. The digital signature information may further include a public key corresponding to the digital signature authentication private key.
Specifically, the digital signature information acquired by the server may be digital signature information acquired after the server passes digital signature authentication by the digital signature authentication center, or may be stored digital signature information acquired from a database.
Step 404, sending the digital signature information to the message storage end through the message acquisition long connection channel, decrypting the digital signature information to obtain a public key when the message storage end uses the message storage end signature authentication information to authenticate that the digital signature information passes through, generating a temporary symmetric key, encrypting the temporary symmetric key by using the public key to obtain secret key information, and returning the secret key information through the message acquisition long connection channel.
The message storage end signature authentication information refers to information for authenticating the digital signature information acquired by the message storage end from a digital signature authentication center, and may include a digital signature authentication public key, the temporary symmetric key refers to a symmetric key temporarily generated by using a symmetric Encryption algorithm, and the symmetric Encryption algorithm may be an AES (Advanced Encryption Standard ) Encryption algorithm, and the like. The key information is information obtained by temporarily encrypting the key with a public key.
Specifically, the server sends the digital signature information to the message storage end through the message acquisition long connection channel, when the message storage end uses the message storage end signature authentication information to authenticate the digital signature information, the message storage end acquires a digital signature authentication public key to decrypt the digital signature information to obtain a public key and generates a temporary symmetric key, and the temporary symmetric key is used for encrypting the message to be transmitted. And encrypting the temporary symmetric key by using the public key to obtain key information, and returning the key information through the message acquisition long connection channel.
Step 406, obtaining the key information returned by the message storage end, and decrypting the key information by using the private key corresponding to the public key to obtain the temporary symmetric key.
Specifically, the server obtains key information returned by the message storage end, obtains a private key corresponding to a public key in the stored asymmetric keys, and then uses the private key information to decrypt the key information to obtain the temporary symmetric key.
And step 408, encrypting the message acquisition request by using the temporary symmetric key to obtain a message encryption request, and transmitting the message encryption request to the message storage end through the message acquisition long connecting channel.
The message encryption request refers to an encrypted message acquisition request.
Specifically, the server encrypts the message acquisition request by using the temporary symmetric key to obtain a message encryption request, and transmits the message encryption request to the message storage end through the message acquisition long connection channel. In one embodiment, the message storage end may also encrypt the response message by using a preset secure transmission protocol, return the encrypted response message through the message acquisition long connection channel, and the server receives the encrypted response message and decrypts the encrypted response message by using the temporary symmetric key of the server to obtain the response message.
In one embodiment, the message transmission component may encrypt the message acquisition request by using a preset secure transmission protocol to obtain a message encryption request, and then transmit the message encryption request to the message storage end through the message acquisition long connection channel.
In the above embodiment, the message acquisition long connection channel is used for transmission based on a preset secure transmission protocol, that is, the temporary symmetric key is used for encrypting the message acquisition request to obtain a message encryption request, and the message encryption request is transmitted to the message storage end through the message acquisition long connection channel, so that the security of the message transmitted by the message acquisition long connection channel can be ensured.
In an embodiment, as shown in fig. 5, before step 202, that is, before acquiring a message acquisition instruction, the message acquisition instruction carries an identifier of a message to be acquired, the method further includes:
step 502, an asymmetric key is generated, where the asymmetric key includes a public key and a private key.
In particular, the server generates an asymmetric key using an asymmetric encryption algorithm, the asymmetric key comprising a public key and a private key, wherein the generation may be performed using a key generation tool.
Step 504, sending a digital signature authentication request to the digital authentication server, where the digital signature authentication request carries a public key, the digital authentication server generates an authentication private key and an authentication public key based on the digital signature authentication request, signs the public key by using the authentication private key to obtain digital signature information, generates signature authentication information by using the authentication private key and the authentication public key, and returns the digital signature information and the signature authentication information.
Wherein, the digital signature authentication request is used for digital signature authentication. The digital authentication server is a server for performing digital signature authentication. The authentication private key and the authentication public key refer to a pair of asymmetric keys generated in the digital authentication server for performing digital signature authentication. The signature authentication information is information for authenticating a digital signature. The signature authentication information includes an authentication public key.
Specifically, the server sends a digital signature authentication request to the digital authentication server, the digital signature authentication request carries a public key to be digitally authenticated, when the digital authentication server receives the digital signature authentication request, the digital signature authentication request is analyzed to obtain a public key, and then an authentication private key and an authentication public key are generated, or a pre-generated authentication private key and an authentication public key can be obtained. And then, signing the public key to be digitally signed by using the authentication private key to obtain digital signature information, generating signature authentication information by using the authentication private key and the authentication public key, and returning the digital signature information and the signature authentication information to the server by using the digital signature authentication server.
Step 506, the digital signature information and the signature authentication information returned by the digital authentication server are obtained and stored.
Specifically, the server acquires the returned digital signature information and signature authentication information from the digital authentication server and stores the digital signature information and the signature authentication information in the database, and when digital signature is required, the digital signature information is used for digitally signing the information required to be signed.
In the embodiment, the generated public key is sent to the digital authentication server for signature authentication, and the digital signature information and the signature authentication information returned by the digital authentication server are acquired and stored, so that the subsequent use is facilitated, and the efficiency is improved.
In one embodiment, after step 206, that is, after acquiring the response information returned by the message storage end through the message acquisition long connection channel, the method further includes the steps of:
storing the response information into a first message queue and generating an acquisition completion message; encrypting the acquired message by using a preset secure transmission protocol to obtain an encrypted message; and returning an encryption completion message through the message acquisition long connecting channel, and destroying the message to acquire the long connecting channel.
The first message queue refers to a message queue used for storing messages in the server. The acquisition complete message is used to characterize the message that all transmissions have been acquired. The encryption completion message is obtained by encrypting the acquisition completion message by using a preset secure transmission protocol.
Specifically, when the server acquires the response information, the server may store the response information in the first message queue, generate an acquisition completion message, encrypt the acquisition completion message using a preset secure transmission protocol to obtain an encryption completion message, encrypt the acquisition completion message using the temporary symmetric key to obtain a message encryption request, and transmit the message encryption request to the message storage via the message acquisition long connection channel. And then, the message acquisition long connecting channel is destroyed, so that the leakage of the privacy data in the server is avoided.
In one embodiment, the message acquisition instruction carries at least two message identifiers to be acquired and corresponding message storage end identifiers;
as shown in fig. 6, step 204, generating a message obtaining request based on the message identifier to be obtained, and sending the message obtaining request to the message storage end through the established message obtaining long connection channel, includes:
step 602, at least two message acquisition requests are generated based on at least two message identifications to be acquired and corresponding message storage end identifications.
The message storage end identifier is used for uniquely identifying a message storage end, the message storage end refers to a server end for storing a message to be acquired, and the server end can be a time server, a terminal and the like.
Specifically, when the server needs to perform multi-party combined data analysis, data needs to be acquired from multiple data sources, that is, messages are acquired from multiple message storage ends, at this time, a message acquisition instruction acquired by the server carries at least two message identifiers to be acquired and corresponding message storage end identifiers, that is, each message identifier to be acquired has a corresponding message storage end identifier, that is, each message identifier to be acquired needs to be acquired from a corresponding message storage end. At this time, the server generates different message acquisition requests, and each message acquisition request carries the message identifier to be acquired and the corresponding message storage terminal identifier.
And step 604, sending a corresponding message acquisition request to a corresponding message storage end through at least two message acquisition long connecting channels.
The at least two message acquisition long connecting channels are that the server and different message storage terminals can establish different message acquisition long connecting channels.
Specifically, the server generates dynamic connection information for establishing a long connection channel with each message storage terminal, and the dynamic port identifications in the dynamic connection information are different. And establishing different messages according to each piece of dynamic connection information and the static port identifier and the IP address of the corresponding information storage end to obtain the long connection channel. And then transmitting each message acquisition request to a corresponding message storage end through a corresponding message acquisition long connecting channel.
Step 206, obtaining the response information returned by the message storage end through the message obtaining long connection channel, including:
step 608, at least two response messages returned by the message storage ends corresponding to the at least two message storage end identifiers are obtained through the at least two message obtaining long connecting channels.
Specifically, when each message storage end receives a corresponding message acquisition request, a target message corresponding to a message identifier to be acquired is acquired from a stored message queue of the server, a response message is generated based on the message identifier to be acquired and the target message, the response message is responded to the message acquisition request, and the server acquires the response message returned by the message storage end corresponding to the message storage end identifier through each message acquisition long connection channel. Each reply message may then be stored in its own message queue.
In an embodiment, each message acquisition request may also be encrypted by using a preset secure transmission protocol to obtain different encryption requests, the different encryption requests are sent to corresponding message storage terminals to obtain encrypted response messages, and then the encrypted response messages are decrypted by using the preset secure transmission protocol to obtain application messages.
In the above embodiment, at least two message acquisition requests are generated by at least two message identifiers to be acquired and corresponding message storage end identifiers, and then the corresponding message acquisition requests are sent to the corresponding message storage ends by the at least two message acquisition long connection channels, so that the server can acquire required messages from different message storage ends, and avoid exposing own actual port information, thereby ensuring data security.
In one embodiment, the target message in the response message is obtained after homomorphic encryption;
as shown in fig. 7, after step 608, that is, after at least two pieces of response information returned by the message storage corresponding to at least two message storage identities are acquired through at least two message acquisition long connection channels, the method further includes:
step 702, a first target message is obtained, wherein the first target message is obtained after homomorphic encryption.
The first target message is a target message in the server, the target message is obtained by homomorphically encrypting an original message, the original message is an unencrypted original message, and the original message has high privacy and cannot be leaked. Homomorphic encryption is a cryptographic technique based on the theory of computational complexity of mathematical problems. The homomorphic encrypted message is processed to obtain an output, which is decrypted, the result of which is the same as the output obtained by processing the unencrypted original message in the same way.
Specifically, the server may obtain a first target message from the first message queue, where the first target message is a message to be homomorphically operated with a target message in the application message. The server may obtain an original message in advance, and perform homomorphic encryption on the original message through a homomorphic encryption algorithm to obtain a first target message, where the homomorphic encryption algorithm may be a fully homomorphic encryption algorithm or the like.
Step 704, performing homomorphic operation based on the first target message and the target message in the at least two response messages to obtain a homomorphic operation result.
The target message in the at least two response messages is obtained by encrypting the original message of the message storage end by using a homomorphic encryption algorithm, and the homomorphic encryption algorithm used by the message storage end and the server is the same, namely the homomorphic encryption algorithm is agreed in advance.
Specifically, the server performs homomorphic operation using the first target message and the target message in the at least two response messages, that is, multi-party joint calculation can be performed, where the homomorphic operation may include addition, subtraction, multiplication, division, polynomial evaluation, exponential operation, logarithmic operation, trigonometric function operation, and the like, and a homomorphic operation result is obtained.
In an embodiment, when the server acquires a piece of response information, the server may compare the size of the first target message with the size of the target message in the piece of response information, calculate a difference between the first target message and the target message in the piece of response information, determine the size between the first target message and the target message in the piece of response information according to the positive and negative of the difference, obtain a homomorphic operation result, and return the homomorphic operation result to the corresponding message storage end through the corresponding message acquisition long connection channel.
Step 706, the homomorphic operation result is returned to the corresponding message storage end through the corresponding message acquisition long connection channel.
Specifically, the server obtains the long connection channel through the homomorphic operation result through the corresponding message and returns the long connection channel to the message storage end corresponding to each message storage end identifier. And then the message storage end can use the homomorphic original result to perform subsequent processing, so that the processing result is more accurate.
In the above embodiment, homomorphic operation is performed by obtaining target messages of different message storage ends to obtain homomorphic operation results, and then the homomorphic operation results are returned to the message storage end corresponding to each message storage end identifier, so that multiparty joint calculation can be performed, and the homomorphic operation results obtained by calculation are more accurate.
In one embodiment, the message identifier to be acquired comprises a computing node sub identifier and a message sub identifier to be acquired;
step 704, performing homomorphic operation based on the first target message and the target message in the at least two response messages to obtain a homomorphic operation result, including the steps of:
and the computing node corresponding to the computing node sub-identifier performs homomorphic operation on the basis of the first target message and the target message corresponding to the message sub-identifier to be acquired in the at least two pieces of response information to obtain a homomorphic operation result corresponding to the computing node.
The computing node sub-identifier is used for uniquely identifying a corresponding computing node, and may be a name, a number, a character string, or the like, and the computing node may be an executor (executor). The message to be acquired sub-identifier is used for uniquely identifying the message to be acquired, and can be a name, a number, a character string and the like. The message identifier to be acquired includes a computing node sub identifier and a message sub identifier to be acquired, that is, the message identifier to be acquired may be composed of the computing node sub identifier and the message sub identifier to be acquired, and is used to indicate that the message to be acquired corresponding to the message sub identifier to be acquired is processed and calculated in the computing node corresponding to the computing node sub identifier. The target message corresponding to the message sub-identifier to be acquired in the response message is obtained by homomorphically encrypting the original message by the computing node corresponding to the same computing node sub-identifier in the message storage end.
Specifically, the computing node corresponding to the computing node sub-identifier performs homomorphic operation by using the first target message and the target message corresponding to the message sub-identifier to be acquired in the at least two pieces of response information, so as to obtain a homomorphic operation result corresponding to the computing node. In one embodiment, when there are multiple message identifiers to be acquired, a computing node corresponding to a computing node sub identifier in each message identifier to be acquired concurrently acquires a first target message and a target message corresponding to a message sub identifier to be acquired in at least two pieces of response information, then concurrently performs homomorphic operation on the first target message and the target message corresponding to the message sub identifier to be acquired in at least two pieces of response information, and each computing node performs computation to obtain a corresponding homomorphic operation result. And then, transmitting the homomorphic operation result to a first message queue, and asynchronously transmitting the homomorphic operation result to a corresponding message storage end by the first message queue. That is, the calculation processing is performed in the calculation node, and the homomorphic operation efficiency can be improved.
In one embodiment, as shown in fig. 8, the method further comprises:
step 802, a message transmission instruction is obtained, and the message transmission instruction carries a message identifier to be transmitted.
The message identifier to be transmitted is used for uniquely identifying the message to be transmitted.
Specifically, the server may obtain a message transmission instruction sent by the terminal, where the message transmission instruction carries a message identifier to be transmitted.
Step 804, obtaining a message to be transmitted corresponding to the message identifier to be transmitted, and transmitting the message identifier to be transmitted and the corresponding message to be transmitted to a message receiving end through the established message transmission long connecting channel; the message receiving end receives the message identification to be transmitted and the corresponding message to be transmitted, stores the message identification to be transmitted and the corresponding message to be transmitted in a message queue of the message receiving end, generates a transmission completion message, and returns the transmission completion message through a message transmission long connecting channel; the message transmission long connecting channel is established with the message receiving end through the generated second dynamic connecting information;
the message to be transmitted refers to the content of the message to be transmitted. The message transmission long connection channel refers to a long connection channel which is established in advance and used for message transmission. The second dynamic connection information is dynamically generated information for establishing a long connection channel with the message receiving end, and includes a second dynamic port identifier and a corresponding second IP address. The second dynamic port identification is used to uniquely identify the dynamic port. The transmission completion message is used for representing the completion of the transmission of the message to be transmitted. The message receiving end is a receiving end for receiving a message transmitted by a server, and the receiving end may be a server, a cloud server, or the like.
Specifically, the server may obtain a message to be transmitted corresponding to the message identifier to be transmitted from the first message queue, and transmit the message identifier to be transmitted and the corresponding message to be transmitted to the message receiving end through the established message transmission long connection channel; and the message receiving end receives the message identification to be transmitted and the corresponding message to be transmitted, stores the message identification to be transmitted and the corresponding message to be transmitted in a message queue of the message receiving end, generates a transmission completion message, and returns the transmission completion message through the message transmission long connecting channel.
Step 806, obtaining the transmission completion message returned by the message transmission long connecting channel, and destroying the message transmission long connecting channel based on the transmission completion message.
Specifically, the server destroys the message transmission long connection channel based on the transmission completion message, by acquiring the returned transmission completion message through the message transmission long connection channel.
In the above embodiment, by obtaining the message transmission instruction, then obtaining the message to be transmitted corresponding to the message identifier to be transmitted, transmitting the message identifier to be transmitted and the corresponding message to be transmitted to the message receiving end through the established message transmission long connecting channel, obtaining the transmission completion message returned by the message transmission long connecting channel, and destroying the message transmission long connecting channel based on the transmission completion message, the true port information can be prevented from being exposed during message transmission, and the message transmission can be performed while the message security is ensured.
In one embodiment, the message transmission long connecting channel transmits based on a preset safe transmission protocol;
as shown in fig. 9, step 804, transmitting the message identifier to be transmitted and the corresponding message to be transmitted to the message receiving end through the established message transmission long connection channel, includes:
step 902, acquiring digital signature information, wherein the digital signature information is obtained by performing digital signature by using a public key.
Step 904, sending the digital signature information to the message receiving end through the message transmission long connection channel, when the message receiving end uses the message receiving end signature authentication information to authenticate that the digital signature information passes, decrypting the digital signature information to obtain a public key, generating a temporary symmetric key, encrypting the temporary symmetric key by using the public key to obtain secret key information, and returning the secret key information through the message transmission long connection channel.
The temporary symmetric key is a temporary symmetric key corresponding to the message receiving end, and is a key used for encrypting the message to be transmitted.
Specifically, the server and the message receiving end agree in advance that a long message transmission connection channel is used for message transmission based on a preset secure transmission protocol. At the moment, the server acquires the stored digital signature information and sends the digital signature information to the message receiving end through the message transmission long connecting channel, when the message receiving end uses the message receiving end signature authentication information to authenticate that the digital signature information passes through, the digital signature information is decrypted to obtain a public key and a temporary symmetric key is generated, the temporary symmetric key is encrypted by using the public key to obtain secret key information, and the secret key information is returned through the message transmission long connecting channel.
Step 906, obtaining the key information returned by the message receiving end, and decrypting the key information by using the private key corresponding to the public key to obtain the temporary symmetric key.
And 908, encrypting the message to be transmitted identifier and the corresponding message to be transmitted by using the temporary symmetric key to obtain a secure encrypted message, and transmitting the secure encrypted message to the message receiving end through the message transmission long connection channel.
The secure encrypted message is obtained by encrypting the message identifier to be transmitted and the corresponding message to be transmitted by using the temporary symmetric key.
Specifically, the server obtains the secret key information returned by the message receiving end, and decrypts the secret key information by using the private key corresponding to the public key to obtain the temporary symmetric key. The temporary symmetric key is used for encrypting the message identification to be transmitted and the corresponding message to be transmitted to obtain a safe encrypted message, and the safe encrypted message is transmitted to the message receiving end through the message transmission long connecting channel, so that the message is prevented from being leaked in the transmission process, and the message transmission safety is ensured.
In one embodiment, the message transmission instruction carries at least two message identifications to be transmitted and corresponding message receiving end identifications;
step 804, obtaining the message to be transmitted corresponding to the message identifier to be transmitted, and transmitting the message identifier to be transmitted and the corresponding message to be transmitted to the message receiving end through the established message transmission long connection channel, including the steps:
acquiring messages to be transmitted corresponding to at least two message identifications to be transmitted respectively, and transmitting the at least two message identifications to be transmitted and the corresponding messages to be transmitted to corresponding message receiving ends through at least two established message transmission long connecting channels; at least two message transmission long connecting channels are established by the message receiving ends corresponding to the message receiving end identifications and the generated at least two second dynamic connecting information.
The message transmission instruction carries at least two message identifications to be transmitted and corresponding message receiving end identifications, namely, the server needs to transmit messages to message receiving ends corresponding to different message receiving end identifications.
Specifically, the message transmission instruction acquired by the server carries at least two message identifications to be transmitted and corresponding message receiving end identifications, and the server establishes a corresponding message transmission long connection channel with the message receiving end of each message receiving end identification. Then, the message to be transmitted corresponding to each message identifier to be transmitted is acquired, each message identifier to be transmitted and the corresponding message to be transmitted are transmitted to the corresponding message receiving end through the corresponding message transmission long connecting channel, namely, each message identifier to be transmitted and the corresponding message to be transmitted are combined to obtain each message to be transmitted, each message to be transmitted is transmitted through the corresponding message transmission long connecting channel of the message receiving end, and each message receiving end acquires the message to be transmitted corresponding to the message identifier to be transmitted required by the message receiving end. Namely, the server can transmit multi-party messages, the exposure of real port information is avoided, and the safety is ensured.
In one embodiment, the message identifier to be transmitted comprises a computing node sub identifier and a message sub identifier to be transmitted;
as shown in fig. 10, step 804, acquiring a to-be-transmitted message corresponding to a to-be-transmitted message identifier, and transmitting the to-be-transmitted message identifier and the corresponding to-be-transmitted message to a message receiving end through an established message transmission long connection channel, includes:
step 1002, obtaining an original message to be transmitted corresponding to the transmission message sub-identifier, and sending the original message to be transmitted to the computing node corresponding to the computing node sub-identifier.
The original message to be transmitted refers to an original message that needs to be transmitted, and the original message is a message that needs to avoid leakage. The message sub-identifier to be transmitted is used for uniquely identifying the message content which needs to be transmitted.
Specifically, the server obtains the original message to be transmitted corresponding to the transmission message sub-identifier, and sends the original message to be transmitted to the computing node corresponding to the computing node sub-identifier.
And 1004, dividing the original message to be transmitted by the computing node to obtain each original sub-message to be transmitted, determining the original sub-message to be transmitted currently from each original sub-message to be transmitted, performing computing processing on the original sub-message to be transmitted currently to obtain the sub-message to be transmitted, asynchronously transmitting the sub-message to be transmitted and the corresponding message identification to be transmitted to a message receiving end through the established message transmission long connection channel, and returning to the step of determining the original sub-message to be transmitted currently from each original sub-message to be transmitted until the original sub-message to be transmitted is traversed.
Specifically, the computing node divides the original message to be transmitted to obtain each original sub-message to be transmitted, wherein the original sub-messages to be transmitted can be divided randomly, can be divided according to a preset sub-message amount, and can be divided equally. And then determining the current original sub-message to be transmitted from each original sub-message to be transmitted, calculating the current original sub-message to be transmitted to obtain the sub-message to be transmitted, asynchronously transmitting the sub-message to be transmitted and the corresponding message identifier to be transmitted to a message receiving end through the established message transmission long connecting channel, and returning to the step of determining the current original sub-message to be transmitted from each original sub-message to be transmitted until the traversal of the original sub-message to be transmitted is completed. The calculation process may be various processing methods, and may be set according to service needs, for example, to ensure message security, encryption may be performed, for example, homomorphic encryption is performed. For example, when joint learning is performed, calculation of the intermediate results of the model may be performed. For example, when performing joint analysis, statistical calculations and the like may be performed.
In one embodiment, when there are at least two message identifiers to be transmitted and corresponding message receiving end identifiers in the message transmission instruction, the message transmission may be performed in the form of the message identifier to be transmitted, the sub-message to be transmitted, and the message receiving end identifier, that is, the message identifier to be transmitted, the sub-message to be transmitted, and the message receiving end identifier are asynchronously transmitted to the message receiving end through the established message transmission long connection channel. Besides the message content, the sub-message to be transmitted may also be accompanied by additional attribute values, such as message length, for performing message size and integrity verification. And when the message receiving end receives the message identifier to be transmitted, the sub-message to be transmitted and the message receiving end identifier, storing the message identifier, the sub-message to be transmitted and the message receiving end identifier into a message queue, and then when the message receiving end needs to use the sub-message to be transmitted for calculation, transmitting the sub-message to be transmitted into a calculation node corresponding to the calculation node sub-identifier in the message identifier to be transmitted for calculation. Namely, the computing nodes in the server are consistent with the computing nodes used by the message receiving end, thereby improving the execution efficiency and the fault tolerance. For example, the message to be transmitted may be composed of two attributes (key, message), where the key refers to the identifier of the message to be transmitted, and is composed of the number of the computing node and the name of the variable to be transmitted, so as to distinguish the type of the variable of the message and needs to be received by the computing node corresponding to the message receiving end. The Message is the Message content, and may be accompanied by additional attribute values, such as Message length, etc., and may perform Message size and integrity verification, etc. In an embodiment, the message to be transmitted may also be composed of three attributes (key, message, Target), where Target refers to an Identity document (unique code) of the message transmission, and is used to indicate the receiving end of the message transmission.
In the embodiment, the sub-messages to be transmitted are asynchronously transmitted to the message receiving end through the message transmission long connecting channel while the calculation processing is carried out, so that the waiting time for transmission after the calculation processing of all the original sub-messages to be transmitted is finished is avoided, the message security is ensured, and the message transmission efficiency is improved.
In one embodiment, step 1004, asynchronously transmitting the sub-message to be transmitted and the corresponding message identifier to be transmitted to the message receiving end through the established message transmission long connection channel, includes the steps of:
and compressing the sub-message to be transmitted and the corresponding message identifier to be transmitted through a preset message compression component to obtain a compressed message, and asynchronously transmitting the compressed message to a message receiving end through a message transmission long connecting channel.
The preset message compression component is a preset component for message compression. The compressed message refers to a message obtained by compressing the sub-message to be transmitted and the corresponding message identifier to be transmitted by using a compression algorithm, which may be a general compression algorithm, such as an LZ4 (a lossless compression algorithm) algorithm, a ZLIB (function library for data compression) algorithm, a ZSTD (a fast real-time open source data compression program) algorithm, a SNAPPY (C + + development kit for compression and decompression), and the like.
Specifically, because communication overhead caused by the problem of ciphertext expansion due to homomorphic encryption causes communication bottleneck during cross-network transmission, the sub-message to be transmitted and the corresponding message identifier to be transmitted are compressed through a preset message compression component to obtain a compressed message, and the compressed message is asynchronously transmitted to a message receiving end through a message transmission long connecting channel, so that the cross-network communication overhead can be reduced, and the communication efficiency is improved. In one embodiment, the message to be transmitted may also be compressed using a message transmission component.
In a specific embodiment, an application scenario diagram is provided, as shown in fig. 11, which is a diagram for performing message acquisition, specifically:
participant server a does not expose port information and participant server B exposes static port information. At this time, when the participant server a needs to pull a message to the participant server B, the participant server a acquires a message acquisition instruction, and the message acquisition instruction carries the identifier of the message to be acquired. The participant server A generates a message acquisition request based on the message identification to be acquired, and sends the message acquisition request to the participant server B through a message transmission component by using the established message acquisition long connecting channel, the participant server B receives the message acquisition request through the message transmission component, acquires a target message corresponding to the message identification to be acquired from a message storage queue based on the message acquisition request, generates response information based on the message identification to be acquired and the target message, and responds to the message acquisition request by using the message transmission component. And the participant server A acquires response information returned by the message storage end through the message acquisition long connecting channel by using the message transmission component.
In a specific embodiment, an application scenario diagram is provided, as shown in fig. 12, which is a diagram for performing message transmission, specifically:
participant server a does not expose port information and participant server B exposes static port information. At this time, when the participant server a needs to transmit a message to the participant server B, and the participant server a receives the message transmission instruction, it generates the dynamic connection information of the participant server a, and establishes a message transmission long connection channel with the static port of the participant server B. And then, acquiring original messages to be transmitted corresponding to the transmission message identifications from the data center, and then carrying out homomorphic encryption on the original messages to be transmitted in corresponding actuators, namely computing nodes. Fig. 13 is a schematic diagram of parallel computing and asynchronous transmission performed by the computing nodes. In the conventional method, after all original messages to be transmitted are encrypted, the participant server a can transmit the encrypted messages to the participant server B, which results in low message transmission efficiency. In the application, the participant server A performs parallel asynchronous computation through each computing node, namely each computing node divides the original message to be transmitted into each original transmission sub-message, each computing node encrypts the original message to be transmitted in a homomorphic way and transmits the encrypted original sub-message to be transmitted into a message queue, then encrypting the next original sub-message to be transmitted, simultaneously acquiring the encrypted sub-message to be transmitted from the message queue by the message transmission component, and transmits the encrypted sub-message to be transmitted to the participant server B through the message transmission long connection channel, participant server B saves the received encrypted pending sub-message to the message queue via the message transfer component, then homomorphic operation is carried out on the homomorphic encrypted message in the participant server B, and the homomorphic operation result is responded to the participant server A through the message transmission long connecting channel. Thereby, the data security and the message transmission efficiency can be improved. In this embodiment, the participating server a may also pull the message from the participating server B, that is, obtain the message stored in the participating server B message queue. In a specific embodiment, the participant server a and the participant server B may be nodes in a blockchain, and the message acquisition method is applied to the blockchain.
In a specific embodiment, a message obtaining method is provided, as shown in fig. 14, where the message obtaining method is executed by a server, and specifically includes:
step 1402, obtaining a message obtaining instruction, wherein the message obtaining instruction carries a message identifier to be obtained;
step 1404, acquiring a static port identifier of a message storage end and a corresponding internet protocol address of the message storage end based on the message acquisition instruction, and generating first dynamic connection information, wherein the first dynamic connection information comprises the first dynamic port identifier and the corresponding first internet protocol address;
step 1406, a message obtaining long connection establishment request is sent to the message storage end based on the message storage end static port identifier and the message storage end internet protocol address, the message obtaining long connection establishment request carries the first dynamic port identifier and the corresponding first internet protocol address, the message storage end monitors the static port corresponding to the message storage end static port identifier, a target thread is established based on the message obtaining long connection establishment request, and the target thread is used for establishing a message obtaining long connection channel according to the first dynamic port identifier, the first internet protocol address, the message storage end static port identifier and the message storage end internet protocol address.
Step 1408, acquiring the digital signature information, sending the digital signature information to the message storage end through the message acquisition long connection channel, decrypting the digital signature information to obtain a public key when the message storage end uses the message storage end signature authentication information to authenticate that the digital signature information passes through, generating a temporary symmetric key, encrypting the temporary symmetric key by using the public key to obtain secret key information, and returning the secret key information through the message acquisition long connection channel.
Step 1410, obtaining the key information returned by the message storage end, and decrypting the key information by using a private key corresponding to the public key to obtain a temporary symmetric key; and encrypting the message acquisition request by using the temporary symmetric key to obtain a message encryption request, and transmitting the message encryption request to a message storage end through the message acquisition long connecting channel.
Step 1412, acquiring response information returned by the message storage end through the message acquisition long connection channel, storing the response information into a first message queue, acquiring a first target message by the computing node, wherein the first target message and a target message in the response information are obtained after homomorphic encryption, and performing homomorphic operation based on the first target message and the target message in the response information to obtain a homomorphic operation result;
and step 1414, storing the homomorphic operation result in the first message queue, returning the homomorphic operation result to the corresponding message storage end through the corresponding message acquisition long connection channel, acquiring a transmission completion message returned by the message acquisition long connection channel, and destroying the message based on the transmission completion message to acquire the long connection channel.
In one embodiment, as shown in fig. 15, there is provided a message transmission system including: the message sending terminal 1502, the message receiving terminal 1506 and the server terminal 1504, wherein the message sending terminal 1502 is connected with the server terminal 104 through a message transmission long connecting channel, and the message receiving terminal 1506 is connected with the server terminal 1504 through a message pull long connecting channel; the message transmission long connecting channel is established by the dynamic port information generated by the message sending end and the server end; the message pull long connecting channel is established by the dynamic port information generated by the message receiving end and the server end;
the message sending end 1502 is configured to obtain a message transmission instruction, where the message transmission instruction carries a message identifier to be transmitted and a corresponding message to be transmitted, and send the message identifier to be transmitted and the corresponding message to be transmitted to the server through the message transmission long connection channel;
the server 1504 is configured to store the message identifier to be transmitted and the corresponding message to be transmitted in the target message queue;
the message receiving end 1506 is configured to obtain a message obtaining instruction, where the message obtaining instruction carries a message identifier to be transmitted, generate a target message obtaining request based on the message identifier to be transmitted, and send the target message obtaining request to the server through the message pull long connection channel;
the server 1504 is further configured to obtain a to-be-transmitted message corresponding to the to-be-transmitted message identifier from the target message queue based on the target message obtaining request, generate a target response message based on the to-be-transmitted message identifier and the to-be-transmitted message, and respond to the target message obtaining request;
the message receiving end 1506 is further configured to obtain the returned target response message through the message pull long connection channel.
Wherein, the message sending end is a server which needs to send messages. The message receiving end is a server which needs to acquire the message. The target message queue refers to a message queue for storing messages by the server, and the target message queue may include message queues corresponding to multiple parties, that is, different message sending ends have corresponding target message queues in the server. The target message acquisition request refers to a request for acquiring a message from a server. The target response message refers to a response message returned by the server.
Specifically, when the real port information is not exposed at both the message sending end and the message receiving end, a third-party server may be used for message transmission at this time. That is, the message sending end sends the message to be transmitted to the third-party server, and then the message receiving end obtains the required message from the third-party server. The third party service end exposes the real port information to the external network.
In an embodiment, the message sending end is further configured to encrypt the message identifier to be transmitted and the corresponding message to be transmitted by using a preset secure transmission protocol to obtain an encrypted message, and send the encrypted message to the server end through the message transmission long connection channel. In an embodiment, the message sending end is further configured to compress the encrypted message by using a preset message compression component to obtain a compressed message, and asynchronously transmit the compressed message to the server end through the message transmission long connection channel.
In an embodiment, the message sending end is further configured to obtain at least two to-be-transmitted messages corresponding to the to-be-transmitted message identifiers, and transmit the at least two to-be-transmitted message identifiers and the corresponding to-be-transmitted messages to the corresponding at least two service ends through the at least two established message transmission long connection channels.
In one embodiment, the message sending end is further configured to obtain an original message to be transmitted corresponding to the transmission message sub-identifier, and send the original message to be transmitted to the computing node corresponding to the computing node sub-identifier; the method comprises the steps that a computing node divides original messages to be transmitted to obtain original sub-messages to be transmitted, determines the original sub-messages to be transmitted currently from the original sub-messages to be transmitted, performs computing processing on the original sub-messages to be transmitted currently to obtain sub-messages to be transmitted, asynchronously transmits the sub-messages to be transmitted and corresponding message identifications to be transmitted to a server through an established message transmission long connecting channel, and returns to the step of determining the original sub-messages to be transmitted currently from the original sub-messages to be transmitted until the original sub-messages to be transmitted are traversed and completed. The calculation processing may include encrypting the current original sub-message to be transmitted by using an asymmetric key generated by the message receiving end to obtain the sub-message to be transmitted, where the sub-message to be transmitted is an encrypted message. The server side cannot decrypt and acquire the message before encryption, so that the server side can be prevented from attacking to acquire real original data.
In an embodiment, the message receiving end is further configured to encrypt the generated target message acquisition request using a preset secure encryption transmission protocol, and send the encrypted target message acquisition request to the server end through the message pull long connection channel.
In one embodiment, the message receiving end is further configured to store the response information into a message queue, and generate an acquisition completion message; encrypting the acquired message by using a preset secure transmission protocol to obtain an encrypted message; and returning an encryption completion message through the message acquisition long connecting channel, and destroying the message to acquire the long connecting channel.
In one embodiment, the message acquisition instruction acquired by the message receiving end carries at least two message identifiers to be acquired and corresponding server identifiers. And generating at least two message acquisition requests based on at least two message identifications to be acquired and corresponding message storage end identifications, and sending the corresponding message acquisition requests to corresponding service ends through at least two message acquisition long connecting channels. And acquiring at least two response messages returned by the at least two service terminals through the at least two message acquisition long connecting channels.
In one embodiment, the message sending end may also serve as a message receiving end, and the message receiving end may also serve as a message sending end. Can be set according to requirements.
In an embodiment, the message sending end may also implement the steps of any embodiment of message transmission in the above message obtaining method. The message receiving end may also implement the steps of the message acquiring method in any of the above embodiments.
In the message transmission system, a message sending end sends a message identification to be transmitted and a corresponding message to be transmitted to a server end through a message transmission long connecting channel, a message receiving end obtains a returned target response message from the server end through a message pulling long connecting channel, the message transmission long connecting channel is established between dynamic port information generated by the message sending end and the server end, and the message pulling long connecting channel is established between the dynamic port information generated by the message receiving end and the server end. Therefore, the message sending end and the message receiving end can avoid exposing the real port information outwards, and the message transmission can be carried out while the data security in the message sending end and the message receiving end is ensured.
In one embodiment, as shown in fig. 16, the system includes at least two message senders; at least two message sending ends and a server end are connected through corresponding message transmission long connecting channels;
a first message sending end of the at least two message sending ends is used for obtaining a first message transmission instruction, the first message transmission instruction carries a first message identification to be transmitted and a corresponding first message to be transmitted, and the first message identification to be transmitted and the corresponding first message to be transmitted are sent to a server end through a first message transmission long connecting channel;
and a second message sending end of the at least two message sending ends is used for obtaining a second message transmission instruction, the second message transmission instruction carries a second message identifier to be transmitted and a corresponding second message to be transmitted, and the second message identifier to be transmitted and the corresponding second message to be transmitted are sent to the server end through a second message transmission long connecting channel.
Specifically, different message sending ends can send messages to the server and store the messages in a message queue of the server. The server provides message storage service for each message sending end. The messages stored by the server are all encrypted messages.
In one embodiment, as shown in FIG. 16, the system includes at least two message receivers; at least two message receiving ends are connected with the server end through corresponding message pulling long connecting channels;
and the at least two message receiving ends are respectively used for acquiring the returned target response message through the corresponding message pulling long connecting channel.
Specifically, different message receiving ends can obtain the required message from the message queue of the server.
In one embodiment, the server includes a computing resource, and the server is further configured to obtain a message to be computed from the target message queue, perform computation using the message to be computed based on the computing resource, obtain a computation result, and store the computation result in the target message queue. The message sending end is also used for obtaining the calculation result from the target message queue through the message transmission long connecting channel. The message receiving end is also used for obtaining the calculation result from the target message queue through the message pull long connecting channel.
The computing resource refers to a resource used for computing, such as a memory resource, a CPU (central processing unit) resource, and the like. The message to be calculated may be a message stored at the server by at least two message senders. The server may perform calculation using at least two messages stored in the server by the message sending end, for example, when performing federal learning, calculate to obtain a model training intermediate result, and return the model training intermediate result to each model training participant.
Specifically, the server may include a computing resource, where the computing resource is used to assist in multi-party computing, that is, the server may obtain its own computing resource and use the message to be computed to perform computing, obtain a computing result, and store the computing result in the target message queue. The message sending end is also used for obtaining a calculation result from the target message queue through the message transmission long connecting channel. The message receiving end is also used for obtaining the calculation result from the target message queue through the message pull long connecting channel. Therefore, joint calculation can be carried out on the basis of ensuring the data security, and the accuracy of the calculation result is improved.
In one embodiment, the message to be transmitted is obtained by encrypting the message sending end by using a symmetric key, and the symmetric key is generated by the message receiving end. The encrypted message to be transmitted is sent to the server for storage, then the encrypted message to be transmitted can be pulled by the message receiving terminal, and the encrypted message to be transmitted is decrypted by the symmetric key to obtain the original message to be sent by the message receiving terminal. Because the message stored by the server is the encrypted message, the message leakage can be avoided, and the server is prevented from carrying out man-in-the-middle attack, thereby ensuring the safety of the message to be transmitted.
In one embodiment, the message sending end is further configured to generate an asymmetric key, where the asymmetric key includes a public key and a private key, and the public key is sent to the message receiving end through an auxiliary channel; the message sender identifier is used for uniquely identifying the message sender, and may be a name, a number, a character string, and the like. The message sending end generates an own asymmetric key. The auxiliary channel refers to communication between a message sending end and a message receiving end in an off-line mode. The off-line mode refers to a mode that a message sending end is not connected with a message receiving end network, contacts through manual or other modes and carries out corresponding operation. For example, the message receiving end manager and the message sending end manager may obtain the public key face to face. The message receiving end manager and the message sending end manager communicate through an instant messaging tool to obtain the public key, wherein the instant messaging tool can be WeChat, QQ (instant messaging application), enterprise WeChat, nailing and the like.
The message receiving end is also used for acquiring a public key, generating a symmetric key, encrypting the symmetric key by using the public key to obtain an encrypted message, generating a message receiving end identifier, and sending the message receiving end identifier and the encrypted message to the server end through a corresponding target message transmission long connecting channel; the message receiving end identification is used for uniquely identifying the message receiving end. The message receiving end acquires the public key in an off-line mode, the public key can be stored, and when the public key needs to be used, the public key is acquired for use.
The server is also used for storing the message receiving end identification and the encrypted message into a target message queue in a related manner;
the message sending end is also used for sending a key information acquisition request to the server end through the corresponding target message lengthening connecting channel, and the key information acquisition request carries a message receiving end identifier; the message sending end continuously polls through a corresponding target message lengthening connecting channel to send a key information acquisition request to the server end until a response message is acquired.
The server is also used for generating a key response message by using the message receiving end identification and the encryption message based on the key information acquisition request and responding to the key information acquisition request; the server can acquire the message receiving end identification and the corresponding encrypted message from the target message queue based on the key information acquisition request.
The message sending end is further used for obtaining the returned key response message through the target message lengthening connection channel, and decrypting the encrypted message in the key response message by using the private key to obtain the symmetric key.
In one embodiment, the message sending end is further configured to generate an asymmetric key, where the asymmetric key includes a public key and a private key, and the public key is sent to the message receiving end through the auxiliary channel. The message receiving terminal is further configured to obtain the public key, generate the symmetric key, encrypt the symmetric key using the public key to obtain a target encrypted message, and send the target encrypted message to the message sending terminal through the auxiliary channel. The message sending end is further used for obtaining the target encryption message through the auxiliary channel and decrypting the target encryption message by using the private key to obtain the symmetric key. Wherein, the message sender can also send the symmetric key to the message sender through the auxiliary channel. Meanwhile, in order to prevent the symmetric key from being leaked, the public key of the message sending end is used for encrypting the symmetric key and then sending the encrypted symmetric key, so that the safety of the symmetric key is ensured.
The message sending end and the server end establish a message transmission long connecting channel and a target message pulling long connecting channel. The target message pull long connection channel refers to a long connection channel used by a message sending end for pulling a message from a server end. The message receiving end and the server end establish a message pulling long connecting channel and a target message transmission long connecting channel. The long connection channel for target message transmission refers to a long connection channel used by a message receiving end for pulling a message from a service end. And then establishing a secure communication channel between the message sending end and the message receiving end, namely the message sending end needs to acquire the symmetric key generated by the message receiving end. After the message sending end obtains the symmetric key, the encrypted message can be sent to the message receiving end through the server end, so that the safety of the message is ensured, and the server end is prevented from carrying out man-in-the-middle attack.
The application further provides an application scenario applying the message transmission system. Specifically, as shown in fig. 17, an application scenario diagram of the message transmission system is shown, where a participant server a and a participant server B are both servers in the financial field, and in order to strictly protect private data in the servers, neither the participant server a nor the participant server B exposes port information to the external network. At this time, when the participant server a needs to transmit a message to the participant server B or the participant server B needs to transmit a message to the participant server a, the message needs to be stored in a third-party server, such as a cloud server, and then the message can be acquired from the cloud server. When a participant server A needs to transmit user financial messages to a participant server B, the participant server A establishes a message transmission long connection channel between the participant server A and a cloud server by generating dynamic port information and static port information of the cloud server, and then obtains a message to be transmitted, wherein the message to be transmitted is composed of three attributes (key, message, target). And then, the financial messages of the user are subjected to parallel homomorphic encryption through each computing node, then the homomorphic encrypted messages are asynchronously transmitted to a cloud server through a message transmission long connecting channel by using a message transmission component, and the cloud server stores the homomorphic encrypted messages into a target message queue. Participant server B may then pull the homomorphic encrypted user financial message stored by participant server a from the cloud server. After homomorphic encryption, the participant server B can further encrypt by using an asymmetric key generated by the back participant server B, and then perform asynchronous transmission, thereby further ensuring the security of the financial information of the user. In one embodiment, the third party server may be a blockchain node that stores homomorphically encrypted user financial messages into the blockchain node.
In one embodiment, the message acquisition method can be applied to the application scenario of federal learning, in particular.
The server acquires a model training instruction, wherein the model training instruction carries a participation end identifier and participation end static port information. And the participant end identification is used for uniquely identifying the participant end participating in the prediction model training. The participating end may be a server end. The participating end static port information refers to static port information corresponding to the participating end. Specifically, when prediction model training is required, because the training data is the privacy data of each participant, the server cannot directly acquire the data for training, and at this time, the server may acquire a model training instruction sent by the terminal, where the model training instruction carries a participant terminal identifier and participant terminal static port information. In one embodiment, the model training instruction carries multiple participant side identifiers and corresponding participant side static port information, where the multiple participant side identifiers refer to at least two participant side identifiers, that is, the prediction model may be trained by multiple participant sides together during training.
The server responds to the model training instruction to generate training dynamic port information, and a model training long connecting channel is established on the basis of the training dynamic port information, the participation end static port information and the participation end corresponding to the participation end identification. The dynamic port training information refers to dynamic port information used by the server in predictive model training. The model training long connecting channel refers to a long connecting channel used in model training, and is used for transmitting an intermediate result of the model training. Specifically, the server responds to the model training instruction to perform dynamic port allocation according to the port range capable of being allocated, and training dynamic port information is obtained. And then, establishing a long connecting channel between the server and the participating terminal by using the dynamic port number and the IP address in the training dynamic port information and the static port number and the IP address in the participating terminal static port information, namely obtaining the model training long connecting channel.
The server obtains a first training data set, inputs the first training data set into a first initial prediction submodel for prediction to obtain a first initial prediction result, and homomorphically encrypts the first initial prediction result to obtain a first encrypted prediction result. The first training data set refers to a data set used in the server for participating in the prediction model training, and the first training data set is a part of data used in the prediction model training. The first initial predictor model refers to a predictor model with initialized model parameters, which is part of the prediction model. Each participating end has a corresponding initial predictor model, which is a model established using a linear regression algorithm. The first initial prediction result is a result predicted by using an initial predictor model. The first encrypted prediction result is the first initial prediction result after homomorphic encryption. Specifically, the server may obtain a first training data set from the database or from the message queue, then input the first training data set into the first initial prediction sub-model for prediction to obtain a first initial prediction result, that is, an intermediate result of model training, and then homomorphically encrypt the first initial prediction result by using a homomorphic encryption algorithm to obtain a first encrypted prediction result.
The server asynchronously transmits the first encryption prediction result to the participation end through the model training long connecting channel, the participation end receives the first encryption prediction result and obtains a participation end training data set and training label information, the training label information is label information corresponding to the participation end training data set and the first training data set, the participation end training data set is input into the participation end initial sub-model to be calculated, a participation end initial prediction result is obtained, homomorphic encryption is carried out on the participation end initial prediction result, a participation end encryption prediction result is obtained, parameter calculation is carried out based on the participation end encryption prediction result, the first encryption prediction result and the training label information, a model adjustment parameter is obtained, the model adjustment parameter is returned through the model training long connecting channel, and the participation end initial prediction sub-model is adjusted by the model adjustment parameter. The participant-side training data set refers to a set of training data to be used in a participant side when a prediction model is trained, and all participant-side training data sets and the first training data set are used as complete training data for training the prediction model. The training label information is label information corresponding to a training data set and a first training data set of the participating end, and the training label is data which does not exist in the server and is data stored in the participating end. The training labels are used for identifying real prediction results corresponding to the training data. The initial prediction result of the participating end is a prediction result obtained by predicting the training data of the participating end by using the initial prediction submodel of the participating end. The participation terminal initial predictor model refers to a predictor model for initializing model parameters in the participation terminal. The model adjustment parameter is a parameter for performing adjustment of the model parameter, and may be gradient information. Specifically, the server asynchronously transmits the first encryption prediction result to the participating end through the model training long connecting channel, the participating end receives the first encryption prediction result, acquires a participating end training data set and training label information, inputs the participating end training data set into a participating end initial sub-model for prediction to obtain an output participating end initial prediction result, and homomorphically encrypts the participating end initial prediction result to obtain a participating end encryption prediction result. And the participating end encrypts the training label information in a homomorphic manner to obtain training encrypted label information, calculates the encryption prediction result of the participating end and the error between the first encryption prediction result and the training encrypted label information, and calculates to obtain a model adjusting parameter according to the error. And then returning the model adjustment parameters through the model training long connecting channel, and adjusting the model parameters in the initial prediction sub-model of the participating end by using the model adjustment parameters.
And the server acquires model adjustment parameters returned by the participating end through the model training long connecting channel and adjusts the first initial prediction submodel based on the model adjustment parameters. Specifically, the server obtains model adjustment parameters returned by the participating end through the model training long connecting channel, and updates the model parameters in the first initial prediction sub-model by using the model adjustment parameters to obtain the updated prediction sub-model.
The method comprises the steps of generating training dynamic port information when a model training instruction is obtained, establishing a model training long connecting channel based on the training dynamic port information and the participation end static port information and the participation end corresponding to the participation end identification, then obtaining an intermediate result of model training, namely a first initial prediction result, homomorphically encrypting the first initial prediction result to obtain a first encryption prediction result, then asynchronously transmitting the first encryption prediction result to the participation end through the model training long connecting channel, namely establishing a data transmission long connecting channel by using the training dynamic port information, avoiding exposing actual port information, preventing data leakage, improving data safety, and carrying out asynchronous transmission after homomorphic encryption on the first initial prediction result, so that the safety of data transmission in the model training process is improved and the data transmission efficiency is improved, and then the model training efficiency is improved, model adjusting parameters returned by the participating end are obtained through the model training long connecting channel, the first initial prediction submodel is adjusted based on the model adjusting parameters, namely the first initial prediction submodel is adjusted by using the model adjusting parameters returned by the participating end, and the model training performance is ensured.
And then the server acquires a first updating prediction submodel obtained by adjusting the first initial prediction submodel, the first updating prediction submodel is used as the first initial prediction submodel, the step of inputting the first training data set into the first initial prediction submodel for prediction is returned to be executed until the first updating prediction submodel meeting the training completion condition is used as a first target prediction submodel when the model adjustment parameter meets the training completion condition, the model training long connecting channel is destroyed, and the first target prediction submodel is used for predicting input data to obtain a first prediction result. The first updating predictor model is a model obtained by updating the first initial predictor model by using the model adjusting parameters. The condition of the training completion condition prediction model is met, and the condition can include that the model adjustment parameter is not more than a preset threshold value or the training iteration number reaches the maximum iteration number. The first target predictor model refers to a trained predictor model. And the participating end can obtain a participating end target prediction submodel when the training completion condition is met, and all participating end target prediction submodels and the first target prediction submodel jointly complete the prediction of the input data to obtain a final prediction result. The input data is data which needs to be subjected to prediction results, and can be user financial data used for predicting the user financial risk level, or can be category data used for predicting a category corresponding to the category data. Specifically, the server obtains a first updated predictor model obtained by adjusting the first initial predictor model, the first updated predictor model is used as the first initial predictor model, the step of inputting the first training data set into the first initial predictor model for prediction is returned, the first updated predictor model meeting the training completion condition is used as the first target predictor model when the model adjustment parameters meet the training completion condition, the model training long connecting channel is destroyed, and then the first target predictor model can be deployed and used.
Namely, the server can obtain a model prediction instruction, and the model prediction instruction carries data to be predicted and the information of the participating terminal static port. And responding to the model prediction instruction to generate model prediction dynamic port information, and establishing a model prediction long connecting channel with the participating terminal based on the model prediction dynamic port information and the participating terminal static port information. The data to be predicted may be different data in different application scenarios, for example, in an application scenario of wind control risk prediction in the financial field, the data to be predicted may be financial data of a user, and may include user financial product data, user basic attribute data, user loan data, and the like. For example, in the application scenario of spam prediction, the data to be predicted may be mail content data, and may include a mail body, a mail sending address, a mail sending time, and the like. For example, in an application scenario of face recognition, the data to be predicted may be a face image or the like. The model-predicted long connection channel is a long connection channel used in model prediction. Specifically, the server can be used when the first target prediction model is deployed, that is, the server obtains a model prediction instruction sent by the terminal, and the model prediction instruction carries data to be predicted and the information of the participating terminal static port. And the server responds to the model prediction instruction to perform model prediction dynamic port allocation to obtain model prediction dynamic port information, and then a model prediction long connecting channel between the server and the participating terminal is established by using the dynamic port number and the IP address in the model prediction dynamic port information and the dynamic port number and the IP address in the static port information of the participating terminal. The server inputs data to be predicted into a first target prediction sub-model to obtain a first prediction sub-result, the first prediction sub-result is transmitted to the participant end through the model prediction long connecting channel in an asynchronous mode, the participant end receives the first prediction sub-result to obtain the participant end prediction sub-result, the model prediction result is obtained based on the first prediction sub-result and the participant end prediction sub-result, and the model prediction result is returned through the model prediction long connecting channel. And the first predictor result is the result output after the first target predictor model predicts the data to be predicted. And the participation end predictor result is the result output after the participation end predictor model predicts the data to be predicted. Specifically, the server inputs data to be predicted into a first target predictor model to obtain a first predictor result, homomorphic encryption is carried out on the first predictor result to obtain an encrypted first predictor result, the encrypted first predictor result is transmitted to a participant end through a model prediction long connection channel in an asynchronous mode, the participant end receives the encrypted first predictor result, the data to be predicted is predicted through the target predictor model in the participant end to obtain a participant end predictor result, homomorphic encryption is carried out on the participant end predictor result to obtain an encrypted participant end predictor result, homomorphic operation is carried out according to the encrypted participant end predictor result and the encrypted first predictor result to obtain a model prediction result, and the model prediction result is used for representing a final prediction result of the data to be predicted. And then returning the model prediction result through the model prediction long connecting channel.
And the server acquires a model prediction result through the model prediction long connecting channel and destroys the model prediction long connecting channel. And the server acquires the model prediction result returned by the participating end through the model prediction long connecting channel, stores the model prediction result and destroys the model prediction long connecting channel.
In the embodiment, the model prediction long connecting channel is used for transmitting the predictor result in the data to be predicted, so that the first predictor result and the participant terminal predictor result are used for obtaining the model prediction result, the obtained model prediction result is more accurate, and the accuracy of model prediction is improved.
It should be understood that although the various steps in the flowcharts of fig. 2-14 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least some of the steps in fig. 2-14 may include multiple steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, which are not necessarily performed in sequence, but may be performed in turn or alternately with other steps or at least some of the other steps or stages.
In one embodiment, as shown in fig. 18, a message acquiring apparatus 1800 is provided, which may be a part of a computer device using a software module or a hardware module, or a combination of the two, and specifically includes: an instruction obtaining module 1802, a request sending module 1804 and an information obtaining module 1806, wherein:
an instruction obtaining module 1802, configured to obtain a message obtaining instruction, where the message obtaining instruction carries an identifier of a message to be obtained;
a request sending module 1804, configured to generate a message obtaining request based on the message identifier to be obtained, and send the message obtaining request to the message storage end through the established message obtaining long connection channel, where the message storage end obtains a target message corresponding to the message identifier to be obtained from the stored message queue based on the message obtaining request, and generates response information and responds to the message obtaining request based on the message identifier to be obtained and the target message; the message acquisition long connection channel is established with the message storage end through the generated first dynamic connection information;
an information obtaining module 1806, configured to obtain, through the message obtaining long connection channel, response information returned by the message storage end.
In one embodiment, the instruction obtaining module 1802 is further configured to obtain, based on the message obtaining instruction, a static port identifier of the message storage and a corresponding internet protocol address of the message storage, and generate first dynamic connection information, where the first dynamic connection information includes the first dynamic port identifier and the corresponding first internet protocol address; sending a message acquisition long connection establishment request to a message storage end based on a message storage end static port identifier and a message storage end internet protocol address, wherein the message acquisition long connection establishment request carries a first dynamic port identifier and a corresponding first internet protocol address, the message storage end monitors a static port corresponding to the message storage end static port identifier, creates a target thread based on the message acquisition long connection establishment request, and establishes a message acquisition long connection channel according to the first dynamic port identifier, the first internet protocol address, the message storage end static port identifier and the message storage end internet protocol address by using the target thread.
In one embodiment, the message acquisition long connection channel transmits based on a preset secure transmission protocol;
the request sending module 1804 is further configured to obtain digital signature information, where the digital signature information is obtained by performing digital signature using a public key; the method comprises the steps that digital signature information is sent to a message storage end through a message acquisition long connecting channel, when the message storage end uses message storage end signature authentication information to authenticate that the digital signature information passes, the digital signature information is decrypted to obtain a public key and generate a temporary symmetric key, the temporary symmetric key is encrypted by using the public key to obtain secret key information, and the secret key information is returned through the message acquisition long connecting channel; obtaining secret key information returned by the message storage end, and decrypting the secret key information by using a private key corresponding to the public key to obtain a temporary symmetric secret key; and encrypting the message acquisition request by using the temporary symmetric key to obtain a message encryption request, and transmitting the message encryption request to a message storage end through the message acquisition long connecting channel.
In one embodiment, the message acquiring apparatus 1800 further includes:
the signature authentication module is used for generating an asymmetric secret key, and the asymmetric secret key comprises a public key and a private key; sending a digital signature authentication request to a digital authentication server, wherein the digital signature authentication request carries a public key, the digital authentication server generates an authentication private key and an authentication public key based on the digital signature authentication request, signs the public key by using the authentication private key to obtain digital signature information, generates signature authentication information by using the authentication private key and the authentication public key, and returns the digital signature information and the signature authentication information; and acquiring and storing the digital signature information and the signature authentication information returned by the digital authentication server.
In one embodiment, the message obtaining apparatus 1800 further includes:
the channel destroying module is used for storing the response information into the first message queue and generating an acquisition completion message; encrypting the acquired message by using a preset secure transmission protocol to obtain an encrypted message; and returning an encryption completion message through the message acquisition long connecting channel, and destroying the message to acquire the long connecting channel.
In one embodiment, the message acquisition instruction carries at least two message identifiers to be acquired and corresponding message storage end identifiers;
the request sending module 1804 is further configured to: generating at least two message acquisition requests based on at least two message identifications to be acquired and corresponding message storage end identifications; sending a corresponding message acquisition request to a corresponding message storage end through at least two message acquisition long connecting channels;
the information obtaining module 1806 is further configured to obtain, through the at least two message obtaining long connection channels, at least two response messages returned by the message storage ends corresponding to the at least two message storage end identifiers.
In one embodiment, the target message in the response message is obtained after homomorphic encryption;
the message acquiring apparatus 1800 further includes:
the homomorphic operation module is used for acquiring a first target message, and the first target message is obtained after homomorphic encryption; homomorphic operation is carried out on the basis of the first target message and the target message in the at least two pieces of response information to obtain homomorphic operation results; and returning the homomorphic operation result to the corresponding message storage end through the corresponding message acquisition long connecting channel.
In one embodiment, the message identifier to be acquired comprises a computing node sub identifier and a message sub identifier to be acquired; the homomorphic operation module is further used for the computing node corresponding to the computing node sub-identifier to perform homomorphic operation based on the first target message and the target message corresponding to the message sub-identifier to be obtained in the at least two response messages, so as to obtain a homomorphic operation result corresponding to the computing node.
In one embodiment, the message acquiring apparatus 1800 further includes:
the message transmission module is used for acquiring a message transmission instruction, and the message transmission instruction carries a message identifier to be transmitted; acquiring a message to be transmitted corresponding to the message identifier to be transmitted, and transmitting the message identifier to be transmitted and the corresponding message to be transmitted to a message receiving end through an established message transmission long connecting channel; the message receiving end receives the message identification to be transmitted and the corresponding message to be transmitted, stores the message identification to be transmitted and the corresponding message to be transmitted in a message queue of the message receiving end, generates a transmission completion message, and returns the transmission completion message through a message transmission long connecting channel; the message transmission long connecting channel is established with the message receiving end through the generated second dynamic connecting information; and acquiring a transmission completion message returned by the message transmission long connecting channel, and destroying the message transmission long connecting channel based on the transmission completion message.
In one embodiment, the message transmission long connecting channel is transmitted based on a preset safe transmission protocol;
the message transmission module is also used for acquiring digital signature information, and the digital signature information is obtained by performing digital signature by using a public key; the method comprises the steps that digital signature information is sent to a message receiving end through a message transmission long connecting channel, when the message receiving end uses message receiving end signature authentication information to authenticate that the digital signature information passes through, the digital signature information is decrypted to obtain a public key and a temporary symmetric key is generated, the temporary symmetric key is encrypted by using the public key to obtain secret key information, and the secret key information is returned through the message transmission long connecting channel; obtaining secret key information returned by a message receiving end, and decrypting the secret key information by using a private key corresponding to the public key to obtain a temporary symmetric secret key; and encrypting the message identification to be transmitted and the corresponding message to be transmitted by using the temporary symmetric key to obtain a safe encrypted message, and transmitting the safe encrypted message to a message receiving end through a message transmission long connecting channel.
In one embodiment, the message transmission instruction carries at least two message identifications to be transmitted and corresponding message receiving end identifications;
the message transmission module is also used for acquiring at least two messages to be transmitted corresponding to the message identifications to be transmitted respectively, and transmitting the at least two message identifications to be transmitted and the corresponding messages to be transmitted to the corresponding message receiving ends through the established at least two message transmission long connecting channels; at least two message transmission long connecting channels are established by the message receiving ends corresponding to the message receiving end identifications and the generated at least two second dynamic connecting information.
In one embodiment, the message identifier to be transmitted comprises a computing node sub identifier and a message sub identifier to be transmitted;
the message transmission module is also used for acquiring an original message to be transmitted corresponding to the transmission message sub-identifier and sending the original message to be transmitted to the computing node corresponding to the computing node sub-identifier; the method comprises the steps that a computing node divides original messages to be transmitted to obtain original sub-messages to be transmitted, determines the original sub-messages to be transmitted currently from the original sub-messages to be transmitted, performs computing processing on the original sub-messages to be transmitted currently to obtain sub-messages to be transmitted, asynchronously transmits the sub-messages to be transmitted and corresponding message identifications to be transmitted to a message receiving end through an established message transmission long connecting channel, and returns to the step of determining the original sub-messages to be transmitted currently from the original sub-messages to be transmitted until the original sub-messages to be transmitted are traversed and completed.
In one embodiment, the message transmission module is further configured to compress the sub-message to be transmitted and the corresponding message identifier to be transmitted through a preset message compression component to obtain a compressed message, and asynchronously transmit the compressed message to the message receiving end through the message transmission long connection channel.
For specific limitations of the message acquiring apparatus, reference may be made to the above limitations on the message acquiring method, which is not described in detail herein. The modules in the message acquiring apparatus may be wholly or partially implemented by software, hardware and a combination thereof. The modules can be embedded in a hardware form or independent of a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, which may be a server, and its internal structure diagram may be as shown in fig. 19. The computer device includes a processor, a memory, and a network interface connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The database of the computer device is used for storing messages to be transmitted or response messages. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a message retrieval method.
In one embodiment, a computer device is provided, which may be a terminal, and its internal structure diagram may be as shown in fig. 20. The computer device comprises a processor, a memory, a communication interface, a display screen and an input device which are connected through a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The communication interface of the computer device is used for carrying out wired or wireless communication with an external terminal, and the wireless communication can be realized through WIFI, an operator network, NFC (near field communication) or other technologies. The computer program is executed by a processor to implement a message retrieval method. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, a key, a track ball or a touch pad arranged on the shell of the computer equipment, an external keyboard, a touch pad or a mouse and the like.
It will be appreciated by those skilled in the art that the configurations shown in fig. 19 and 20 are only block diagrams of some of the configurations relevant to the present application, and do not constitute a limitation on the computer apparatus to which the present application is applied, and a particular computer apparatus may include more or less components than those shown in the drawings, or may combine some components, or have a different arrangement of components.
In one embodiment, a computer device is further provided, which includes a memory and a processor, the memory stores a computer program, and the processor implements the steps of the above method embodiments when executing the computer program.
In an embodiment, a computer-readable storage medium is provided, in which a computer program is stored which, when being executed by a processor, carries out the steps of the above-mentioned method embodiments.
In one embodiment, a computer program product or computer program is provided that includes computer instructions stored in a computer-readable storage medium. The computer instructions are read by a processor of a computer device from a computer-readable storage medium, and the computer instructions are executed by the processor to cause the computer device to perform the steps in the above-mentioned method embodiments.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database or other medium used in the embodiments provided herein can include at least one of non-volatile and volatile memory. Non-volatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical storage, or the like. Volatile Memory can include Random Access Memory (RAM) or external cache Memory. By way of illustration and not limitation, RAM can take many forms, such as Static Random Access Memory (SRAM) or Dynamic Random Access Memory (DRAM), among others.
All possible combinations of the technical features in the above embodiments may not be described for the sake of brevity, but should be considered as being within the scope of the present disclosure as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is specific and detailed, but not to be understood as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent application shall be subject to the appended claims.
Claims (33)
1. A method for message acquisition, the method comprising:
acquiring a message acquisition instruction, wherein the message acquisition instruction carries a message identifier to be acquired;
generating a message acquisition request based on the message identification to be acquired, sending the message acquisition request to a message storage end through an established message acquisition long connecting channel, acquiring a target message corresponding to the message identification to be acquired from a stored message queue based on the message acquisition request by the message storage end, generating response information based on the message identification to be acquired and the target message, and responding to the message acquisition request; the message acquisition long connection channel is established with the message storage end through the generated first dynamic connection information; the first dynamic connection information comprises a first dynamic port identifier and a corresponding first internet protocol address, wherein the first dynamic port identifier is a unique identifier of a dynamic port distributed by a server;
and acquiring the response information returned by the message storage end through the message acquisition long connecting channel.
2. The method of claim 1, further comprising, after the obtaining the message obtaining instruction:
acquiring a static port identifier of a message storage end and a corresponding internet protocol address of the message storage end based on the message acquisition instruction, and generating first dynamic connection information, wherein the first dynamic connection information comprises a first dynamic port identifier and a corresponding first internet protocol address;
sending a message acquisition long connection establishment request to the message storage end based on the message storage end static port identification and the message storage end internet protocol address, wherein the message acquisition long connection establishment request carries the first dynamic port identification and the corresponding first internet protocol address, the message storage end monitors a static port corresponding to the message storage end static port identification, creates a target thread based on the message acquisition long connection establishment request, and establishes a message acquisition long connection channel according to the first dynamic port identification, the first internet protocol address, the message storage end static port identification and the message storage end internet protocol address by using the target thread.
3. The method according to claim 1, wherein the message acquisition long connection channel is transmitted based on a preset secure transmission protocol;
before the message obtaining instruction carries the identifier of the message to be obtained, the method further includes:
generating an asymmetric secret key, wherein the asymmetric secret key comprises a public key and a private key;
sending a digital signature authentication request to a digital authentication server, wherein the digital signature authentication request carries the public key, the digital authentication server generates an authentication private key and an authentication public key based on the digital signature authentication request, signs the public key by using the authentication private key to obtain digital signature information, generates signature authentication information by using the authentication private key and the authentication public key, and returns the digital signature information and the signature authentication information;
acquiring and storing the digital signature information and the signature authentication information returned by the digital authentication server;
the sending the message acquisition request to a message storage end through the established message acquisition long connection channel comprises the following steps:
acquiring digital signature information, wherein the digital signature information is obtained by performing digital signature by using a public key;
the digital signature information is sent to the message storage end through the message acquisition long connection channel, when the message storage end uses message storage end signature authentication information to authenticate that the digital signature information passes, the digital signature information is decrypted to obtain the public key and generate a temporary symmetric key, the temporary symmetric key is encrypted by using the public key to obtain secret key information, and the secret key information is returned through the message acquisition long connection channel;
obtaining the secret key information returned by the message storage end, and decrypting the secret key information by using a private key corresponding to the public key to obtain the temporary symmetric secret key;
and encrypting the message acquisition request by using the temporary symmetric key to obtain a message encryption request, and transmitting the message encryption request to the message storage end through the message acquisition long connecting channel.
4. The method according to claim 1, further comprising, after said obtaining the response information returned from the message storage via the message obtaining long connection channel:
storing the response information into a first message queue and generating an acquisition completion message;
encrypting the acquisition completion message by using a preset secure transmission protocol to obtain an encryption completion message;
and returning the encryption completion message through the message acquisition long connecting channel, and destroying the message acquisition long connecting channel.
5. The method according to claim 1, wherein the message acquisition instruction carries at least two message identifiers to be acquired and corresponding message storage end identifiers;
generating a message acquisition request based on the message identifier to be acquired, and sending the message acquisition request to a message storage end through the established message acquisition long connection channel, wherein the message acquisition request comprises the following steps:
generating at least two message acquisition requests based on the at least two message identifications to be acquired and the corresponding message storage end identifications;
sending a corresponding message acquisition request to a corresponding message storage end through at least two message acquisition long connecting channels;
acquiring the response information returned by the message storage end through the message acquisition long connection channel, wherein the response information comprises:
and acquiring at least two response messages returned by the message storage ends corresponding to the at least two message storage end identifications through the at least two message acquisition long connecting channels.
6. The method of claim 5, wherein the target message in the response message is obtained by homomorphic encryption;
after the at least two response messages returned by the message storage terminals corresponding to the at least two message storage terminal identifications are acquired through the at least two message acquisition long connecting channels, the method further includes:
acquiring a first target message, wherein the first target message is obtained after homomorphic encryption;
performing homomorphic operation based on the first target message and the target message in the at least two response messages to obtain homomorphic operation results;
and returning the homomorphic operation result to the corresponding message storage end through the corresponding message acquisition long connecting channel.
7. The method of claim 6, wherein the message identifier to be obtained comprises a computing node sub identifier and a message identifier to be obtained;
performing homomorphic operation based on the first target message and the target message in the at least two response messages to obtain homomorphic operation results, including:
and the computing node corresponding to the computing node sub-identifier performs homomorphic operation on the basis of the first target message and the target message corresponding to the message sub-identifier to be acquired in the at least two pieces of response information to obtain a homomorphic operation result corresponding to the computing node.
8. The method of claim 1, further comprising:
acquiring a message transmission instruction, wherein the message transmission instruction carries a message identifier to be transmitted;
acquiring a message to be transmitted corresponding to the message identifier to be transmitted, and transmitting the message identifier to be transmitted and the corresponding message to be transmitted to a message receiving end through an established message transmission long connecting channel; the message receiving end receives the message identification to be transmitted and the corresponding message to be transmitted, stores the message identification to be transmitted and the corresponding message to be transmitted in a message queue of the message receiving end, generates a transmission completion message, and returns the transmission completion message through the message transmission long connecting channel; the message transmission long connecting channel is established with the message receiving end through the generated second dynamic connecting information;
and acquiring a transmission completion message returned by the message transmission long connecting channel, and destroying the message transmission long connecting channel based on the transmission completion message.
9. The method according to claim 8, wherein the message transmission long connection channel transmits based on a preset secure transmission protocol;
the transmitting the message identifier to be transmitted and the corresponding message to be transmitted to the message receiving end through the established message transmission long connecting channel comprises the following steps:
acquiring digital signature information, wherein the digital signature information is obtained by performing digital signature by using a public key;
the digital signature information is sent to the message receiving end through the message transmission long connecting channel, when the message receiving end uses message receiving end signature authentication information to authenticate that the digital signature information passes, the digital signature information is decrypted to obtain the public key and generate a temporary symmetric key, the temporary symmetric key is encrypted by using the public key to obtain secret key information, and the secret key information is returned through the message transmission long connecting channel;
obtaining the secret key information returned by the message receiving end, and decrypting the secret key information by using a private key corresponding to the public key to obtain the temporary symmetric secret key;
and encrypting the message identification to be transmitted and the corresponding message to be transmitted by using the temporary symmetric key to obtain a safe encrypted message, and transmitting the safe encrypted message to the message receiving end through the message transmission long connecting channel.
10. The method according to claim 8, wherein the message transmission command carries at least two message identifiers to be transmitted and corresponding message receiver identifiers;
the acquiring the message to be transmitted corresponding to the message identifier to be transmitted, and transmitting the message identifier to be transmitted and the corresponding message to be transmitted to a message receiving end through the established message transmission long connection channel, includes:
acquiring messages to be transmitted corresponding to the at least two message identifications to be transmitted respectively, and transmitting the at least two message identifications to be transmitted and the corresponding messages to be transmitted to corresponding message receiving ends through the established at least two message transmission long connecting channels; the at least two message transmission long connecting channels are established by the at least two second dynamic connecting information generated and the message receiving end corresponding to the message receiving end identification.
11. The method of claim 8, wherein the message identifier to be transmitted comprises a computing node sub-identifier and a message identifier to be transmitted;
the acquiring the message to be transmitted corresponding to the message identifier to be transmitted, and transmitting the message identifier to be transmitted and the corresponding message to be transmitted to a message receiving end through the established message transmission long connection channel, includes:
acquiring an original message to be transmitted corresponding to the transmission message sub-identifier, and sending the original message to be transmitted to a computing node corresponding to the computing node sub-identifier;
the computing node divides the original messages to be transmitted to obtain original sub-messages to be transmitted, determines the original sub-messages to be transmitted currently from the original sub-messages to be transmitted, performs computing processing on the original sub-messages to be transmitted currently to obtain sub-messages to be transmitted, asynchronously transmits the sub-messages to be transmitted and corresponding message identifications to be transmitted to a message receiving end through an established message transmission long connecting channel, and returns to the step of determining the original sub-messages to be transmitted currently from the original sub-messages to be transmitted until the original sub-messages to be transmitted are traversed and completed.
12. The method of claim 11, wherein the asynchronously transmitting the sub-message to be transmitted and the corresponding message identifier to be transmitted to a message receiving end through an established message transmission long connection channel comprises:
and compressing the sub-message to be transmitted and the corresponding message identifier to be transmitted through a preset message compression component to obtain a compressed message, and asynchronously transmitting the compressed message to a message receiving end through the message transmission long connecting channel.
13. A message transmission system, the system comprising: the system comprises a message sending end, a message receiving end and a server end, wherein the message sending end is connected with the server end through a message transmission long connecting channel, and the message receiving end is connected with the server end through a message pulling long connecting channel; the message transmission long connecting channel is established by the dynamic port information generated by the message sending end and the server end; the message pull long connecting channel is established between the dynamic port information generated by the message receiving end and the server end;
the message sending end is used for obtaining a message transmission instruction, the message transmission instruction carries a message identifier to be transmitted and a corresponding message to be transmitted, and the message identifier to be transmitted and the corresponding message to be transmitted are sent to the server end through the message transmission long connecting channel;
the server is used for storing the message identification to be transmitted and the corresponding message to be transmitted into a target message queue;
the message receiving end is used for acquiring a message acquisition instruction, the message acquisition instruction carries the message identifier to be transmitted, a target message acquisition request is generated based on the message identifier to be transmitted, and the target message acquisition request is sent to a server end through the message pull long connecting channel;
the server is further used for acquiring the to-be-transmitted message corresponding to the to-be-transmitted message identifier from the target message queue based on the target message acquisition request, generating a target response message based on the to-be-transmitted message identifier and the to-be-transmitted message, and responding to the target message acquisition request;
the message receiving end is further configured to obtain the returned target response message through the message pull long connection channel.
14. The system of claim 13, wherein the system comprises at least two message senders; the at least two message sending terminals are connected with the server terminal through corresponding message transmission long connecting channels;
a first message sending end of the at least two message sending ends is used for obtaining a first message transmission instruction, the first message transmission instruction carries a first message identification to be transmitted and a corresponding first message to be transmitted, and the first message identification to be transmitted and the corresponding first message to be transmitted are sent to the server end through a first message transmission long connecting channel;
and a second message sending end of the at least two message sending ends is used for obtaining a second message transmission instruction, the second message transmission instruction carries a second to-be-transmitted message identifier and a corresponding second to-be-transmitted message, and the second to-be-transmitted message identifier and the corresponding second to-be-transmitted message are sent to the server end through a second message transmission long connection channel.
15. The system of claim 13, wherein the system comprises at least two message receiving ends; the at least two message receiving ends are connected with the server end through corresponding message pull long connecting channels;
and the at least two message receiving ends are respectively used for acquiring the returned target response message through the corresponding message pull long connecting channel.
16. The system according to any one of claims 13 to 15, wherein the server further includes a computing resource, and the server is further configured to obtain a message to be computed from the target message queue, perform computation using the message to be computed based on the computing resource to obtain a computation result, and store the computation result in the target message queue;
the message sending end is further configured to obtain the calculation result from the target message queue through the message transmission long connection channel;
the message receiving end is further configured to obtain the calculation result from the target message queue through the message pull long connection channel.
17. The system according to claim 13, wherein the message to be transmitted is obtained by the message sending end after encrypting using a symmetric key, and the symmetric key is generated by the message receiving end.
18. The system according to claim 17, wherein the message sending end is further configured to generate an asymmetric key, the asymmetric key comprising a public key and a private key, and send the public key to the message receiving end through an auxiliary channel;
the message receiving end is further configured to obtain the public key, generate the symmetric key, encrypt the symmetric key using the public key to obtain an encrypted message, generate a message receiving end identifier, and send the message receiving end identifier and the encrypted message to the server end through a corresponding target message transmission long connection channel;
the server is also used for storing the message receiving end identification and the encrypted message into the target message queue;
the message sending end is further configured to send a key information acquisition request to the server end through a corresponding target message lengthening connection channel, where the key information acquisition request carries the message receiving end identifier;
the server is also used for generating a key response message by using the message receiving end identification and the encryption message based on the key information acquisition request and responding to the key information acquisition request;
the message sending end is further configured to obtain the returned key response message through the target message lengthening connection channel, and decrypt an encrypted message in the key response message by using the private key to obtain the symmetric key.
19. The system according to claim 17, wherein the message sending end is further configured to generate an asymmetric key, the asymmetric key comprising a public key and a private key, and send the public key to the message receiving end through an auxiliary channel;
the message receiving terminal is further configured to obtain the public key, generate the symmetric key, encrypt the symmetric key using the public key to obtain a target encrypted message, and send the target encrypted message to the message sending terminal through an auxiliary channel;
the message sending end is further configured to obtain the target encrypted message through the auxiliary channel, and decrypt the target encrypted message using the private key to obtain the symmetric key.
20. A message acquisition apparatus, characterized in that the apparatus comprises:
the instruction acquisition module is used for acquiring a message acquisition instruction, and the message acquisition instruction carries a message identifier to be acquired;
a request sending module, configured to generate a message acquisition request based on the to-be-acquired message identifier, and send the message acquisition request to a message storage end through an established message acquisition long connection channel, where the message storage end acquires a target message corresponding to the to-be-acquired message identifier from a stored message queue based on the message acquisition request, and generates response information based on the to-be-acquired message identifier and the target message, and responds to the message acquisition request; the message acquisition long connection channel is established with the message storage end through the generated first dynamic connection information; the first dynamic connection information comprises a first dynamic port identifier and a corresponding first internet protocol address, wherein the first dynamic port identifier is a unique identifier of a dynamic port distributed by a server;
and the information acquisition module is used for acquiring the response information returned by the message storage end through the message acquisition long connecting channel.
21. The apparatus of claim 20, wherein the instruction obtaining module is further configured to obtain a message storage static port id and a corresponding message storage internet protocol address based on the message obtaining instruction, and generate first dynamic connection information, where the first dynamic connection information includes the first dynamic port id and the corresponding first internet protocol address; sending a message acquisition long connection establishment request to the message storage end based on the message storage end static port identification and the message storage end internet protocol address, wherein the message acquisition long connection establishment request carries the first dynamic port identification and the corresponding first internet protocol address, the message storage end monitors a static port corresponding to the message storage end static port identification, creates a target thread based on the message acquisition long connection establishment request, and establishes a message acquisition long connection channel according to the first dynamic port identification, the first internet protocol address, the message storage end static port identification and the message storage end internet protocol address by using the target thread.
22. The apparatus according to claim 20, wherein the message acquisition long connection channel is configured to transmit based on a predetermined secure transport protocol;
the device, still include:
the signature authentication module is used for generating an asymmetric secret key, and the asymmetric secret key comprises a public key and a private key; sending a digital signature authentication request to a digital authentication server, wherein the digital signature authentication request carries the public key, the digital authentication server generates an authentication private key and an authentication public key based on the digital signature authentication request, signs the public key by using the authentication private key to obtain digital signature information, generates signature authentication information by using the authentication private key and the authentication public key, and returns the digital signature information and the signature authentication information; acquiring and storing the digital signature information and the signature authentication information returned by the digital authentication server;
the request sending module is further used for acquiring digital signature information, and the digital signature information is obtained by performing digital signature by using a public key; the digital signature information is sent to the message storage end through the message acquisition long connection channel, when the message storage end uses message storage end signature authentication information to authenticate that the digital signature information passes, the digital signature information is decrypted to obtain the public key and generate a temporary symmetric key, the temporary symmetric key is encrypted by using the public key to obtain secret key information, and the secret key information is returned through the message acquisition long connection channel; obtaining the secret key information returned by the message storage end, and decrypting the secret key information by using a private key corresponding to the public key to obtain the temporary symmetric secret key; and encrypting the message acquisition request by using the temporary symmetric key to obtain a message encryption request, and transmitting the message encryption request to the message storage end through the message acquisition long connecting channel.
23. The apparatus of claim 20, further comprising:
the channel destroying module is used for storing the response information into a first message queue and generating an acquisition completion message; encrypting the acquired message by using a preset secure transmission protocol to obtain an encrypted message; and returning the encryption completion message through the message acquisition long connecting channel, and destroying the message acquisition long connecting channel.
24. The apparatus according to claim 20, wherein the message acquisition instruction carries at least two message identifiers to be acquired and corresponding message storage identifiers;
the request sending module is further used for generating at least two message acquisition requests based on the at least two message identifications to be acquired and the corresponding message storage end identifications; sending a corresponding message acquisition request to a corresponding message storage end through at least two message acquisition long connecting channels;
the information acquisition module is further configured to acquire at least two response messages returned by the message storage ends corresponding to the at least two message storage end identifiers through the at least two message acquisition long connection channels.
25. The apparatus of claim 24, wherein the target message in the response message is obtained by homomorphic encryption;
the device, still include:
the homomorphic operation module is used for acquiring a first target message, and the first target message is obtained after homomorphic encryption; performing homomorphic operation based on the first target message and the target message in the at least two response messages to obtain homomorphic operation results; and returning the homomorphic operation result to the corresponding message storage end through the corresponding message acquisition long connecting channel.
26. The apparatus of claim 25, wherein the message identifier to be obtained comprises a computing node sub identifier and a message identifier to be obtained;
the homomorphic operation module is further configured to perform homomorphic operation on the computing node corresponding to the computing node sub identifier based on the first target message and the target message corresponding to the message sub identifier to be acquired in the at least two pieces of response information, so as to obtain a homomorphic operation result corresponding to the computing node.
27. The apparatus of claim 20, further comprising:
the message transmission module is used for acquiring a message transmission instruction, and the message transmission instruction carries a message identifier to be transmitted; acquiring a message to be transmitted corresponding to the message identifier to be transmitted, and transmitting the message identifier to be transmitted and the corresponding message to be transmitted to a message receiving end through an established message transmission long connecting channel; the message receiving end receives the message identification to be transmitted and the corresponding message to be transmitted, stores the message identification to be transmitted and the corresponding message to be transmitted in a message queue of the message receiving end, generates a transmission completion message, and returns the transmission completion message through the message transmission long connecting channel; the message transmission long connecting channel is established with the message receiving end through the generated second dynamic connecting information; and acquiring a transmission completion message returned by the message transmission long connecting channel, and destroying the message transmission long connecting channel based on the transmission completion message.
28. The apparatus according to claim 27, wherein the message transmission long connection channel transmits based on a preset secure transmission protocol;
the message transmission module is also used for acquiring digital signature information, and the digital signature information is obtained by performing digital signature by using a public key; the digital signature information is sent to the message receiving end through the message transmission long connecting channel, when the message receiving end uses message receiving end signature authentication information to authenticate that the digital signature information passes, the digital signature information is decrypted to obtain the public key and generate a temporary symmetric key, the temporary symmetric key is encrypted by using the public key to obtain secret key information, and the secret key information is returned through the message transmission long connecting channel; obtaining the secret key information returned by the message receiving end, and decrypting the secret key information by using a private key corresponding to the public key to obtain the temporary symmetric secret key; and encrypting the message identification to be transmitted and the corresponding message to be transmitted by using the temporary symmetric key to obtain a safe encrypted message, and transmitting the safe encrypted message to the message receiving end through the message transmission long connecting channel.
29. The apparatus according to claim 27, wherein the message transmission command carries at least two message identifiers to be transmitted and corresponding message receiver identifiers;
the message transmission module is further configured to acquire messages to be transmitted corresponding to the at least two message identifications to be transmitted, and transmit the at least two message identifications to be transmitted and the corresponding messages to be transmitted to corresponding message receiving ends through the at least two established message transmission long connection channels; the at least two message transmission long connecting channels are established by the message receiving ends corresponding to the message receiving end identifications through the generated at least two second dynamic connecting information.
30. The apparatus of claim 27, wherein the message identifier to be transmitted comprises a computing node sub-identifier and a message identifier to be transmitted;
the message transmission module is further configured to obtain an original message to be transmitted corresponding to the transmission message sub-identifier, and send the original message to be transmitted to the computing node corresponding to the computing node sub-identifier; the computing node divides the original messages to be transmitted to obtain original sub-messages to be transmitted, determines the original sub-messages to be transmitted currently from the original sub-messages to be transmitted, performs computing processing on the original sub-messages to be transmitted currently to obtain sub-messages to be transmitted, asynchronously transmits the sub-messages to be transmitted and corresponding message identifications to be transmitted to a message receiving end through an established message transmission long connecting channel, and returns to the step of determining the original sub-messages to be transmitted currently from the original sub-messages to be transmitted until the original sub-messages to be transmitted are traversed and completed.
31. The apparatus of claim 30, wherein the message transmission module is further configured to compress the sub-message to be transmitted and the corresponding message identifier to be transmitted through a preset message compression component to obtain a compressed message, and asynchronously transmit the compressed message to a message receiving end through the message transmission long connection channel.
32. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor, when executing the computer program, implements the steps of the method of any of claims 1 to 12.
33. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 12.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110903977.4A CN113645294B (en) | 2021-08-06 | 2021-08-06 | Message acquisition method and device, computer equipment and message transmission system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110903977.4A CN113645294B (en) | 2021-08-06 | 2021-08-06 | Message acquisition method and device, computer equipment and message transmission system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113645294A CN113645294A (en) | 2021-11-12 |
| CN113645294B true CN113645294B (en) | 2022-08-26 |
Family
ID=78419981
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110903977.4A Active CN113645294B (en) | 2021-08-06 | 2021-08-06 | Message acquisition method and device, computer equipment and message transmission system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113645294B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114531498B (en) * | 2021-12-22 | 2024-01-09 | 杭州博盾习言科技有限公司 | Data transmission method, device, electronic equipment and storage medium |
| CN114979233A (en) * | 2022-07-19 | 2022-08-30 | 深圳市亿联无限科技有限公司 | Method and system for realizing synchronous and asynchronous call between modules based on domain socket |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016188256A1 (en) * | 2016-01-25 | 2016-12-01 | 中兴通讯股份有限公司 | Application access authentication method, system, apparatus and terminal |
| CN107181821A (en) * | 2017-07-05 | 2017-09-19 | 广州华多网络科技有限公司 | A kind of information push method and device based on SSE specifications |
| CN110300050A (en) * | 2019-05-23 | 2019-10-01 | 中国平安人寿保险股份有限公司 | Information push method, device, computer equipment and storage medium |
| CN110768928A (en) * | 2018-07-25 | 2020-02-07 | 北京嘀嘀无限科技发展有限公司 | Communication method and communication device, computer equipment and readable storage medium |
| CN111741109A (en) * | 2020-06-19 | 2020-10-02 | 深圳前海微众银行股份有限公司 | Access method, device, equipment and storage medium based on proxy |
| CN113127732A (en) * | 2021-03-23 | 2021-07-16 | 金蝶蝶金云计算有限公司 | Method and device for acquiring service data, computer equipment and storage medium |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104202334B (en) * | 2014-09-16 | 2018-11-16 | 广州猎豹网络科技有限公司 | A kind of method and device for establishing network connection |
| CN110489474B (en) * | 2019-08-05 | 2022-04-22 | 北京字节跳动网络技术有限公司 | Data processing method, device, medium and electronic equipment |
| CN111193768B (en) * | 2019-11-25 | 2021-11-02 | 腾讯科技(深圳)有限公司 | Network data processing method and device, computer equipment and storage medium |
| CN111901364A (en) * | 2020-08-17 | 2020-11-06 | 扬州网桥软件技术有限公司 | Firewall penetration method and system |
| CN111866191B (en) * | 2020-09-24 | 2020-12-22 | 深圳市易博天下科技有限公司 | Message event distribution method, distribution platform, system and server |
-
2021
- 2021-08-06 CN CN202110903977.4A patent/CN113645294B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016188256A1 (en) * | 2016-01-25 | 2016-12-01 | 中兴通讯股份有限公司 | Application access authentication method, system, apparatus and terminal |
| CN107181821A (en) * | 2017-07-05 | 2017-09-19 | 广州华多网络科技有限公司 | A kind of information push method and device based on SSE specifications |
| CN110768928A (en) * | 2018-07-25 | 2020-02-07 | 北京嘀嘀无限科技发展有限公司 | Communication method and communication device, computer equipment and readable storage medium |
| CN110300050A (en) * | 2019-05-23 | 2019-10-01 | 中国平安人寿保险股份有限公司 | Information push method, device, computer equipment and storage medium |
| CN111741109A (en) * | 2020-06-19 | 2020-10-02 | 深圳前海微众银行股份有限公司 | Access method, device, equipment and storage medium based on proxy |
| CN113127732A (en) * | 2021-03-23 | 2021-07-16 | 金蝶蝶金云计算有限公司 | Method and device for acquiring service data, computer equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113645294A (en) | 2021-11-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Zheng et al. | Learning the truth privately and confidently: Encrypted confidence-aware truth discovery in mobile crowdsensing | |
| US11902413B2 (en) | Secure machine learning analytics using homomorphic encryption | |
| CN110750801B (en) | Data processing method, data processing device, computer equipment and storage medium | |
| US9158925B2 (en) | Server-aided private set intersection (PSI) with data transfer | |
| JP6234607B2 (en) | Method and apparatus for verifying processed data | |
| CN113645294B (en) | Message acquisition method and device, computer equipment and message transmission system | |
| CN112818369B (en) | Combined modeling method and device | |
| CN114117386A (en) | Conference management method and device, computer readable storage medium and electronic device | |
| CN114785524A (en) | Electronic seal generation method, device, equipment and medium | |
| Zhang et al. | A verifiable and privacy-preserving cloud mining pool selection scheme in blockchain of things | |
| CN116502732B (en) | Federal learning method and system based on trusted execution environment | |
| CN116681141A (en) | Federal learning method, terminal and storage medium for privacy protection | |
| CN113672954A (en) | Feature extraction method and device and electronic equipment | |
| CN111294359B (en) | Pressure testing method, pressure testing device, computer equipment and storage medium | |
| Wang et al. | Faster fog-aided private set intersectionwith integrity preserving | |
| Silva et al. | Performance evaluation of cryptography on middleware-based computational offloading | |
| Sasikala et al. | Certificateless batch verification protocol to ensure data integrity in multi-cloud using lattices | |
| CN116506227B (en) | Data processing method, device, computer equipment and storage medium | |
| CN117749527B (en) | Safety protection method and system based on big data analysis and cloud computing | |
| EP4024755A1 (en) | Secured performance of an elliptic curve cryptographic process | |
| Li et al. | Secure Multi-party SM2 Signature Based on SPDZ Protocol | |
| Suliman et al. | Re-evaluating the Privacy Benefit of Federated Learning | |
| Zhang et al. | A Survey of Privacy Preservation for Deep Learning Applications. | |
| Shim et al. | Performance Evaluation of Fully Homomorphic Encryption for End-to-End Cryptographic Communication in Multihop Networks | |
| Nawaz et al. | Secure Distributed Sparse Gaussian Process Models Using Multi-Key Homomorphic Encryption |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 40055332 Country of ref document: HK |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |