CN114172958B - Privacy computing node, system, method, device and storage medium - Google Patents
Privacy computing node, system, method, device and storage medium Download PDFInfo
- Publication number
- CN114172958B CN114172958B CN202111409086.XA CN202111409086A CN114172958B CN 114172958 B CN114172958 B CN 114172958B CN 202111409086 A CN202111409086 A CN 202111409086A CN 114172958 B CN114172958 B CN 114172958B
- Authority
- CN
- China
- Prior art keywords
- privacy computing
- computing node
- communication
- service
- proxy service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
Abstract
The invention relates to the technical field of privacy computing, in particular to a privacy computing node, a system, a method, a device and a medium, which aim to solve the problem of how to improve the communication reliability among different computing nodes in privacy computing and simplify the computing logic of the privacy computing. The privacy computing nodes of the invention all comprise business agency service and communication agency service, and the business agency service is configured to establish communication links with other privacy computing nodes through the communication agency service of the current privacy computing node and cooperatively execute the same privacy computing task through the communication links with the business agency service of the other privacy computing nodes. The communication tasks among the different privacy computing nodes are completed through the special communication proxy service, so that the communication reliability among the different privacy computing nodes can be remarkably improved, and meanwhile, the service proxy service does not relate to the communication tasks among the different privacy computing nodes at all, so that the computing logic of the service proxy service in executing the privacy computing tasks can be remarkably simplified.
Description
Technical Field
The invention relates to the technical field of privacy computing, and particularly provides a privacy computing node, a system, a method, a device and a storage medium.
Background
Privacy computing (Privacy computer) refers to a technique of performing joint analysis computation on data of a multiparty data source on the premise that the data is not compromised. In the privacy calculation process, communication interaction and cooperative execution of the same privacy calculation task are carried out by a multiparty data source (calculation node) to finish the privacy calculation. In the current technical field of privacy computing, a point-to-point communication method is generally adopted to realize communication interaction among different computing nodes, and when the number of the computing nodes is large, the method tends to increase the complexity of the privacy computing logic, so that the computing efficiency of the privacy computing is reduced.
Disclosure of Invention
The present invention has been made to overcome the above-mentioned drawbacks, and provides a privacy computing node, a system, a method, an apparatus, and a storage medium that solve or at least partially solve the technical problem of how to improve the reliability of communication between different computing nodes in privacy computing and simplify the computing logic of privacy computing.
In a first aspect, the present invention provides a privacy computing node configured to perform the same privacy computing task in conjunction with other privacy computing nodes, each comprising a business agent service and a communication agent service;
the business proxy service is configured to establish a communication link with other privacy computing nodes through the communication proxy service of the current privacy computing node, and execute the same privacy computing task in cooperation with the business proxy service of the other privacy computing nodes through the communication link.
In one aspect of the above privacy computing node, the communication proxy service includes a first communication processing module configured to:
receiving a communication request sent by a service proxy service of a current privacy computing node, wherein the communication request comprises node information of a target privacy computing node needing to establish a communication link with the current privacy computing node and a subtask which needs to be executed by the target privacy computing node when the same privacy computing task is cooperatively executed;
determining a service address of a target communication proxy service of the target privacy computing node according to the node information;
sending a first TLS connection request for establishing mutual authentication to the target communication proxy service according to the service address, wherein the first TLS connection request comprises a subtask in the communication request;
the target communication proxy service is configured to send a subtask in the first TLS connection request to a service proxy service of the target privacy computing node after the current privacy computing node and the target privacy computing node finish bidirectional authentication on the first TLS connection request, so that the service proxy service executes the subtask.
In one aspect of the above privacy computing node, the communication proxy service includes a second communication processing module configured to:
receiving a second TLS connection request for establishing mutual authentication, which is sent by a target communication proxy service of a target privacy computing node for establishing a communication link with a current privacy computing node, wherein the second TLS connection request comprises a subtask which needs to be executed by the current privacy computing node when the same privacy computing task is cooperatively executed;
and after the current privacy computing node and the target privacy computing node finish the mutual authentication on the second TLS connection request, sending the subtask in the second TLS connection request to the service proxy service of the current privacy computing node so that the service proxy service executes the subtask.
In one technical scheme of the privacy computing node, the first communication processing module includes a routing table, and node information of each privacy computing node and a service address of a communication proxy service are stored in the routing table; the first communication processing module is further configured to query the routing table according to node information of the target privacy computing node, and determine a service address of a target communication proxy service of the target privacy computing node.
In one technical scheme of the privacy computing node, the second communication processing module is a communication processing module constructed based on a reverse proxy service technology.
In a second aspect, a privacy computing system is provided, where the system includes any one of the privacy computing nodes described above.
In a third aspect, a privacy computing method is provided and applied to a privacy computing node, where the privacy computing node includes a business agent service and a communication agent service, and the method includes:
and controlling the service proxy service of the current privacy computing node to establish communication links with other privacy computing nodes through the communication proxy service of the current privacy computing node, and executing the same privacy computing task through the cooperation of the communication links and the service proxy service of the other privacy computing nodes.
In one technical solution of the above privacy computing method, the method further includes controlling a communication proxy service of the current privacy computing node to send a subtask that needs to be executed by the target privacy computing node when executing the same privacy computing task cooperatively to the target privacy computing node that needs to establish a communication link with the current privacy computing node by executing the following steps:
receiving a communication request sent by a service proxy service of a current privacy computing node, wherein the communication request comprises node information of the target privacy computing node and subtasks which are required to be executed by the target privacy computing node when the same privacy computing task is cooperatively executed;
determining a service address of a target communication proxy service of the target privacy computing node according to the node information;
sending a first TLS connection request for establishing mutual authentication to the target communication proxy service according to the service address, wherein the first TLS connection request comprises a subtask in the communication request;
the target communication proxy service is configured to send a subtask in the first TLS connection request to a business proxy service of the target privacy computing node after the current privacy computing node and the target privacy computing node finish bidirectional authentication on the first TLS connection request, so that the business proxy service executes the subtask;
and/or the number of the groups of groups,
the method further includes controlling a communication proxy service of the current privacy computing node to receive a subtask that needs to be executed by the current privacy computing node when executing the same privacy computing task cooperatively, sent by a target privacy computing node that establishes a communication link with the current privacy computing node, by performing the following steps:
receiving a second TLS connection request for establishing mutual authentication, which is sent by a target communication proxy service of a target privacy computing node for establishing a communication link with a current privacy computing node, wherein the second TLS connection request comprises a subtask which needs to be executed by the current privacy computing node when the same privacy computing task is cooperatively executed;
and after the current privacy computing node and the target privacy computing node finish the mutual authentication on the second TLS connection request, sending the subtask in the second TLS connection request to the service proxy service of the current privacy computing node so that the service proxy service executes the subtask.
In one technical scheme of the privacy calculating method, the method further comprises the steps of inquiring a routing table according to node information of the target privacy calculating node, and determining a service address of a target communication proxy service of the target privacy calculating node; and the routing table stores node information of each privacy computing node and a service address of the communication proxy service.
In one technical scheme of the privacy computing method, the method further comprises the sub-task of controlling the communication proxy service of the current privacy computing node to receive the target privacy computing node which establishes the communication link with the current privacy computing node based on the reverse proxy service technology.
In a fourth aspect, a control device is provided, which includes a processor and a storage device, where the storage device is adapted to store a plurality of program codes, and the program codes are adapted to be loaded and executed by the processor to perform the privacy calculation method according to any one of the above-mentioned privacy calculation methods.
In a fifth aspect, there is provided a computer readable storage medium having stored therein a plurality of program codes adapted to be loaded and executed by a processor to perform the privacy calculation method according to any one of the above-mentioned privacy calculation methods.
The technical scheme provided by the invention has at least one or more of the following beneficial effects:
in the technical scheme of implementing the invention, each privacy computing node can comprise a business agent service and a communication agent service, and the business agent service can be configured to establish a communication link with other privacy computing nodes through the communication agent service of the current privacy computing node and cooperatively execute the same privacy computing task with the business agent service of the other privacy computing nodes through the communication link. That is, the service proxy service is responsible for completing the privacy calculation task in the privacy calculation, the communication proxy service is responsible for completing the communication task between different privacy calculation nodes in the privacy calculation, and the privacy calculation task and the communication task in the privacy calculation are completely decoupled and completed by different proxy services. The communication tasks among the different privacy computing nodes are completed through the special communication proxy service, so that the communication reliability among the different privacy computing nodes can be remarkably improved, and meanwhile, the service proxy service does not relate to the communication tasks among the different privacy computing nodes at all, so that the computing logic of the service proxy service in executing the privacy computing tasks can be remarkably simplified.
Drawings
The present disclosure will become more readily understood with reference to the accompanying drawings. As will be readily appreciated by those skilled in the art: the drawings are for illustrative purposes only and are not intended to limit the scope of the present invention. Moreover, like numerals in the figures are used to designate like parts, wherein:
FIG. 1 is a schematic block diagram of the primary architecture of a privacy computing node in accordance with one embodiment of the invention;
FIG. 2 is a schematic flow diagram of the primary operation of a communication proxy service in a privacy computing node in accordance with one embodiment of the present invention;
FIG. 3 is a block diagram illustrating the primary structure of a communication proxy service in a privacy computing node in accordance with one embodiment of the present invention;
fig. 4 is a flow chart illustrating main steps of a privacy calculation method according to an embodiment of the present invention.
List of reference numerals:
11: a service agent service; 12: a communication proxy service; 21: a route analysis module; 22: a network request module; 23: and a reverse proxy module.
Detailed Description
Some embodiments of the invention are described below with reference to the accompanying drawings. It should be understood by those skilled in the art that these embodiments are merely for explaining the technical principles of the present invention, and are not intended to limit the scope of the present invention.
In the description of the present invention, a "module," "processor" may include hardware, software, or a combination of both. A module may comprise hardware circuitry, various suitable sensors, communication ports, memory, or software components, such as program code, or a combination of software and hardware. The processor may be a central processor, a microprocessor, a digital signal processor, or any other suitable processor. The processor has data and/or signal processing functions. The processor may be implemented in software, hardware, or a combination of both. Non-transitory computer readable storage media include any suitable medium that can store program code, such as magnetic disks, hard disks, optical disks, flash memory, read-only memory, random access memory, and the like. The term "a and/or B" means all possible combinations of a and B, such as a alone, B alone or a and B. The term "at least one A or B" or "at least one of A and B" has a meaning similar to "A and/or B" and may include A alone, B alone or A and B. The singular forms "a", "an" and "the" include plural referents.
Some terms related to the present invention will be explained first.
Privacy computing (Privacy computer) refers to a technology of performing joint analysis computation on data of a multiparty data source on the premise that the data is not compromised, and a Privacy computing node refers to a device such as a computer capable of executing a Privacy computing method. Privacy calculation methods include, but are not limited to: multiparty security computing, federal learning, etc. In an embodiment of the present invention, the calculation object of the privacy calculation method may be data in the technical field of financial wind control, for example, may be behavior data generated in financial transactions by different objects (such as individuals or enterprises) in the technical field of financial wind control, and the privacy calculation task of the privacy calculation method may be that a federal learning method may be adopted and the score card model is trained by using the behavior data, so as to obtain credit of the object to be scored by using the trained score card model, and further determine whether the object to be scored has a default risk according to the credit.
The transport layer security protocol (Transport Layer Security, TLS) refers to a conventional security protocol in the field of communication technology, and can be classified into unidirectional TLS authentication and bidirectional TLS authentication according to different authentication modes, where unidirectional TLS authentication refers to that only one object checks the validity of the opposite end, such as that of the client checks the validity of the server end (identity authentication), and bidirectional TLS authentication refers to that two objects mutually check the validity of the opposite end, such as that of the client and the server end mutually check the validity of the opposite end (identity authentication). The first TLS connection request and the second TLS connection request in the embodiment of the present invention are both connection requests generated when bidirectional TLS authentication is adopted.
Reverse proxy service refers to a conventional proxy technology in the computer arts that refers to making requests to internal servers on behalf of external network users, forwarding those requests to the internal servers, and then returning responses derived from the internal servers to the external network users.
Referring to fig. 1, fig. 1 is a main block diagram of a privacy computing node according to one embodiment of the present invention. The privacy computing nodes may be configured to perform the same privacy computing tasks in conjunction with other privacy computing nodes, as shown in fig. 1, each of which may include a business agent service 11 and a communication agent service 12. The business agent service may be configured to establish a communication link with the other privacy computing nodes through the communication agent service of the current privacy computing node and to perform the same privacy computing task in cooperation with the business agent service of the other privacy computing nodes through the communication link.
The service proxy service 11 refers to a functional module, a program, a routine, a process, or the like provided by a privacy computing node and capable of completing a privacy computing task in privacy computing, and the communication proxy service 12 refers to a functional module, a program, a routine, a process, or the like provided by a privacy computing node and capable of completing a communication task between different privacy computing nodes in privacy computing.
The privacy computing task can be a task which is constructed according to actual requirements and is completed by combining data of different privacy computing nodes. For example, the privacy computing task may be to cooperatively train the same scoring card model by using financial wind control data held by different privacy computing nodes, so as to determine credit scores of different objects by using the scoring card model, classify each object according to the credit scores, and classify objects with or without an offending risk.
It should be noted that, in the embodiment of the present invention, a privacy computing method that is conventional in the technical field of privacy computing may be used to control a plurality of privacy computing nodes to cooperatively execute the same privacy computing task, for example, a multiparty security computing method or a federal learning method is used, which is not described herein.
Because the service proxy service is only responsible for completing the privacy calculation tasks in the privacy calculation, and the communication tasks among different privacy calculation nodes are completely completed by the communication proxy service, the privacy calculation tasks and the communication tasks in the privacy calculation can be completely decoupled. The communication tasks among the different privacy computing nodes are completed through the special communication proxy service, so that the communication reliability among the different privacy computing nodes can be remarkably improved, and meanwhile, the service proxy service does not relate to the communication tasks among the different privacy computing nodes at all, so that the computing logic of the service proxy service in executing the privacy computing tasks can be remarkably simplified.
The communication proxy service 12 is further described below.
In one embodiment according to the present invention, the communication proxy service 12 may include a first communication processing module that may be configured to perform the steps of:
step 11: the communication request sent by the service proxy service of the current privacy computing node is received, and the communication request can include node information of a target privacy computing node needing to establish a communication link with the current privacy computing node and a subtask which needs to be executed by the target privacy computing node when the same privacy computing task is cooperatively executed.
Node information refers to information that can uniquely indicate which node the privacy computing node is. In this embodiment, the service proxy service may be controlled to send a communication request to the communication proxy service by carrying node information in the manner of using an HTTP request message. For example, when the node information is a URL address (Uniform Resource Locator ) of the privacy computing node, the URL address of the target privacy computing node may be carried by URL information in the HTTP request message.
Subtasks refer to tasks executed at different stages in the process of cooperatively completing the same privacy computing task, and the privacy computing task can be completed after the tasks in all stages are completed. For example, when the federal learning method is adopted to control all the privacy computing nodes to cooperatively train the same scoring card model, each privacy computing node obtains the model parameters owned by each privacy computing node after carrying out iterative training on the scoring card model according to the data owned by each privacy computing node, and at the moment, each privacy computing node needs to exchange data with other privacy computing nodes to obtain the model parameters obtained by other privacy computing nodes, so that the final model parameters can be obtained. And the data exchange with other privacy computing nodes is performed, and obtaining the model parameters by other privacy computing nodes is a subtask of the privacy computing task.
Step 12: and determining the service address of the target communication proxy service of the target privacy computing node according to the node information.
In this embodiment, a service address of a corresponding communication proxy service may be preset for each node information, so that the corresponding service address may be directly queried according to the node information.
In one embodiment, the node information of each privacy computing node and the service address of the communication proxy service may be stored in a routing table, and the first communication processing module may be further configured to query the routing table according to the node information of the target privacy computing node, and determine the service address of the target communication proxy service of the target privacy computing node. The format of the routing table includes, but is not limited to: yaml format, json format, scv format, databases, etc.
Step 13: and sending a first TLS connection request for establishing the mutual authentication to the target communication proxy service according to the service address, wherein the first TLS connection request can comprise a subtask in the communication request. After receiving the first TLS connection request, the target communication proxy service may send the subtask in the first TLS connection request to the service proxy service of the target privacy computing node after the current privacy computing node and the target privacy computing node finish the bidirectional authentication on the first TLS connection request, so that the service proxy service executes the subtask.
In this embodiment, a TLS method, which is conventional in the communication technology field, may be used to control the communication proxy service to send a first TLS connection request for establishing bidirectional authentication to the target communication proxy service according to the service address, and the working principle of the TLS method is not described herein.
The operation flow of the communication proxy service is further described below with reference to fig. 2, in which the current privacy computing node is taken as a privacy computing node a, and the target privacy computing node is taken as a privacy computing node B. Referring to fig. 2, a specific process of the privacy computing node a sending a communication request to the privacy computing node B through its communication proxy service is described in the following steps S101 to S106.
Step S101: the service proxy service of the privacy computing node A sends a communication request to the communication proxy service of the privacy computing node A. The communication request includes a subtask that needs to be performed by the privacy computing node B when cooperatively performing the same privacy computing task.
Step S102: and obtaining a routing table.
Step S103: and analyzing the communication request to determine the service address.
The communication proxy service of the privacy computing node A analyzes the communication request to obtain node information of the privacy computing node B, and queries a routing table according to the node information to obtain a service address of the communication proxy service of the privacy computing node B.
Step S104: the TLS client key is configured.
And after the TLS client key is configured, establishing a first TLS connection request of mutual authentication to the communication proxy service of the privacy computing node B. The first TLS connection request includes the subtasks included in the communication request in step S101.
Step S105: the reverse proxy service configures the TLS server key.
The reverse proxy service (i.e., the second communication processing module in the communication proxy service, which is specifically described in another embodiment) in the communication proxy service of the privacy computing node B configures the TLS server key, so that the privacy computing node a and the privacy computing node B can complete bidirectional authentication according to the TLS client key and the TLS server key, respectively. Meanwhile, after the bidirectional authentication is passed, the communication proxy service of the privacy computing node B sends a subtask of the first TLS connection request to the service proxy service of the privacy computing node B, so that the service proxy service of the privacy computing node B performs the subtask.
Step S106: the service proxy service of the privacy computing node B receives the communication request.
The service proxy service of the privacy computing node B receives the subtasks sent by the communication proxy service, namely the service proxy service of the privacy computing node A sends the communication request to be received. At the same time, this sub-task may be performed after it is received.
In another embodiment according to the present invention, the communication proxy service 12 may include a second communication processing module, which may be a communication processing module constructed based on a reverse proxy service technique, and the second communication processing module may be configured to perform the steps of:
step 21: and receiving a second TLS connection request for establishing mutual authentication, which is sent by a target communication proxy service of a target privacy computing node for establishing a communication link with the current privacy computing node, wherein the second TLS connection request can comprise a subtask which needs to be executed by the current privacy computing node when the same privacy computing task is cooperatively executed.
It should be noted that the second TLS connection request and the subtask are similar to the first TLS connection request and the subtask in the foregoing embodiments, respectively, and are not described herein again.
Step 22: and after the current privacy computing node and the target privacy computing node finish the mutual authentication on the second TLS connection request, the subtasks in the second TLS connection request are sent to the business agency service of the current privacy computing node so that the business agency service executes the subtasks.
With continued reference to fig. 2, assuming that the current privacy computing node is a privacy computing node B, and the target privacy computing node is a privacy computing node a, the privacy computing node a may send a second TLS connection request for establishing bidirectional authentication to the communication proxy service of the privacy computing node B through the communication proxy service (step S104), and after the privacy computing node a and the privacy computing node B complete bidirectional authentication on the second TLS connection request, the privacy computing node B may send a subtask in the second TLS connection request to the service proxy service of the privacy computing node B (step S105), so that the service proxy service executes the subtask.
Referring to fig. 3, in still another implementation of the embodiment of the present invention, the communication proxy service may include a route parsing module 21, a network request module 22, and a reverse proxy module 23. The functions of the module of the route analysis module 21 are similar to those described in steps 11 to 12 that can be executed by the first communication processing module in the foregoing embodiment, the functions of the module of the network request module 22 are similar to those described in step 13 that can be executed by the first communication processing module in the foregoing embodiment, and the functions of the module of the reverse proxy module 23 are similar to those described in steps 21 to 22 that can be executed by the second communication processing module in the foregoing embodiment, which are not repeated herein.
The invention further provides a privacy computing system.
In an embodiment of a privacy computing system according to the present invention, the privacy computing system may comprise a plurality of privacy computing nodes as described in the foregoing privacy computing node embodiments. For convenience of explanation, only the portions relevant to the embodiments of the present invention are shown, and specific technical details are not disclosed, please refer to the privacy calculating node portion of the embodiments of the present invention.
The invention further provides a privacy calculating method.
In an embodiment of a privacy computing method according to the present invention, the privacy computing method may be applied to a privacy computing node, which may include a business agent service and a communication agent service. Referring to fig. 4, the privacy calculating method in the embodiment of the present invention may include the following steps S201 to S202.
Step S201: and controlling the service proxy service of the current privacy computing node to establish communication links with other privacy computing nodes through the communication proxy service of the current privacy computing node.
It should be noted that, the meanings of the privacy computing node, the service proxy service and the communication proxy service are similar to those of the privacy computing node, the service proxy service and the communication proxy service in the foregoing embodiments of the privacy computing node, and are not described herein again.
Step S202: the same privacy computing task is performed in coordination with the business agent services of other privacy computing nodes via the communication link.
It should be noted that the meanings of the privacy calculation tasks are similar to those of the privacy calculation tasks in the foregoing embodiment of the privacy calculation node, and are not described herein again.
Because the service proxy service is only responsible for completing the privacy calculation tasks in the privacy calculation, and the communication tasks among the different privacy calculation nodes are all completed by the communication proxy service, the privacy calculation tasks and the communication tasks in the privacy calculation can be completely decoupled, so that the communication reliability among the different privacy calculation nodes can be remarkably improved, and the calculation logic of the service proxy service in executing the privacy calculation tasks can be remarkably simplified.
Further, in one implementation of the embodiment of the present invention, the communication proxy service of the current privacy computing node may be controlled to send the subtasks that the target privacy computing node needs to perform when cooperatively performing the same privacy computing task to the target privacy computing node that needs to establish a communication link with the current privacy computing node by performing the following steps 31 to 33:
step 31: and receiving a communication request sent by the service proxy service of the current privacy computing node, wherein the communication request can comprise node information of the target privacy computing node and subtasks which are required to be executed by the target privacy computing node when the same privacy computing task is cooperatively executed. Step 32: and determining the service address of the target communication proxy service of the target privacy computing node according to the node information. Step 33: sending a first TLS connection request for establishing mutual authentication to a target communication proxy service according to the service address, wherein the first TLS connection request can comprise a subtask in the communication request; the target communication proxy service may be configured to send the subtask in the first TLS connection request to the business proxy service of the target privacy computing node after the current privacy computing node and the target privacy computing node finish the mutual authentication of the first TLS connection request, so that the business proxy service performs the subtask.
It should be noted that, the steps 31 to 33 are similar to the steps 11 to 13 in the foregoing embodiment of the privacy calculating node, and are not repeated here.
Further, in one implementation of the embodiment of the present invention, the communication proxy service of the current privacy computing node may be controlled to receive the subtasks that the current privacy computing node needs to perform when cooperatively performing the same privacy computing task, sent by the target privacy computing node that establishes a communication link with the current privacy computing node, by performing the following steps 41 to 42:
step 41: and receiving a second TLS connection request for establishing the mutual authentication, which is sent by a target communication proxy service of a target privacy computing node for establishing a communication link with the current privacy computing node, wherein the second TLS connection request can comprise a subtask which needs to be executed by the current privacy computing node when the same privacy computing task is cooperatively executed. Step 42: and after the current privacy computing node and the target privacy computing node finish the mutual authentication on the second TLS connection request, the subtasks in the second TLS connection request are sent to the business agency service of the current privacy computing node so that the business agency service executes the subtasks. In addition, in this embodiment, the communication proxy service of the current privacy computing node may be controlled to receive the subtask sent by the target privacy computing node that establishes the communication link with the current privacy computing node based on the reverse proxy service technology.
It should be noted that, the steps 41 to 42 are similar to the steps 21 to 22 in the foregoing embodiment of the privacy calculating node, and are not repeated here.
Further, in one implementation of the embodiment of the present invention, the service address of the target communication proxy service of the target privacy computing node may be determined by querying the routing table according to the node information of the target privacy computing node; the routing table stores node information of each privacy computing node and a service address of the communication proxy service.
It should be noted that, although the foregoing embodiments describe the steps in a specific order, it will be understood by those skilled in the art that, in order to achieve the effects of the present invention, the steps are not necessarily performed in such an order, and may be performed simultaneously (in parallel) or in other orders, and these variations are within the scope of the present invention.
It will be appreciated by those skilled in the art that the present invention may implement all or part of the above-described methods according to the above-described embodiments, or may be implemented by means of a computer program for instructing relevant hardware, where the computer program may be stored in a computer readable storage medium, and where the computer program may implement the steps of the above-described embodiments of the method when executed by a processor. Wherein the computer program comprises computer program code which may be in source code form, object code form, executable file or some intermediate form etc. The computer readable storage medium may include: any entity or device, medium, usb disk, removable hard disk, magnetic disk, optical disk, computer memory, read-only memory, random access memory, electrical carrier wave signals, telecommunications signals, software distribution media, and the like capable of carrying the computer program code. It should be noted that the computer readable storage medium may include content that is subject to appropriate increases and decreases as required by jurisdictions and by jurisdictions in which such computer readable storage medium does not include electrical carrier signals and telecommunications signals.
Further, the invention also provides a control device. In one control device embodiment according to the present invention, the control device includes a processor and a storage device, the storage device may be configured to store a program for executing the privacy calculation method of the above-described method embodiment, and the processor may be configured to execute the program in the storage device, including, but not limited to, the program for executing the privacy calculation method of the above-described method embodiment. For convenience of explanation, only those portions of the embodiments of the present invention that are relevant to the embodiments of the present invention are shown, and specific technical details are not disclosed, please refer to the method portions of the embodiments of the present invention. The control device may be a control device formed of various electronic devices.
Further, the invention also provides a computer readable storage medium. In one embodiment of the computer-readable storage medium according to the present invention, the computer-readable storage medium may be configured to store a program for performing the privacy calculation method of the above-described method embodiment, which may be loaded and executed by a processor to implement the privacy calculation method described above. For convenience of explanation, only those portions of the embodiments of the present invention that are relevant to the embodiments of the present invention are shown, and specific technical details are not disclosed, please refer to the method portions of the embodiments of the present invention. The computer readable storage medium may be a storage device including various electronic devices, and optionally, the computer readable storage medium in the embodiments of the present invention is a non-transitory computer readable storage medium.
Further, it should be understood that, since the respective modules are merely set to illustrate the functional units of the apparatus of the present invention, the physical devices corresponding to the modules may be the processor itself, or a part of software in the processor, a part of hardware, or a part of a combination of software and hardware. Accordingly, the number of individual modules in the figures is merely illustrative.
Those skilled in the art will appreciate that the various modules in the apparatus may be adaptively split or combined. Such splitting or combining of specific modules does not cause the technical solution to deviate from the principle of the present invention, and therefore, the technical solution after splitting or combining falls within the protection scope of the present invention.
Thus far, the technical solution of the present invention has been described in connection with the preferred embodiments shown in the drawings, but it is easily understood by those skilled in the art that the scope of protection of the present invention is not limited to these specific embodiments. Equivalent modifications and substitutions for related technical features may be made by those skilled in the art without departing from the principles of the present invention, and such modifications and substitutions will fall within the scope of the present invention.
Claims (12)
1. A privacy computing node configured to perform the same privacy computing task in conjunction with other privacy computing nodes, each comprising a business agent service and a communication agent service;
the business proxy service is configured to establish communication links with other privacy computing nodes through the communication proxy service of the current privacy computing node, and execute the same privacy computing task in cooperation with the business proxy service of the other privacy computing nodes through the communication links;
the communication proxy service is configured to: and sending a connection request which establishes authentication and comprises a subtask which needs to be executed when the same privacy computing task is cooperatively executed to other privacy computing nodes which establish communication links with the other privacy computing nodes according to a communication request sent by the service proxy service of the current privacy computing node, so that the other privacy computing nodes execute the subtask after the authentication is completed.
2. The privacy computing node of claim 1, wherein the communication proxy service comprises a first communication processing module configured to:
receiving a communication request sent by a service proxy service of a current privacy computing node, wherein the communication request comprises node information of a target privacy computing node needing to establish a communication link with the current privacy computing node and a subtask which needs to be executed by the target privacy computing node when the same privacy computing task is cooperatively executed;
determining a service address of a target communication proxy service of the target privacy computing node according to the node information;
sending a first TLS connection request for establishing mutual authentication to the target communication proxy service according to the service address, wherein the first TLS connection request comprises a subtask in the communication request;
the target communication proxy service is configured to send a subtask in the first TLS connection request to a service proxy service of the target privacy computing node after the current privacy computing node and the target privacy computing node finish bidirectional authentication on the first TLS connection request, so that the service proxy service executes the subtask.
3. The privacy computing node of claim 1, wherein the communication proxy service comprises a second communication processing module configured to:
receiving a second TLS connection request for establishing mutual authentication, which is sent by a target communication proxy service of a target privacy computing node for establishing a communication link with a current privacy computing node, wherein the second TLS connection request comprises a subtask which needs to be executed by the current privacy computing node when the same privacy computing task is cooperatively executed;
and after the current privacy computing node and the target privacy computing node finish the mutual authentication on the second TLS connection request, sending the subtask in the second TLS connection request to the service proxy service of the current privacy computing node so that the service proxy service executes the subtask.
4. The privacy computing node of claim 2, wherein the first communication processing module comprises a routing table storing node information for each privacy computing node and a service address for a communication proxy service; the first communication processing module is further configured to query the routing table according to node information of the target privacy computing node, and determine a service address of a target communication proxy service of the target privacy computing node.
5. The privacy computing node of claim 3, wherein the second communication processing module is a communication processing module constructed based on reverse proxy service technology.
6. A privacy computing system comprising a plurality of privacy computing nodes of any of claims 1 to 5.
7. A privacy computing method applied to a privacy computing node, the privacy computing node comprising a business agent service and a communication agent service, the method comprising:
controlling the service proxy service of the current privacy computing node to establish communication links with other privacy computing nodes through the communication proxy service of the current privacy computing node, and executing the same privacy computing task in cooperation with the service proxy service of the other privacy computing nodes through the communication links;
the cooperative execution of the same privacy calculation task with the service proxy service of other privacy calculation nodes through the communication link comprises:
and controlling the communication proxy service to send a connection request which establishes authentication and comprises subtasks to be executed when the same privacy computing task is cooperatively executed to other privacy computing nodes which establish communication links with the communication proxy service according to the communication request sent by the business proxy service of the current privacy computing node, so that the other privacy computing nodes execute the subtasks after the authentication is completed.
8. The privacy computing method of claim 7, further comprising controlling a communication proxy service of the current privacy computing node to send a subtask that the target privacy computing node needs to perform in coordination with performing the same privacy computing task to the target privacy computing node that needs to establish a communication link with the current privacy computing node by:
receiving a communication request sent by a service proxy service of a current privacy computing node, wherein the communication request comprises node information of the target privacy computing node and subtasks which are required to be executed by the target privacy computing node when the same privacy computing task is cooperatively executed;
determining a service address of a target communication proxy service of the target privacy computing node according to the node information;
sending a first TLS connection request for establishing mutual authentication to the target communication proxy service according to the service address, wherein the first TLS connection request comprises a subtask in the communication request;
the target communication proxy service is configured to send a subtask in the first TLS connection request to a business proxy service of the target privacy computing node after the current privacy computing node and the target privacy computing node finish bidirectional authentication on the first TLS connection request, so that the business proxy service executes the subtask;
and/or the number of the groups of groups,
the method further includes controlling a communication proxy service of the current privacy computing node to receive a subtask that needs to be executed by the current privacy computing node when executing the same privacy computing task cooperatively, sent by a target privacy computing node that establishes a communication link with the current privacy computing node, by performing the following steps:
receiving a second TLS connection request for establishing mutual authentication, which is sent by a target communication proxy service of a target privacy computing node for establishing a communication link with a current privacy computing node, wherein the second TLS connection request comprises a subtask which needs to be executed by the current privacy computing node when the same privacy computing task is cooperatively executed;
and after the current privacy computing node and the target privacy computing node finish the mutual authentication on the second TLS connection request, sending the subtask in the second TLS connection request to the service proxy service of the current privacy computing node so that the service proxy service executes the subtask.
9. The privacy computing method of claim 8, further comprising determining a service address of a target communication proxy service of the target privacy computing node based on node information lookup routing tables of the target privacy computing node; and the routing table stores node information of each privacy computing node and a service address of the communication proxy service.
10. The privacy computing method of claim 8, further comprising controlling the communication proxy service of the current privacy computing node to receive the subtasks sent by the target privacy computing node establishing a communication link with the current privacy computing node based on reverse proxy service technology.
11. A control device comprising a processor and a storage device, the storage device being adapted to store a plurality of program code, characterized in that the program code is adapted to be loaded and executed by the processor to perform the privacy calculation method of any of claims 7 to 10.
12. A computer readable storage medium having stored therein a plurality of program codes, characterized in that the program codes are adapted to be loaded and executed by a processor to perform the privacy calculation method of any one of claims 7 to 10.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111409086.XA CN114172958B (en) | 2021-11-19 | 2021-11-19 | Privacy computing node, system, method, device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111409086.XA CN114172958B (en) | 2021-11-19 | 2021-11-19 | Privacy computing node, system, method, device and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114172958A CN114172958A (en) | 2022-03-11 |
| CN114172958B true CN114172958B (en) | 2023-10-20 |
Family
ID=80480566
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111409086.XA Active CN114172958B (en) | 2021-11-19 | 2021-11-19 | Privacy computing node, system, method, device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114172958B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115270201A (en) * | 2022-07-15 | 2022-11-01 | 中国银联股份有限公司 | Privacy computing device, method, system, electronic device and medium |
Citations (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102291467A (en) * | 2011-09-15 | 2011-12-21 | 电子科技大学 | Communication platform and method suitable for private cloud environment |
| CN103685175A (en) * | 2012-09-11 | 2014-03-26 | 腾讯科技(深圳)有限公司 | Method, proxy server and system for sharing logging status between application platform and application |
| CN104917782A (en) * | 2014-03-10 | 2015-09-16 | 上海奇博自动化科技有限公司 | Decentralized charging settlement method in cloud computing environment |
| CN105893158A (en) * | 2016-06-08 | 2016-08-24 | 北京工业大学 | Big data hybrid scheduling model on private cloud condition |
| CN108604202A (en) * | 2016-05-12 | 2018-09-28 | 华为技术有限公司 | The working node of parallel processing system (PPS) is rebuild |
| CN110213230A (en) * | 2019-04-26 | 2019-09-06 | 特斯联(北京)科技有限公司 | A kind of network security verification method and device for distributed communication |
| CN110401696A (en) * | 2019-06-18 | 2019-11-01 | 华为技术有限公司 | A kind of method, communication agent, host and the storage medium of decentralization processing |
| CN110673950A (en) * | 2019-08-23 | 2020-01-10 | 广东大杉网络科技有限公司 | Cloud computing task allocation method, device, equipment and storage medium |
| CN111047450A (en) * | 2020-03-18 | 2020-04-21 | 支付宝(杭州)信息技术有限公司 | Method and device for calculating down-link privacy of on-link data |
| CN112199734A (en) * | 2020-09-24 | 2021-01-08 | 北京冲量在线科技有限公司 | Multi-party data circulation system |
| CN112287380A (en) * | 2020-12-24 | 2021-01-29 | 华控清交信息科技(北京)有限公司 | Data processing method and device and data processing device |
| CN112395642A (en) * | 2020-11-20 | 2021-02-23 | 湖南智慧政务区块链科技有限公司 | Secure multi-party privacy calculation method, device, equipment and storage medium |
| CN112839065A (en) * | 2019-11-22 | 2021-05-25 | 北京小米移动软件有限公司 | Information processing method and device, first equipment and storage medium |
| CN112910870A (en) * | 2021-01-22 | 2021-06-04 | 西安电子科技大学 | Collaborative privacy computation data communication method based on block chain |
| CN113434269A (en) * | 2021-06-10 | 2021-09-24 | 湖南天河国云科技有限公司 | Block chain-based distributed privacy calculation method and device |
| CN113434284A (en) * | 2021-08-27 | 2021-09-24 | 华控清交信息科技(北京)有限公司 | Privacy computation server side equipment, system and task scheduling method |
| CN113591113A (en) * | 2021-07-29 | 2021-11-02 | 华控清交信息科技(北京)有限公司 | Privacy calculation method, device and system and electronic equipment |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11941520B2 (en) * | 2020-01-09 | 2024-03-26 | International Business Machines Corporation | Hyperparameter determination for a differentially private federated learning process |
-
2021
- 2021-11-19 CN CN202111409086.XA patent/CN114172958B/en active Active
Patent Citations (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102291467A (en) * | 2011-09-15 | 2011-12-21 | 电子科技大学 | Communication platform and method suitable for private cloud environment |
| CN103685175A (en) * | 2012-09-11 | 2014-03-26 | 腾讯科技(深圳)有限公司 | Method, proxy server and system for sharing logging status between application platform and application |
| CN104917782A (en) * | 2014-03-10 | 2015-09-16 | 上海奇博自动化科技有限公司 | Decentralized charging settlement method in cloud computing environment |
| CN108604202A (en) * | 2016-05-12 | 2018-09-28 | 华为技术有限公司 | The working node of parallel processing system (PPS) is rebuild |
| CN105893158A (en) * | 2016-06-08 | 2016-08-24 | 北京工业大学 | Big data hybrid scheduling model on private cloud condition |
| CN110213230A (en) * | 2019-04-26 | 2019-09-06 | 特斯联(北京)科技有限公司 | A kind of network security verification method and device for distributed communication |
| CN110401696A (en) * | 2019-06-18 | 2019-11-01 | 华为技术有限公司 | A kind of method, communication agent, host and the storage medium of decentralization processing |
| CN110673950A (en) * | 2019-08-23 | 2020-01-10 | 广东大杉网络科技有限公司 | Cloud computing task allocation method, device, equipment and storage medium |
| CN112839065A (en) * | 2019-11-22 | 2021-05-25 | 北京小米移动软件有限公司 | Information processing method and device, first equipment and storage medium |
| CN111047450A (en) * | 2020-03-18 | 2020-04-21 | 支付宝(杭州)信息技术有限公司 | Method and device for calculating down-link privacy of on-link data |
| CN112199734A (en) * | 2020-09-24 | 2021-01-08 | 北京冲量在线科技有限公司 | Multi-party data circulation system |
| CN112395642A (en) * | 2020-11-20 | 2021-02-23 | 湖南智慧政务区块链科技有限公司 | Secure multi-party privacy calculation method, device, equipment and storage medium |
| CN112287380A (en) * | 2020-12-24 | 2021-01-29 | 华控清交信息科技(北京)有限公司 | Data processing method and device and data processing device |
| CN112910870A (en) * | 2021-01-22 | 2021-06-04 | 西安电子科技大学 | Collaborative privacy computation data communication method based on block chain |
| CN113434269A (en) * | 2021-06-10 | 2021-09-24 | 湖南天河国云科技有限公司 | Block chain-based distributed privacy calculation method and device |
| CN113591113A (en) * | 2021-07-29 | 2021-11-02 | 华控清交信息科技(北京)有限公司 | Privacy calculation method, device and system and electronic equipment |
| CN113434284A (en) * | 2021-08-27 | 2021-09-24 | 华控清交信息科技(北京)有限公司 | Privacy computation server side equipment, system and task scheduling method |
Non-Patent Citations (2)
| Title |
|---|
| 一种新型的分布式隐私保护计算模型及其应用;余智欣;黄天戍;杨乃扩;汪阳;;西安交通大学学报(第08期);全文 * |
| 隐私计算研究范畴及发展趋势;李凤华;李晖;贾焰;俞能海;翁健;;通信学报(第04期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114172958A (en) | 2022-03-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108540536B (en) | Block chain-based network mass service processing method, equipment and storage medium | |
| CN110417558B (en) | Signature verification method and device, storage medium and electronic device | |
| CN102792264B (en) | Route is for the request of duplex applications | |
| CN106549878B (en) | Service distribution method and device | |
| CN112613010A (en) | Authentication service method, device, server and authentication service system | |
| CN107517227B (en) | Session implementation method and device for distributed consistency system | |
| US20110258192A1 (en) | Providing question and answer services | |
| CN111083179B (en) | Internet of things cloud platform, and equipment interaction method and device based on same | |
| CN114024972B (en) | Long connection communication method, system, device, equipment and storage medium | |
| CN109101664B (en) | Data transmission method, device, equipment and medium for lightweight node | |
| CN112866421B (en) | Intelligent contract operation method and device based on distributed cache and NSQ | |
| CN114567643B (en) | Cross-blockchain data transfer method, device and related equipment | |
| CN110910143A (en) | Identity identification generation method, device, related node and medium | |
| CN105338016A (en) | Data caching method, device, resource request responding method and device | |
| CN114172958B (en) | Privacy computing node, system, method, device and storage medium | |
| CN106657187A (en) | Message processing method and apparatus thereof | |
| CN109246212B (en) | Multi-bank data interaction implementation method based on long connection | |
| CN106874371A (en) | A kind of data processing method and device | |
| US20130339493A1 (en) | Information feedback method and corresponding server | |
| CN112860805A (en) | Block chain data interaction method and system | |
| CN103580951B (en) | Output comparative approach, test migration householder method and the system of multiple information systems | |
| CN107493254B (en) | TCP message forwarding method, device and system | |
| CN107249019A (en) | Data handling system, method, device and server based on business | |
| da Costa et al. | Securing light clients in blockchain with DLCP | |
| CN105051673A (en) | Network printing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |