CN114157415A - Data processing method, computing node, system, computer device and storage medium - Google Patents

Data processing method, computing node, system, computer device and storage medium Download PDF

Info

Publication number
CN114157415A
CN114157415A CN202111202742.9A CN202111202742A CN114157415A CN 114157415 A CN114157415 A CN 114157415A CN 202111202742 A CN202111202742 A CN 202111202742A CN 114157415 A CN114157415 A CN 114157415A
Authority
CN
China
Prior art keywords
data
computing node
container
key
shared
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111202742.9A
Other languages
Chinese (zh)
Inventor
樊旭东
苏建明
蒋家堂
卓越
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN202111202742.9A priority Critical patent/CN114157415A/en
Publication of CN114157415A publication Critical patent/CN114157415A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry
    • H04L2209/127Trusted platform modules [TPM]

Abstract

The present application relates to a data processing method, a computing node, a system, a computer device and a storage medium. The cloud outsourcing data service system and the method thereof can guarantee safe execution of data processing in a cloud outsourcing data service scene and prevent leakage of user privacy data. The data processing method comprises the following steps: the first computing node receives initial data from a client. The first computing node calls a container interface corresponding to the initial data, performs data disassembly processing on the initial data to obtain a plurality of fragment data, and performs encryption processing on the plurality of fragment data to obtain a plurality of shared data; the container is for providing a trusted execution environment for the initial data. The first computing node determines a plurality of second computing nodes matched with the types of the shared data, and sends an encryption key corresponding to the shared data matched with the second computing nodes to the second computing nodes, so that the second computing nodes obtain the fragment data corresponding to the shared data according to the encryption key.

Description

Data processing method, computing node, system, computer device and storage medium
Technical Field
The present application relates to the field of cloud computing technologies, and in particular, to a data processing method, a computing node, a system, a computer device, and a storage medium.
Background
A typical cloud platform outsourcing data service scenario is: a Data Computing Service Provider (DCSP) rents IaaS layer services provided by a Cloud Service Provider (CSP), rents a plurality of node deployment platform as a service (PaaS) platforms, and provides outsourced data computing services to a Data Owner (DO) in a software as a service (SaaS) mode.
In this mode, the DO uploads the data to a Hadoop Distributed File System (HDFS) of the PaaS platform through the client for waiting for processing, and the final processing process of the data is performed in the Distributed computing node. In the process, the DCSP has the complete control authority of the PaaS platform, and a malicious attacker can acquire management authority to steal user data by using the vulnerability of the PaaS platform; malicious CSP or DCSP internal administrators can also implant malicious data calculation programs into the PaaS platform by using management authority or destroy the integrity of related application programs and files of the PaaS platform to acquire the privacy data of users. Therefore, a method is needed to be provided, which can ensure the safe execution of data processing in a cloud outsourcing data service scenario and prevent the leakage of user privacy data.
Disclosure of Invention
In view of the above, it is necessary to provide a data processing method, a computing node, a system, a computer device, and a storage medium for addressing the above technical problems. The safety execution of data processing in a cloud outsourcing data service scene can be guaranteed, and the leakage of user privacy data is prevented.
A method of data processing, the method comprising: the first computing node receives initial data from a client. The first computing node calls a container interface corresponding to the initial data, performs data disassembly processing on the initial data to obtain a plurality of fragment data, and performs encryption processing on the plurality of fragment data to obtain a plurality of shared data; the container is for providing a trusted execution environment for the initial data. The first computing node determines a plurality of second computing nodes matched with the types of the shared data, and sends an encryption key corresponding to the shared data matched with the second computing nodes to the second computing nodes, so that the second computing nodes obtain the fragment data corresponding to the shared data according to the encryption key.
A method of data processing, the method comprising: the second computing node receives the encryption key and the shared data from the first computing node. And the second computing node calls a container interface corresponding to the shared data, acquires the fragment data corresponding to the shared data by using the encryption key, and operates the fragment data, wherein the container is used for providing a trusted execution environment of the fragment data.
A computing node, comprising:
and the acquisition unit is used for receiving initial data from the client.
The processing unit is used for calling a container interface corresponding to the initial data, performing data disassembly processing on the initial data received by the acquisition unit to obtain a plurality of fragment data, and performing encryption processing on the plurality of fragment data to obtain a plurality of shared data; the container is for providing a trusted execution environment for the initial data.
The processing unit is further configured to determine a plurality of second computing nodes with which the types of the plurality of shared data match.
And the sending unit is used for sending an encryption key corresponding to the shared data matched with the second computing node to the second computing node, so that the second computing node obtains the shared data according to the encryption key.
A computing node, comprising:
an obtaining unit is used for receiving the encryption key and the shared data from the first computing node.
And the processing unit is used for calling a container interface corresponding to the shared data and acquiring the fragment data corresponding to the shared data by using the encryption key acquired by the acquisition unit.
And the operation unit is used for operating the fragment data acquired by the processing unit, and the container is used for providing a trusted execution environment of the fragment data.
A data processing system comprises the computing node.
A computer device comprising a memory and a processor, the memory storing a computer program, the processor implementing the following steps when executing the computer program:
the first computing node receives initial data from a client.
The first computing node calls a container interface corresponding to the initial data, performs data disassembly processing on the initial data to obtain a plurality of fragment data, and performs encryption processing on the plurality of fragment data to obtain a plurality of shared data; the container is for providing a trusted execution environment for the initial data.
The first computing node determines a plurality of second computing nodes matched with the types of the shared data, and sends an encryption key corresponding to the shared data matched with the second computing nodes to the second computing nodes, so that the second computing nodes obtain the fragment data corresponding to the shared data according to the encryption key.
A computer device comprising a memory and a processor, the memory storing a computer program, the processor implementing the following steps when executing the computer program:
the second computing node receives the encryption key and the shared data from the first computing node.
And the second computing node calls a container interface corresponding to the shared data, acquires the fragment data corresponding to the shared data by using the encryption key, and operates the fragment data, wherein the container is used for providing a trusted execution environment of the fragment data.
A computer-readable storage medium, on which a computer program is stored which, when executed by a processor, carries out the steps of:
the first computing node receives initial data from a client.
The first computing node calls a container interface corresponding to the initial data, performs data disassembly processing on the initial data to obtain a plurality of fragment data, and performs encryption processing on the plurality of fragment data to obtain a plurality of shared data; the container is for providing a trusted execution environment for the initial data.
The first computing node determines a plurality of second computing nodes matched with the types of the shared data, and sends an encryption key corresponding to the shared data matched with the second computing nodes to the second computing nodes, so that the second computing nodes obtain the fragment data corresponding to the shared data according to the encryption key.
A computer-readable storage medium, on which a computer program is stored which, when executed by a processor, carries out the steps of:
the second computing node receives the encryption key and the shared data from the first computing node.
And the second computing node calls a container interface corresponding to the shared data, acquires the fragment data corresponding to the shared data by using the encryption key, and operates the fragment data, wherein the container is used for providing a trusted execution environment of the fragment data.
According to the data processing method, the computing node, the system, the computer equipment and the storage medium, the first computing node is configured with the container corresponding to the initial data to provide a trusted execution environment for the initial data, when the initial data needs to be processed by the first computing node, data disassembly processing can be performed on the initial data by calling the container interface corresponding to the initial data to obtain the plurality of fragment data, and the plurality of fragment data are encrypted to obtain the plurality of shared data. The data processing method can provide a safe data processing environment for the specific data of the client, so that the processing of the data can be safely executed, and the leakage of user privacy data is prevented.
Drawings
FIG. 1 is a block diagram of a data processing system in one embodiment;
FIG. 2 is a cloud platform outsourcing data service scenario in one embodiment;
FIG. 3 is a schematic flow chart diagram illustrating data processing in one embodiment;
FIG. 4 is a flow diagram illustrating a data processing method according to one embodiment;
FIG. 5 is an architecture diagram of remote attestation in one embodiment;
FIG. 6 is a diagram illustrating a computing node in one embodiment;
FIG. 7 is a diagram illustrating a computing node in one embodiment;
FIG. 8 is a diagram illustrating an internal structure of a computer device according to an embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
It will be understood that, as used herein, the terms "first," "second," and the like may be used herein to describe various elements, but these elements are not limited by these terms. These terms are only used to distinguish one element from another.
To facilitate the use of the present embodiment, referring to the architecture of the data processing system shown in FIG. 1, a data processing system may include a plurality of compute nodes. A plurality of computer nodes form a service cluster 20, each of which is configured with a container 20 a; the plurality of computing nodes 20 includes a first computing node 21 and one or more second computing nodes 22 corresponding to the first computing node. Each computer node may be a computer device with certain computing capabilities; the first computing node 21 is responsible for implementing the management control work in the service cluster. Such as computing resources responsible for allocating data to the second computing node 22, computing tasks for the data, and so forth. The second computing node 22 is responsible for performing computing work on the data, such as computing the data using the resources of the data computing allocated by the first computing node 21 and the computing task of the data. In one embodiment of the present application, the service cluster 20 formed by a plurality of computer nodes may be a kubernets cluster (i.e., a K8s cluster), wherein the kubernets cluster includes at least one master node (i.e., the first computing node 21) and at least one slave node (i.e., the second computing node 22).
In one embodiment, the first computer node 21 and its corresponding one or more second computer nodes 22 may each be a stand-alone computer device, or an apparatus deployed in a computer device; the device may be a virtual device, such as a virtual machine; but may also be a physical device such as a system-on-chip. The first computer node 21 and one or more corresponding second computer nodes 22 may be deployed in the same computer device, or may be deployed in different computer devices, which is not limited in this embodiment of the present application. Further, referring to FIG. 1, the data processing system may also include a client 10. Typically, the client is deployed in a terminal device, which may be a device with wireless transceiving function. The terminal equipment may be referred to by different names, such as User Equipment (UE), access equipment, terminal unit, terminal station, mobile station, remote terminal, mobile equipment, wireless communication equipment, terminal agent, or terminal device. The terminal equipment can be deployed on land, including indoors or outdoors, handheld or vehicle-mounted; can also be deployed on the water surface (such as a ship and the like); and may also be deployed in the air (e.g., airplanes, balloons, satellites, etc.). The terminal device comprises a handheld device, a vehicle-mounted device, a wearable device or a computing device with wireless communication function. For example, the terminal device may be a mobile phone (mobile phone), a tablet computer, or a computer with wireless transceiving function. The terminal device may also be a Virtual Reality (VR) device, an Augmented Reality (AR) device, a wireless terminal in industrial control, a wireless terminal in unmanned driving, a wireless terminal in telemedicine, a wireless terminal in smart grid, a wireless terminal in smart city (smart city), a wireless terminal in smart home (smart home), and the like.
Additionally, the system architecture may also include a network 30, the network 30 serving as a medium for providing communication links between the plurality of computer nodes and the clients. Network 30 may include various types of connections, such as wired communication links, wireless communication links, and so forth.
For convenience of describing the scheme provided in the embodiment of the present application, the data processing system shown in fig. 2 is applied to a cloud platform outsourcing data service scenario, specifically, an OpenStack IaaS cloud platform deployment Hadoop data service platform is taken as an example for explanation, but is not limited to other cloud outsourcing data service scenarios. Under the cloud platform outsourcing data service scene that the OpenStack IaaS cloud platform deploys the Hadoop distributed cluster data service platform, DCSP rents IaaS layer service provided by CSP, rents a plurality of nodes to deploy PaaS platform, and provides outsourcing data computing service to DO in a SaaS mode. In the data processing flow under the scenario, referring to fig. 3, a DO submits initial data to a distributed file system HDFS through a client corresponding to a Master node, where the initial data may include data to be calculated, the Master node (i.e., a first computing node) in a Hadoop cluster service platform allocates a data calculation task to decompose the initial data, upload a plurality of fragmented data after decomposition, a data calculation program jar packet corresponding to each fragmented data, and a data configuration file corresponding to each fragmented data to a Slave node (i.e., a second computing node 1, a second computing node 2, or a second computing node 3) waiting for corresponding in the HDFS for pulling, and after determining a Slave node for processing each fragmented data, the Master node notifies the Slave node for processing each fragmented data of the data calculation task. And then, calling a MapReduce mapping specification program by the Slave node to execute a data computing task.
Referring to fig. 3, the execution flow of the MapReduce program in the Slave node memory is mainly divided into a Map mapping phase and a Reduce mapping phase. Wherein, the Map stage mainly comprises: and the device is responsible for reading the corresponding fragment data in the HDFS, calling the corresponding map method to process the data, and outputting an intermediate result after the processing is finished. The Reduce phase mainly comprises: and taking the intermediate result output by the Map stage as input data of the Reduce stage, calling a corresponding Reduce method to perform data processing, and finally uploading the output result to the HDFS. In the above process of processing data, in order to enable parallel processing of the result output by the Map stage in the Reduce stage, in the Map stage and the Reduce stage, the method further includes: and after the Slave node sorts and divides the intermediate results output by the Map stage, the Slave node enters a corresponding Shuffle stage to be processed, and the process is the Shuffle stage. The Shuffle stage sorts the intermediate results output by the Map stage, and may be called mapping Shuffle MapShuffle, and the data division may be called protocol Shuffle reduce Shuffle.
It should be noted that, for the Slave nodes corresponding to the Map stage and the Reduce stage, the Slave node may be the same Slave node or different Slave nodes, and this is not limited in this embodiment of the application.
For example, assume that there are 3 pieces of sliced data, namely sliced data 1, sliced data 2, and sliced data 3, and three pieces of data a, b, and c in each data slice need to be extracted. In the Map stage, 3 Slave nodes are required to process, and the 3 Slave nodes are Slave11, Slave12 and Slave13 respectively. The Slave11, the Slave12 and the Slave13 correspondingly process the fragment data 1, the fragment data 2 and the fragment data 3 in sequence. And the Slave11 intercepts character strings of a, b and c in the fragment data 1, if a, c and b are intercepted, the character strings are sorted in the stage of MapShuffle to obtain a, b and c. The Slave12 intercepts the character strings of a, b and c in the fragment data 2, such as a, b and b, and sorts the character strings to a, b and b in the mapbuffle stage. The Slave13 intercepts the character strings of a, b and c in the sliced data 3, such as c, b and b. It is sorted to b, b, c in the mapbuffle stage. After that, the data is divided at the reduce shuffle stage, and the Slave11, the Slave12 and the Slave13 respectively process the acquired data a in the partition 1 in which the data a is stored, and in the partition 2 in which the data b is stored, in the partition 3 in which the data a is stored. Assume that the Slave11 processes data a during the Reduce phase, the Slave12 processes data b during the Reduce phase, and the Slave13 processes data c during the Reduce phase. The Slave11 obtains the data a from the partition 1 and processes the data a (for example, obtains the maximum value of all the data a), and the other nodes do the same, and the details are not described here.
To sum up, when data is processed, the DCSP has the complete control authority of the PaaS platform, and a malicious attacker may obtain the management authority to steal user data by using a PaaS platform vulnerability; malicious CSP or DCSP internal administrators can also implant malicious data calculation programs into the platform by using management authority or destroy the integrity of related application programs and files of the PaaS platform to acquire the private data of users. Therefore, a method is needed to be provided, which can ensure the safe execution of data processing in a cloud outsourcing data service scenario and prevent the leakage of user privacy data.
Therefore, in order to ensure the safe execution of data processing, referring to fig. 4, an embodiment of the present application provides a data processing method, including:
s11, the first computing node receives initial data from the client.
Optionally, the client may send the initial data directly to the first computing node; or the client uploads the initial data to the corresponding storage system; for example, in the HDFS, and send a corresponding hint to the first compute node to inform the first compute node to obtain the initial data from the HDFS. The prompt message may include an identifier corresponding to the initial data, where the identifier is used by the first computing node to identify the initial data from the file stored in the HDFS. The embodiment of the present application does not set any limit to the manner in which the first computing node obtains the initial data from the client.
S12, the first computing node calls a container interface corresponding to the initial data, data disassembly processing is carried out on the initial data to obtain a plurality of fragment data, and encryption processing is carried out on the plurality of fragment data to obtain a plurality of shared data; the container is used to provide a trusted execution environment for the initial data.
It should be noted that, the first computing node performs data disassembly processing on the received initial data, specifically, divides the initial data into at least two pieces of sliced data. For example, the data disassembly processing on the initial data may be as follows: and determining the slicing data according to the way of dividing the number into sections. Determining data fragments according to the way of dividing numbers and segmenting refers to storing number segment intervals with the same size on each node, for example, putting data with key values (key) of [1,1000] on a first node, putting data with key values of [10001,2000] on a second node, and so on until all data are divided. Alternatively, it may be: and determining the sliced data according to a modulo algorithm. Determining data fragmentation according to a modulo algorithm means that if N nodes are assumed, the number is 0 to N-1, and the number of the node where the data is located can be determined through a hash value formula, so as to divide the data, where the hash value formula may be schematically: hash (key)% N. The data disassembly processing method for the initial data is not limited at all.
It should be noted that one node may correspond to one computer device, or multiple nodes may correspond to one computer device, which is not limited in this embodiment of the present application. In one embodiment, the container specific to the initial data is (named: Enclave) created by the first computing node in its local storage space using software guard extensions (SGX) technology. SGX is a new extension of the Intel architecture, a new group of instruction sets and a memory access mechanism are added on the original architecture, the extensions allow an application program to realize a container called as Enclave, a protected area is divided in an address space of the application program, and protection of confidentiality and integrity is provided for codes and data in the container, so that the protection is prevented from being damaged by malicious software with special authority. Enclave is a protected content container for storing application sensitive data and code. SGX allows applications to specify the code and data that need to be protected, which the first compute node does not need to examine or analyze before creating the Enclave, but the code and data loaded into the Enclave must be measured. After the application program loads Enclave with the code and data that it needs to protect, SGX protects them from external software. Enclave can prove its identity to a remote authenticator and provide the necessary functional structure for securely providing a key. The user may also request a unique key, which is unique by combining the Enclave identity and the platform identity, and which may be used to protect keys or data stored outside the Enclave.
S13, the first computing node determines a plurality of second computing nodes with the matched types of the shared data, and sends the encryption key corresponding to the shared data matched with the second computing nodes to the second computing nodes.
Optionally, the multiple fragment data are encrypted to obtain multiple shared data, and the multiple shared data are directly sent to the corresponding second computing node, or the multiple shared data are stored in a finger position, for example, in a Hadoop distributed file system, and the corresponding shared data are obtained by the second computing node. Further, in a Hadoop distributed file system, multiple shared data may be stored on one or more storage nodes.
It should be noted that the first computing node may determine the second computing node matching the type of the shared data based on the data processing capability of the second computing node. For example, when a preset field in the fragmented data needs to be extracted, a node capable of extracting the preset field may be determined as the second computing node. After the preset field is extracted, when the extracted preset field needs to be compared or counted, the node with the comparison or counting capability is determined as a second computing node.
S14, the second computing node receives the encryption key and the shared data from the first computing node.
Illustratively, the second computing node receives the encryption key and the shared data sent directly by the first computing node; or the second computing node acquires the corresponding encryption key and the shared data from the designated position; such as from a Hadoop distributed file system.
And S15, the second computing node calls a container interface corresponding to the shared data, the fragment data corresponding to the shared data is obtained by using the encryption key, the fragment data is operated, and the container is used for providing a trusted execution environment of the fragment data.
It should be noted that the container corresponding to the shared data is specifically created by the second computing node in its local storage space using the software security SGX technique.
According to the data processing method, a container corresponding to initial data is configured in a first computing node to provide a trusted execution environment for the initial data, when the initial data needs to be processed by the first computing node, data disassembly processing can be performed on the initial data by calling a container interface corresponding to the initial data to obtain a plurality of fragment data, encryption processing can be performed on the plurality of fragment data to obtain a plurality of shared data, and the shared data is handed to a second computing node for processing. And then, the second computing node configures a container corresponding to the shared data, calls a container interface corresponding to the shared data, acquires the fragment data corresponding to the shared data by using the encryption key, and performs operation on the fragment data. Therefore, the data processing method provided by the embodiment of the application can provide a safe data processing environment for specific data of the client, realize the whole-flow secrecy of the data transmission process and the data operation process, effectively guarantee the data safety, and prevent the leakage of user privacy data.
In one embodiment, before S11, the method further includes: a first computing node creates a container corresponding to a client; the container is used for providing a trusted execution environment of source data of the client, and the initial data is the source data; or, the first computing node creates a container corresponding to the preset data type; the container is used for providing a trusted execution environment of data of a preset type, and the initial data is the data of the preset type.
Optionally, a Central Processing Unit (CPU) of the first computing node is configured with a Trusted Execution Environment (TEE). The trusted execution environment is an instruction set extension based on the CPU of the first computing node, and can partition a secure area (i.e., container) completely isolated from the outside in the CPU of the first computing node as a secure execution environment, and any program or data can be executed or stored in the secure area. The first computing node creates a container corresponding to the client specifically as: the CPU of the first compute node determines a container address range corresponding to the client. The first computing node creates a container corresponding to the client using the container address range determined by the processor. It should be noted that, the first computing node may refer to the description of the first computing node creating the container corresponding to the client, and details are not repeated here.
As one example, the trusted execution environment may be generated based on an Intel (Intel) chip software protection extension (SGX). The SGX allows an application to implement a container called enclave by adding a new instruction set and a memory access mechanism to an Intel architecture, and at the same time, a protected exclusive area is partitioned from an address space of the corresponding application to provide confidentiality and integrity protection for programs and data in the enclave container, so that the programs and data in the enclave container are not affected even if an operating system of a node device is breached.
For example, the preset data types may include, but are not limited to: one or more of user registration information, transaction information.
In this embodiment, the first computing node creates a container corresponding to the client or creates a container corresponding to the preset data type, and provides a trusted execution environment for the initial data, thereby effectively preventing the problem of leakage of the initial data.
In one embodiment, before S24, the method further includes: the second computing node creates a container corresponding to the client; the container is used for providing a trusted execution environment of source data of the second computing node, and the fragmented data is the source data; or, the second computing node creates a container corresponding to the preset data type; the container is used for providing a trusted execution environment of data of a preset type, and the fragment data is the data of the preset type.
Optionally, a trusted execution environment is configured in the CPU of each second computing node. The trusted execution environment is an instruction set extension based on the CPU of the second computing node, and can partition a secure area (i.e., container) completely isolated from the outside in the CPU of the second computing node as a secure execution environment, and any program or data can be executed or stored in the secure area. The second computing node creates a container corresponding to the client specifically as: the CPU of the second compute node determines a container address range corresponding to the client. The second computing node creates a container corresponding to the client using the container address range determined by the processor. It should be noted that, the second computing node may refer to the description of the second computing node creating the container corresponding to the client, and details are not repeated here.
As an example, when a container needs to be created by both a first computing node and a second computing node, and when the container corresponding to a client is created by the first computing node, the container corresponding to the client is also created by the second computing node; when the first computing node creates a container corresponding to the data of the preset type, the second computing node also creates a container corresponding to the data of the preset type.
In this embodiment, the first computing node creates a container corresponding to the client or creates a container corresponding to the preset data type, and provides a trusted execution environment for the fragmented data, thereby effectively preventing the leakage problem of the fragmented data.
In one embodiment, before S11, the method further includes: the first computing node sends a trusted certificate of the container to the client; the trusted attestation is to attest to a trusted execution environment of the client that the first computing node is capable of providing the initial data.
It should be noted that, for the remote attestation flow of the trusted attestation of the container sent by the first computing node to the client, reference may be made to the following, which will not be described here for the moment.
In this implementation, the first computing node sends the trusted attestation of the container to the client, so as to prove to the client that the first computing node is capable of providing a trusted execution environment for the initial data.
In one embodiment, before S14, the method further includes: the second computing node sends the trusted certificate of the container to the first computing node; the trusted attestation is to attest to a trusted execution environment of the first computing node that the second computing node is capable of providing the sharded data. In an implementation manner, in combination with the execution flow of the MapReduce program in the Slave node memory described in fig. 3, after the Master node is transmitted, the initial data flows to the Slave node that executes the Map phase, and is transmitted from the Slave node that executes the Map phase to the Slave node that executes Reduce settlement. Specifically, the remote certification process mainly includes 1) remotely certifying a Master node before the DO uploads initial data through a client; the method specifically comprises the following steps: s1, the DO requests the Master node for remote verification through the client; and S2, returning the credibility certificate by the Master node. 2) Before executing the Map stage, the Master node remotely proves the Slave node executing the Map stage; 3) before the Reduce stage is executed, the Master node remotely proves the Slave node executing the Reduce node.
Referring to fig. 5, an architecture diagram for remote attestation is provided in an embodiment of the present application, where the architecture diagram includes a third party verification node, a Master node, a Slave node, an intel inter node, and a client. The third-party verification node, the Master node and the Slave node all contain a Quoted Enclave (QE); the third party verification node also comprises provisionE; both the Master node and the Slave node contain AttestE and Enclave. It should be noted that, when performing remote attestation corresponding to other nodes, Enclave in the Master node and the Slave node may generate a corresponding trusted attestation through AttestE of the node to which the Enclave belongs, and send the trusted attestation to the corresponding other nodes for performing remote attestation.
Here, AttestE is used to verify Enclave in the node to which it belongs.
Further, before executing the remote attestation process, remote attestation of the Intel node by the configuration Enclave (provisioning Enclave) in the third party verification node (hereinafter referred to as registration phase) and remote attestation of the attelste in the Master node and Slave node by the Intel node through the configuration Enclave of the third party verification node (hereinafter referred to as preparation phase) need to be performed.
The registration phase specifically comprises the following steps:
step 1.1, the third party verifying node firstly takes the current time stamp as the time stamp of provisionE.
Step 1.2, the third party verification node calls an interface of ProvisionE to generate a private key and a corresponding group public key, the generated private key represents a group private key of an Enhanced Privacy Identification (EPID) group, the group private key is used for generating an EPID member private key for each attest e, and the ProvisionE generates a group verification certificate (gvCert) for the EPID group, wherein the group verification certificate includes a group public key.
Here, the Master node and the Slave node constitute members in the EPID group, i.e., EPID members.
And step 1.3, the third party verification node calls an interface of Provision E to randomly generate a random number, and calculates a group public key, a timestamp and a first hash value of the random number. Then, the third party verifying node calls a quoting enclave interface, generates a signature key and a first QUOTE (namely first self-referral information) based on the first hash value, signs the first QUOTE by using the signature key, sends the first QUOTE and the signature to the Intel node, and verifies the Provision E.
And step 1.4, after the verification of the Intel node is completed, a verification report is returned to the third party verification node. And then, the third party verification node compares the difference value between the time stamp in the verification report and the time stamp of provisionE, and if the difference value is within a preset range (the preset range can be set according to a specific scene), a certificate is generated. And when the registration phase is finished, entering a preparation phase.
The generated certificate comprises a group public key, a time stamp of provisionE, a random number and a verification report.
The registration phase specifically comprises the following steps:
and 2.1, calling an interface of AttestE by the Master node to send an EPID private key configuration request to a third party verification node.
And 2.2, after the third party verification node receives the configuration request, calling a provisionE interface to randomly generate a random number, and sending the random number and the gvCert to the Master node together.
Wherein gvCert is the gvCert of the step 1.2.
And 2.3, the Master node calls an interface of AttestE to verify the authenticity of the gvCert, generates an EPID private key by using a random number, generates a proof of the private key by calling the interface of AttestE by using a knowledge proof method, generates a hash value of the proof, calls an interface of queuing envelope to generate a second QUOTE based on the hash value of the proof, and sends the second QUOTE and the proof to a third party verification node.
And 2.4, calling an interface of provisionE by the third party verification node to forward the second QUOTE and the certificate to the Intel node for verification. After the second QUOTE is verified, the Intel node returns a verification report to the third-party verification node, the third-party verification node calls a provisionE interface to verify the identity of the AttestE of the Master node according to the verification report, and the AttestE of the Master node is proved to run on the SGX platform. And finally, the third party verification node calls an interface of provisionE to generate a certificate of the EPID private key of AttestE of the Master node and sends the certificate to the Master node.
And 2.5, calling an AttestE interface by the Master node to store the certificate of the EPID private key.
The remote attestation of the Intel node to the attestete in the Master node through the configured Enclave of the third party verification node is completed through the flow from the step 2.1 to the step 2.5. It should be noted that, for the Intel node to remotely prove the attested e in the Slave node through the configured Enclave of the third party verification node, reference may be made to the above step 2.1 to step 2.5, which is not described herein again.
After the registration stage and the preparation stage are completed, a remote attestation process is executed, which is described here by taking an example that the DO performs remote attestation on the Master node through the client, and the Master node performs remote attestation on the Slave node executing the Map stage and remote attestation on the Slave node executing the Reduce node in the same manner, and details are not repeated. And the DO simultaneously generates a shared key for encrypting and decrypting initial data through the process of remotely proving the Master node by the client, and the shared key is generated by adopting an elliptic curve Diffie-Hellman (ECDH) method. The remote certification process of the DO to the Master node through the client specifically comprises the following steps:
step 3.1, DO generates a random number and ECDH public and private key pair (a, g) through the clienta) And a random number and an ECDH public key gaAnd sending the data to a Master node.
Step 3.2, the Master node generates a public and private key pair (b, g) by calling an Enclave (container) interfaceb) And according to the ECDH private key b and the ECDH public key gaGenerating a shared ECDH key g following the standard ECDH protocolab=(ga)b
Step 3.3, the Master node calls an AttestE interface to enable the ECDH public key gaECDH public key gbAnd a random number generation report.
Step 3.4, verifying the AttestE report of the Master node, and determining that the Enclave and the AttestE operate in the same node at least according to the ECDH public key gbAnd generating a third QUOTE based on the QUOTE and ECDH public key gbAnd the gvCert generates a credible certificate and sends the credible certificate to the client.
Step 3.5: and the DO verifies the Master node through the client according to the credibility certificate.
The verification method for the Master node according to the credibility certificate includes but is not limited to at least one of the following:
1) whether gvCert is valid: the gvCert contains signature data from Intel, and can report the integrity and authenticity of the gvCert;
2) confirming that the EPID signature is valid;
3) the time stamps in provisionE and AttestE are within a preset time;
4) validity of the metrics in Enclave reports;
5) using the received ECDH public key gbWhether the decryption random number matches the random number generated by the DO through the client.
Step 3.6, after the verification is passed, receiving the shared secret key g from the Master nodeabAnd will share a secret key gabDetermined as the first key. This implementation sideIn this way, the second computing node sends the trusted attestation of the container to the first computing node to prove to the first computing node that the second computing node is capable of providing the trusted execution environment for the initial data.
In one embodiment, the first computing node calls a container interface corresponding to the initial data, and performs data disassembly processing on the initial data to obtain a plurality of fragment data, including: and the first computing node calls a container interface corresponding to the initial data, decrypts the initial data by using the first key, and performs data disassembly processing on the decrypted initial data to obtain a plurality of fragment data.
Optionally, the first key is a shared key negotiated between the first computing node and the client. The generation method of the shared key may refer to the above DO to perform a remote attestation process on the Master node through the client, which is not described herein again.
Further, before decrypting the initial data, the first computing node may call a container interface corresponding to the initial data to encrypt and store the first key by using a key sealing mechanism of the SGX; when the initial data is decrypted, a container interface corresponding to the initial data can be called to decrypt the encrypted and stored first key by using a key unsealing mechanism of the SGX so as to obtain the first key.
In practical application, when the client uploads the initial data, the client carries the remote certification challenge value of the first computing node. The remote proof challenge value is used for the first computing node to perform source authenticity verification on the obtained initial data so as to prove that the initial data is sourced from the client, and the problem that the initial data is tampered in the transmission process and the first computing node cannot identify the authenticity of the initial data is solved. For example, the remote attestation challenge value may be generated based on a preset character in the trusted attestation of the first computing node.
In the embodiment, in the data interaction process between the client and the first computing node, the shared first key is used for encrypting data, so that the problem of leakage in the data transmission process is effectively prevented.
In one embodiment, the second computing node calls a container interface corresponding to the shared data, and acquires the fragment data corresponding to the shared data by using the encryption key, including: and the second computing node calls a container interface corresponding to the shared data, decrypts the encryption key by using the second key to obtain a first key, and decrypts the shared data according to the first key to obtain the fragmented data.
Optionally, the second key is a shared key negotiated between the first computing node and the second computing node. The generation method of the shared key may refer to the above DO to perform a remote attestation process on the Master node through the client, which is not described herein again.
Further, before decrypting the shared data, the second computing node may call a container interface corresponding to the shared data to encrypt and store the second key by using a key sealing mechanism of the SGX; when the initial data is decrypted, a container interface corresponding to the initial data can be called to decrypt the encrypted and stored second key by using a key unsealing mechanism of the SGX so as to obtain the second key.
In practical application, when the first computing node uploads the shared data, the first computing node carries a remote certification challenge value to the second computing node. The remote proof challenge value is used for the second computing node to perform source authenticity verification on the acquired shared data so as to prove that the shared data is from the first computing node, and the problem that the shared data is tampered in the transmission process and the second computing node cannot identify the authenticity of the shared data is solved. For example, the remote attestation challenge value may be generated based on a preset character in a trusted attestation of the second computing node.
In this embodiment, in the data interaction process between the first computing node and the second computing node, the second key is used to decrypt the encryption key to obtain the first key, and the shared data is decrypted according to the first key to obtain the fragmented data, so that the problem of leakage in the data transmission process is effectively prevented.
In one embodiment, S11 is preceded by: a first computing node receives a first public key from a client; and then, the first computing node calls a container interface corresponding to the initial data to generate a second private key, generates a first key according to the first public key and the second private key, and sends the first key to the client.
It should be noted that, for the description in this embodiment, reference may be made to the generation process of the shared key in the remote attestation flow performed on the Master node by the DO through the client, which is not described herein again.
In this embodiment, the first computing node generates the second private key in the container corresponding to the initial data by calling the container interface corresponding to the initial data, and generates the first key according to the first public key and the second private key from the client, thereby ensuring the security of the first key generation process. And the same first key is adopted to encrypt and decrypt the data transmitted between the client and the first computing node, so that the calculation amount of data encryption and decryption can be reduced on the basis of ensuring the safety of the data transmission process.
In one embodiment, S14 is preceded by: the second computing node receiving a second public key from the first computing node; and the second computing node calls the container interface corresponding to the fragment data to generate a third private key, generates a second key according to the second public key and the third private key, and sends the second key to the first computing node.
It should be noted that, for the description in this embodiment, reference may be made to the generation process of the shared key in the remote attestation flow performed on the Master node by the DO through the client, which is not described herein again.
In this embodiment, the second computing node generates the third private key in the container interface corresponding to the fragmented data by calling the container interface corresponding to the fragmented data, and generates the second key according to the second public key and the third private key from the first computing node, thereby ensuring the security of the second key generation process. Optionally, the generating method of the encryption key includes: the first computing node encrypts the first key by using the second key to obtain an encryption key. Therefore, the mode of encrypting the first key by the second key to obtain the encryption key can ensure the security of the transmission of the first key from the first computing node to the second computing node.
It should be understood that, although the steps in the flowchart of fig. 4 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least a portion of the steps in fig. 4 may include multiple steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, which are not necessarily performed in sequence, but may be performed in turn or alternately with other steps or at least a portion of the other steps or stages.
In one embodiment, as shown in FIG. 6, there is provided a computing node 60, the computing node 60 comprising: an acquisition unit 601, a processing unit 602, and a transmission unit 603; wherein the content of the first and second substances,
an obtaining unit 601, configured to receive initial data from a client.
A processing unit 602, configured to invoke a container interface corresponding to the initial data, perform data disassembly processing on the initial data received by the obtaining unit 601, obtain multiple piece data, and perform encryption processing on the multiple piece data to obtain multiple shared data; the container is used to provide a trusted execution environment for the initial data.
The processing unit 602 is further configured to determine a plurality of second computing nodes with matching types of the plurality of shared data.
A sending unit 603, configured to send an encryption key corresponding to the shared data matched with the second computing node to the second computing node, so that the second computing node obtains the fragment data corresponding to the shared data according to the encryption key.
Optionally, the processing unit 602 is further configured to create a container corresponding to the client; the container is used for providing a trusted execution environment of source data of the client, and the initial data is the source data; or the like, or, alternatively,
the processing unit 602 is further configured to create a container corresponding to a preset data type; the container is used for providing a trusted execution environment of data of a preset type, and the initial data is the data of the preset type.
Optionally, the sending unit 603 is further configured to send the container trust certificate to the client; the trusted attestation is to attest to a trusted execution environment of the client that the first computing node is capable of providing the initial data.
Optionally, the processing unit 602 is specifically configured to invoke a container interface corresponding to the initial data by the first computing node, decrypt the initial data by using the first key, and perform data disassembly processing on the decrypted initial data to obtain a plurality of fragmented data.
Optionally, the obtaining unit 601 is further configured to receive the first public key from the client.
The processing unit 602 is configured to invoke a container interface corresponding to the initial data, generate a second private key, generate a first key according to the first public key and the second private key received by the obtaining unit 601, and send the first key to the client.
In one embodiment, as shown in FIG. 7, a computing node 70 is provided, the computing node 70 comprising: an acquisition unit 701, a processing unit 702, an arithmetic unit 703, and a transmission unit 704; wherein the content of the first and second substances,
an obtaining unit 701 is configured to receive an encryption key and shared data from a first computing node.
The processing unit 702 is configured to invoke a container interface corresponding to the shared data, and acquire the fragment data corresponding to the shared data by using the encryption key acquired by the acquiring unit 701.
An operation unit 703 is configured to perform an operation on the sliced data acquired by the processing unit 702, and the container is used to provide a trusted execution environment for the sliced data.
Optionally, the processing unit 702 is further configured to create a container corresponding to the client; the container is used for providing a trusted execution environment of source data of the second computing node, and the fragmented data is the source data; or the like, or, alternatively,
the processing unit 702 is further configured to create a container corresponding to a preset data type; the container is used for providing a trusted execution environment of data of a preset type, and the fragment data is the data of the preset type.
Optionally, the sending unit 704 is configured to send the trusted attestation of the container to the first computing node; the trusted attestation is to attest to a trusted execution environment of the first computing node that the second computing node is capable of providing the sharded data.
Optionally, the processing unit 702 is further configured to invoke a container interface corresponding to the shared data, decrypt the encryption key with the second key to obtain a first key, and decrypt the shared data according to the first key to obtain the fragmented data.
Optionally, the obtaining unit 701 is further configured to receive a second public key from the first computing node.
The processing unit 702 is configured to invoke a container interface corresponding to the fragmented data, generate a third private key, generate a second key according to the second public key and the third private key received by the obtaining unit 701, and send the second key to the first computing node.
For specific definition of the computing node, see the above definition of the data processing method, which is not described herein again. The various modules in the computer device described above may be implemented in whole or in part by software, hardware, and combinations thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, which may be a server, and its internal structure diagram may be as shown in fig. 8. The computer device includes a processor, a memory, and a network interface connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The database of the computer device is used for storing initial data, and the network interface of the computer device is used for communicating with an external terminal through network connection. The computer program is executed by a processor to implement a data processing method.
Those skilled in the art will appreciate that the configuration shown in fig. 8 is a block diagram of only a portion of the configuration associated with the present application and is not intended to limit the computing device to which the present application may be applied, and that a particular computing device may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, a computer device is provided, comprising a memory and a processor, the memory storing a computer program, the processor implementing the following steps when executing the computer program:
the first computing node receives initial data from a client.
The first computing node calls a container interface corresponding to the initial data, performs data disassembly processing on the initial data to obtain a plurality of fragment data, and performs encryption processing on the plurality of fragment data to obtain a plurality of shared data; the container is used to provide a trusted execution environment for the initial data.
The first computing node determines a plurality of second computing nodes matched with the types of the shared data, and sends an encryption key corresponding to the shared data matched with the second computing nodes to the second computing nodes, so that the second computing nodes obtain the fragment data corresponding to the shared data according to the encryption key.
In one embodiment, a computer device is provided, comprising a memory and a processor, the memory storing a computer program, the processor implementing the following steps when executing the computer program:
the second computing node receives the encryption key and the shared data from the first computing node.
And the second computing node calls a container interface corresponding to the shared data, acquires the fragment data corresponding to the shared data by using the encryption key and operates the fragment data, and the container is used for providing a trusted execution environment of the fragment data.
In one embodiment, a computer-readable storage medium is provided, having stored thereon a computer program which, when executed by a processor, performs the steps of:
the first computing node receives initial data from a client.
The first computing node calls a container interface corresponding to the initial data, performs data disassembly processing on the initial data to obtain a plurality of fragment data, and performs encryption processing on the plurality of fragment data to obtain a plurality of shared data; the container is used to provide a trusted execution environment for the initial data.
The first computing node determines a plurality of second computing nodes matched with the types of the shared data, and sends an encryption key corresponding to the shared data matched with the second computing nodes to the second computing nodes, so that the second computing nodes obtain the fragment data corresponding to the shared data according to the encryption key.
In one embodiment, a computer-readable storage medium is provided, having stored thereon a computer program which, when executed by a processor, performs the steps of:
the second computing node receives the encryption key and the shared data from the first computing node.
And the second computing node calls a container interface corresponding to the shared data, acquires the fragment data corresponding to the shared data by using the encryption key and operates the fragment data, and the container is used for providing a trusted execution environment of the fragment data.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database or other medium used in the embodiments provided herein can include at least one of non-volatile and volatile memory. Non-volatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical storage, or the like. Volatile Memory can include Random Access Memory (RAM) or external cache Memory. By way of illustration and not limitation, RAM can take many forms, such as Static Random Access Memory (SRAM) or Dynamic Random Access Memory (DRAM), among others.
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims (16)

1. A method of data processing, the method comprising:
a first computing node receives initial data from a client;
the first computing node calls a container interface corresponding to the initial data, performs data disassembly processing on the initial data to obtain a plurality of fragment data, and performs encryption processing on the plurality of fragment data to obtain a plurality of shared data; the container is used for providing a trusted execution environment of the initial data;
the first computing node determines a plurality of second computing nodes matched with the types of the shared data, and sends an encryption key corresponding to the shared data matched with the second computing nodes to the second computing nodes, so that the second computing nodes obtain the fragment data corresponding to the shared data according to the encryption key.
2. The data processing method of claim 1, wherein before the first computing node receives the initial data sent by the client, the method further comprises:
the first computing node creates the container corresponding to the client; the container is used for providing a trusted execution environment of source data of the client, and the initial data is the source data;
or the like, or, alternatively,
the first computing node creates the container corresponding to the preset data type; the container is used for providing a trusted execution environment of the preset type of data, and the initial data is the preset type of data.
3. The data processing method according to claim 1 or 2, wherein before the first computing node receives the initial data sent by the client, the method further comprises:
the first computing node sending a trustworthy attestation of the container to the client; the trusted attestation is to attest to a trusted execution environment of the client that the first computing node is capable of providing the initial data.
4. The data processing method according to claim 1 or 2, wherein the first computing node calls a container interface corresponding to the initial data, and performs data disassembly processing on the initial data to obtain a plurality of fragmented data, and the method includes:
and the first computing node calls a container interface corresponding to the initial data, decrypts the initial data by using a first key, and performs data disassembly processing on the decrypted initial data to obtain the plurality of fragment data.
5. The data processing method of claim 4, wherein prior to the first computing node receiving the initial data from the client, further comprising:
the first computing node receiving a first public key from the client;
the first computing node calls a container interface corresponding to the initial data to generate a second private key, generates the first key according to the first public key and the second private key, and sends the first key to the client.
6. The data processing method according to claim 4 or 5, wherein the generation method of the encryption key includes:
and the first computing node encrypts the first key by using a second key to obtain the encryption key.
7. A method of data processing, the method comprising:
the second computing node receives the encryption key and the shared data from the first computing node;
and the second computing node calls a container interface corresponding to the shared data, acquires the fragment data corresponding to the shared data by using the encryption key, and operates the fragment data, wherein the container is used for providing a trusted execution environment of the fragment data.
8. The data processing method of claim 7, wherein before the second computing node receives the encryption key and the shared data from the first computing node, further comprising:
the second computing node creates the container corresponding to the client; the container is used for providing a trusted execution environment of source data of the second computing node, and the fragmented data is the source data;
or the like, or, alternatively,
the second computing node creates the container corresponding to the preset data type; the container is used for providing a trusted execution environment for the preset type of data, and the fragmented data is the preset type of data.
9. The data processing method of claim 7 or 8, wherein before the second computing node receives the encryption key and the shared data from the first computing node, the method further comprises:
the second computing node sending a trustworthy attestation of the container to the first computing node; the trusted attestation is to attest to the first computing node that the second computing node is capable of providing a trusted execution environment of the sharded data.
10. The data processing method according to claim 7 or 8, wherein the second computing node calls a container interface corresponding to the shared data, and acquires the fragment data corresponding to the shared data by using the encryption key, and the method includes:
and the second computing node calls a container interface corresponding to the shared data, decrypts the encrypted key by using a second key to obtain a first key, and decrypts the shared data according to the first key to obtain the fragmented data.
11. The data processing method of claim 10, wherein before the second computing node receives the encryption key and the shared data from the first computing node, further comprising:
the second computing node receiving a second public key from the first computing node;
and the second computing node calls a container interface corresponding to the fragment data to generate a third private key, generates the second key according to the second public key and the third private key, and sends the second key to the first computing node.
12. A computing node, comprising:
the acquisition unit is used for receiving initial data from the client;
the processing unit is used for calling a container interface corresponding to the initial data, performing data disassembly processing on the initial data received by the acquisition unit to obtain a plurality of fragment data, and performing encryption processing on the plurality of fragment data to obtain a plurality of shared data; the container is used for providing a trusted execution environment of the initial data;
the processing unit is further configured to determine a plurality of second computing nodes with matched types of the plurality of shared data;
and the sending unit is used for sending an encryption key corresponding to the shared data matched with the second computing node to the second computing node, so that the second computing node obtains the fragment data corresponding to the shared data according to the encryption key.
13. A computing node, comprising:
an acquisition unit configured to receive an encryption key and shared data from a first computing node;
the processing unit is used for calling a container interface corresponding to the shared data and acquiring the fragment data corresponding to the shared data by using the encryption key acquired by the acquisition unit;
and the operation unit is used for operating the fragment data acquired by the processing unit, and the container is used for providing a trusted execution environment of the fragment data.
14. A data processing system comprising a compute node as claimed in claim 12 and claim 13.
15. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor, when executing the computer program, implements the steps of the method according to any of claims 1-6;
alternatively, the first and second electrodes may be,
the processor, when executing the computer program, realizes the steps of the method of any of claims 7-11.
16. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 6;
alternatively, the first and second electrodes may be,
the computer program realizing the steps of the method of any one of claims 7-11 when executed by a processor.
CN202111202742.9A 2021-10-15 2021-10-15 Data processing method, computing node, system, computer device and storage medium Pending CN114157415A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111202742.9A CN114157415A (en) 2021-10-15 2021-10-15 Data processing method, computing node, system, computer device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111202742.9A CN114157415A (en) 2021-10-15 2021-10-15 Data processing method, computing node, system, computer device and storage medium

Publications (1)

Publication Number Publication Date
CN114157415A true CN114157415A (en) 2022-03-08

Family

ID=80462691

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111202742.9A Pending CN114157415A (en) 2021-10-15 2021-10-15 Data processing method, computing node, system, computer device and storage medium

Country Status (1)

Country Link
CN (1) CN114157415A (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114640676A (en) * 2022-03-25 2022-06-17 山东众量信息科技有限公司 Multi-element big data sharing method and system
CN114785524A (en) * 2022-05-06 2022-07-22 中国工商银行股份有限公司 Electronic seal generation method, device, equipment and medium
CN115314202A (en) * 2022-10-10 2022-11-08 哈尔滨工业大学(深圳)(哈尔滨工业大学深圳科技创新研究院) Data processing method based on secure multi-party computing, electronic equipment and storage medium
CN115587394A (en) * 2022-08-24 2023-01-10 广州红海云计算股份有限公司 Cloud native architecture human resource data processing method and device
CN115686867A (en) * 2022-11-30 2023-02-03 北京市大数据中心 Data mining method, device, system, equipment and medium based on cloud computing
CN116561820A (en) * 2023-07-03 2023-08-08 腾讯科技(深圳)有限公司 Trusted data processing method and related device
CN116707908A (en) * 2023-06-07 2023-09-05 广东圣千科技有限公司 Intelligent encryption method and system for message

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111181720A (en) * 2019-12-31 2020-05-19 支付宝(杭州)信息技术有限公司 Service processing method and device based on trusted execution environment
CN112926051A (en) * 2021-03-25 2021-06-08 支付宝(杭州)信息技术有限公司 Multi-party security computing method and device
CN112989319A (en) * 2021-05-12 2021-06-18 支付宝(杭州)信息技术有限公司 Method, device, electronic equipment and storage medium for realizing trusted computing
CN113342266A (en) * 2021-05-20 2021-09-03 普赛微科技(杭州)有限公司 Distributed computing method, system and storage medium based on nonvolatile memory
WO2021184962A1 (en) * 2020-03-18 2021-09-23 支付宝(杭州)信息技术有限公司 Method and apparatus for generating shared contract key

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111181720A (en) * 2019-12-31 2020-05-19 支付宝(杭州)信息技术有限公司 Service processing method and device based on trusted execution environment
WO2021184962A1 (en) * 2020-03-18 2021-09-23 支付宝(杭州)信息技术有限公司 Method and apparatus for generating shared contract key
CN112926051A (en) * 2021-03-25 2021-06-08 支付宝(杭州)信息技术有限公司 Multi-party security computing method and device
CN112989319A (en) * 2021-05-12 2021-06-18 支付宝(杭州)信息技术有限公司 Method, device, electronic equipment and storage medium for realizing trusted computing
CN113342266A (en) * 2021-05-20 2021-09-03 普赛微科技(杭州)有限公司 Distributed computing method, system and storage medium based on nonvolatile memory

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114640676B (en) * 2022-03-25 2023-10-24 中科众云(山东)大数据科技集团有限公司 Multi-metadata sharing method and system
CN114640676A (en) * 2022-03-25 2022-06-17 山东众量信息科技有限公司 Multi-element big data sharing method and system
CN114785524A (en) * 2022-05-06 2022-07-22 中国工商银行股份有限公司 Electronic seal generation method, device, equipment and medium
CN114785524B (en) * 2022-05-06 2023-12-29 中国工商银行股份有限公司 Electronic seal generation method, device, equipment and medium
CN115587394A (en) * 2022-08-24 2023-01-10 广州红海云计算股份有限公司 Cloud native architecture human resource data processing method and device
CN115587394B (en) * 2022-08-24 2023-08-08 广州红海云计算股份有限公司 Human resource data processing method and device of cloud native architecture
CN115314202B (en) * 2022-10-10 2023-01-24 哈尔滨工业大学(深圳)(哈尔滨工业大学深圳科技创新研究院) Data processing method based on secure multi-party computing, electronic equipment and storage medium
US11853449B1 (en) 2022-10-10 2023-12-26 Harbin Institute of Technology, (Shenzhen) (Shenzhen Int'l Technical Innovation Rearch Institute) Data processing method based on secure multi-party computation, electronic device, and storage medium
CN115314202A (en) * 2022-10-10 2022-11-08 哈尔滨工业大学(深圳)(哈尔滨工业大学深圳科技创新研究院) Data processing method based on secure multi-party computing, electronic equipment and storage medium
CN115686867A (en) * 2022-11-30 2023-02-03 北京市大数据中心 Data mining method, device, system, equipment and medium based on cloud computing
CN116707908A (en) * 2023-06-07 2023-09-05 广东圣千科技有限公司 Intelligent encryption method and system for message
CN116561820A (en) * 2023-07-03 2023-08-08 腾讯科技(深圳)有限公司 Trusted data processing method and related device
CN116561820B (en) * 2023-07-03 2024-04-02 腾讯科技(深圳)有限公司 Trusted data processing method and related device

Similar Documents

Publication Publication Date Title
CN114157415A (en) Data processing method, computing node, system, computer device and storage medium
CN110855671B (en) Trusted computing method and system
CN110162992B (en) Data processing method, data processing device and computer system
EP3234852B1 (en) Systems and methods for using extended hardware security modules
CN112926051B (en) Multi-party security computing method and device
US10880100B2 (en) Apparatus and method for certificate enrollment
CN112329041A (en) Contract deployment method and device
CN105873031B (en) Distributed unmanned plane cryptographic key negotiation method based on credible platform
US11374975B2 (en) TLS integration of post quantum cryptographic algorithms
US10826694B2 (en) Method for leakage-resilient distributed function evaluation with CPU-enclaves
CN110690959B (en) Unmanned aerial vehicle safety certifiable information communication processing method based on cloud platform
US11005828B1 (en) Securing data at rest
CN114584306B (en) Data processing method and related device
CN113259123B (en) Block chain data writing and accessing method and device
Bhandari et al. A framework for data security and storage in Cloud Computing
JP6592851B2 (en) Anonymous broadcast method, key exchange method, anonymous broadcast system, key exchange system, communication device, program
CN111181944B (en) Communication system, information distribution method, device, medium, and apparatus
CN113824553A (en) Key management method, device and system
CN116136911A (en) Data access method and device
CN112115461A (en) Equipment authentication method and device, computer equipment and storage medium
CN114208109A (en) Method for establishing secure data communication for a processing device, trust module for generating a cryptographic key, and field device
CN117155549A (en) Key distribution method, key distribution device, computer equipment and storage medium
CN115001744A (en) Cloud platform data integrity verification method and system
CN114866244A (en) Controllable anonymous authentication method, system and device based on ciphertext block chaining encryption
CN115391795A (en) Data processing method, related device and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination