CN114817982A - Multi-party computing control method, device and equipment for providing privacy protection - Google Patents

Abstract

The embodiment of the specification discloses a multi-party computing control method, a device and equipment for providing privacy protection. The scheme comprises the following steps: determining a service provider with a central node of a cluster system and a client participant with a working node of the cluster system; determining a streaming computing engine application and an application monitoring service deployed on a working node; initiating a cluster task at a central node according to a specified stream processing rule, sending an instruction to a stream type calculation engine application through the cluster task to instruct the stream type calculation engine application to locally acquire private data of a client participant, and performing desensitization calculation on the private data according to the stream processing rule to obtain desensitization data; communicating with an application monitoring service at a central node to obtain calculation state monitoring data and desensitization data applied to a flow calculation engine; and according to the calculation state monitoring data and the desensitization data, completing multi-party safety calculation of the client participants so that the service provider provides services according to the calculation result.

Description

A multi-party computing control method, device and device for providing privacy protection

technical field

This specification relates to the field of Internet technologies, and in particular, to a multi-party computing control method, device, and device that provide privacy protection.

Background technique

With the development of computer and Internet technology, more and more data appear in various fields of the Internet. As a new energy, data can only generate higher value when it flows. However, due to various reasons, data owners sometimes do not want to disclose the relevant data they own, resulting in the phenomenon of data silos.

To this end, the concept of Secure Multi-party Computation (MPC) is proposed, which aims to realize the flow of data without exposing the privacy of each data owner. It allows multiple data owners to perform collaborative calculations without trusting each other, output calculation results, and ensure that no party can obtain any information other than the due calculation results.

In traditional multi-party secure computing, the service provider that provides collaborative services is secure by default. Each data owner needs to arrange and deploy relevant content locally. Once the content is modified, it needs to be redeployed. However, these deployment processes and subsequent computing processes are often passively controlled and managed by various data owners, which affects the efficiency of cooperation. Not only that, during the computing process, the data owned by the data owners may still pass through the services that provide collaborative services. Fang leaked out.

Based on this, a more efficient and practical multi-party computing control scheme that can provide privacy protection is required.

SUMMARY OF THE INVENTION

One or more embodiments of this specification provide a multi-party computing control method, apparatus, device, and storage medium that provide privacy protection, to solve the following technical problem: a more efficient and practical multi-party computing control scheme that can provide privacy protection is required.

To solve the above technical problems, one or more embodiments of the present specification are implemented as follows:

One or more embodiments of this specification provide a multi-party computing control method for providing privacy protection, including:

Determine the service provider that deploys the central node of the cluster system, and the client participant that deploys the worker nodes of the cluster system;

Determine the stream computing engine application and application monitoring service deployed on the worker node;

According to the specified stream processing rule, a cluster task is initiated at the central node, and an instruction is sent to the streaming computing engine application through the cluster task to instruct the streaming computing engine application to obtain the client participant locally. private data, and perform desensitization calculation on the private data according to the stream processing rules to obtain desensitized data;

Communicate with the application monitoring service at the central node to obtain the computing state monitoring data and the desensitization data applied to the streaming computing engine;

According to the computing state monitoring data and the desensitization data, the multi-party security calculation of the customer participant is completed, so that the service provider provides services according to the result of the multi-party security calculation.

One or more embodiments of this specification provide a multi-party computing control device that provides privacy protection, including:

a first deployment module, which determines the service provider deployed with the central node of the cluster system, and the client participant deployed with the working nodes of the cluster system;

The second deployment module determines the streaming computing engine application and application monitoring service deployed on the worker node;

The task initiating module, according to the specified stream processing rule, initiates a cluster task at the central node, and sends an instruction to the streaming computing engine application through the cluster task to instruct the streaming computing engine application to obtain all the data locally. the private data of the customer participant, and perform desensitization calculation on the private data according to the stream processing rules to obtain desensitized data;

a data acquisition module, which communicates with the application monitoring service at the central node, and obtains the computing state monitoring data and the desensitization data applied to the streaming computing engine;

The service providing module, according to the calculation state monitoring data and the desensitization data, completes the multi-party security calculation of the customer participant, so that the service provider provides services according to the result of the multi-party security calculation.

One or more embodiments of this specification provide a multi-party computing control device that provides privacy protection, including:

at least one processor; and,

a memory communicatively coupled to the at least one processor; wherein,

The memory stores instructions executable by the at least one processor, the instructions being executed by the at least one processor to enable the at least one processor to:

Determine the service provider that deploys the central node of the cluster system, and the client participant that deploys the worker nodes of the cluster system;

Determine the stream computing engine application and application monitoring service deployed on the worker node;

According to the specified stream processing rule, a cluster task is initiated at the central node, and an instruction is sent to the streaming computing engine application through the cluster task to instruct the streaming computing engine application to obtain the client participant locally. private data, and perform desensitization calculation on the private data according to the stream processing rules to obtain desensitized data;

Communicate with the application monitoring service at the central node to obtain the computing state monitoring data and the desensitization data applied to the streaming computing engine;

According to the computing state monitoring data and the desensitization data, the multi-party security calculation of the customer participant is completed, so that the service provider provides services according to the result of the multi-party security calculation.

A non-volatile computer storage medium provided by one or more embodiments of this specification stores computer-executable instructions, and the computer-executable instructions are set to:

Determine the service provider that deploys the central node of the cluster system, and the client participant that deploys the worker nodes of the cluster system;

Determine the stream computing engine application and application monitoring service deployed on the worker node;

According to the specified stream processing rule, a cluster task is initiated at the central node, and an instruction is sent to the streaming computing engine application through the cluster task to instruct the streaming computing engine application to obtain the client participant locally. private data, and perform desensitization calculation on the private data according to the stream processing rules to obtain desensitized data;

Communicate with the application monitoring service at the central node to obtain the computing state monitoring data and the desensitization data applied to the streaming computing engine;

According to the computing state monitoring data and the desensitization data, the multi-party security calculation of the customer participant is completed, so that the service provider provides services according to the result of the multi-party security calculation.

The above-mentioned at least one technical solution adopted by one or more embodiments of this specification can achieve the following beneficial effects:

According to the service provider and customer participants, the central node and the worker node are respectively deployed, and the cluster system is constructed. Using the streaming computing engine application and application monitoring service on the cluster system, cluster tasks can be quickly deployed and delivered, and task monitoring and uploading can be implemented, enabling the system to quickly iterate statistical logic and generalize services for various monitoring scenarios. And only through the instructions in the cluster task, the calculation rules of the stream computing engine application can be modified without redeployment, which reduces the development and maintenance cost, improves the computing efficiency, strengthens the centralized control, and improves the initiative. In addition, the system operation processing logic is completed at the customer participant, and only the desensitized data and the calculation results after stream computing are returned to the service provider, avoiding the privacy leakage and supervision risks caused by the original private data going out of the domain, thus ensuring On the basis of providing privacy protection, multi-party computing control is realized.

Description of drawings

In order to more clearly illustrate the technical solutions in the embodiments of the present specification or the prior art, the following briefly introduces the accompanying drawings required in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only These are some embodiments described in this specification. For those of ordinary skill in the art, other drawings can also be obtained according to these drawings without creative labor.

1 is a schematic flowchart of a multi-party computing control method for providing privacy protection provided by one or more embodiments of this specification;

FIG. 2 is a schematic diagram of a stream computing engine application in an application scenario provided by one or more embodiments of this specification;

FIG. 3 is a schematic diagram of a business execution flow in an application scenario provided by one or more embodiments of this specification;

4 is a schematic structural diagram of a multi-party computing control device that provides privacy protection according to one or more embodiments of this specification;

FIG. 5 is a schematic structural diagram of a multi-party computing control device that provides privacy protection according to one or more embodiments of this specification.

Detailed ways

The embodiments of this specification provide a multi-party computing control method, apparatus, device, and storage medium that provide privacy protection.

In order to make those skilled in the art better understand the technical solutions in this specification, the technical solutions in the embodiments of this specification will be clearly and completely described below with reference to the accompanying drawings in the embodiments of this specification. Obviously, the described The embodiments are only a part of the embodiments of the present application, but not all of the embodiments. Based on the embodiments of the present specification, all other embodiments obtained by persons of ordinary skill in the art without creative efforts shall fall within the scope of protection of the present application.

FIG. 1 is a schematic flowchart of a multi-party computing control method for providing privacy protection according to one or more embodiments of this specification. The method can be applied to different business fields, for example, the Internet financial business field, the e-commerce business field, the instant messaging business field, the game business field, the official business field, and the like. The process can be performed by computing devices in the corresponding field, and certain input parameters or intermediate results in the process allow manual intervention adjustments to help improve accuracy.

The flow in Figure 1 can include the following steps:

S102: Determine the service provider on which the central node of the cluster system is deployed, and the client participant on which the worker nodes of the cluster system are deployed.

A cluster refers to a group of nodes, which can be physical servers or virtual machines, at least including a central node and a worker node.

The worker node belongs to the client participant, and the client participant is the data owner, which owns the relevant data for multi-party computation, and can perform corresponding work on the data (for example, computing, transmitting, storing the data, etc.). The central node belongs to the service provider, the service provider refers to the party that provides services for other nodes, such as providing management services, configuration services, etc. for the working nodes, or, for actual users (actual users refer to the (users who handle the business of the party or service provider) to provide business services. Of course, this business service is usually related to the result of a multi-party computation.

S104: Determine the stream computing engine application (hereinafter referred to as the engine application) and the application monitoring service deployed on the worker node.

Streaming data refers to a series of dynamic data aggregates that are infinite in time distribution and quantity. The value of the data decreases with the passage of time, so it must be calculated in real time to give a fast response. Stream computing is a computing mode that performs real-time computing processing on stream data, and engine applications are used to perform stream computing applications.

The engine application is deployed on the worker nodes, which can perform streaming computations on the data to be computed on the worker nodes. An application monitoring service is also deployed on the worker node to monitor the working status of the engine application and the processed data. For example, it can determine whether the working status of the engine application is abnormal, and obtain the calculation results of the data. Here, it can be packaged as a standard framework application in the form of binary binary to obtain an engine application, and the cluster system framework starts the engine application and application monitoring service on the worker nodes that need streaming computing.

S106: Initiate a cluster task at the central node according to the specified stream processing rule, and send an instruction to the streaming computing engine application through the cluster task to instruct the streaming computing engine application to obtain the client locally The private data of the participant is obtained, and desensitization calculation is performed on the private data according to the stream processing rules to obtain desensitized data.

The cluster task is generated and initiated by the central node, and the cluster task carries the corresponding parameters. Its main function is to control the multi-party computation. For example, according to the cluster task, instructions are sent to each engine application to control the opening and closing of the engine application, calculate the data, and return the calculation result to the central node.

Private data refers to the data owned by the customer participant. Generally speaking, the customer participant wants to use the data for multi-party computation, but it usually contains some private data (for example, the customer participant's own business data, other The user data of the corresponding actual users, etc.), the customer participants do not want to disclose these data and use it for multi-party computing.

Based on this, after the engine application obtains the private data of the client participant locally on the worker node, it desensitizes the private data according to the stream processing rules, and processes some of the data involving privacy, so that others cannot obtain the privacy. . For example, for image data, part of the area can be blurred; for text data, part of the data can be invalidated (replacing characters with symbols such as "*"), converted to random values, data encryption, etc.; For audio data, part of the content can be muted.

S108: Communicate with the application monitoring service at the central node to obtain computing state monitoring data and the desensitization data for the streaming computing engine application.

The computing status monitoring data is usually continuous. The central node needs to collect the computing status monitoring data in real time to ensure whether the working status of the engine application is abnormal. If there is an abnormality, it can respond quickly. The desensitized data is usually not persistent, and is obtained based on the needs of actual users. For example, an actual user initiates a business requirement at the service provider, and the service provider initiates a cluster task through the business requirement, and sends instructions to the engine application in each worker node. At this time, the engine application obtains private data, and after desensitization calculation, Return desensitized data to the central node. Since business requirements are not continuous, the acquisition of the desensitized data is usually not continuous.

S110: According to the calculation state monitoring data and the desensitization data, complete the multi-party security calculation of the customer participant, so that the service provider provides a service according to the result of the multi-party security calculation.

At this time, the central node helps each worker node to complete multi-party security computing, for example, provides the deployment and monitoring services of engine applications, and obtains and organizes desensitized data. Here, it can be considered that it has provided services for multi-party security computing. Of course, in the subsequent service execution process, the service provider can also continue to provide relevant services for actual users who execute the service based on the calculation result of the multi-party secure calculation.

The system operation and processing logic is completed at the customer participant, and only the desensitized data and the calculation results after stream computing are returned to the service provider, avoiding the privacy leakage and supervision risks caused by the original private data going out of the domain.

Based on the method of FIG. 1 , the present specification also provides some specific embodiments and expansion schemes of the method, and the description will continue below.

In one or more embodiments of this specification, in order to ensure the efficiency of the engine application deployment process, the cluster may be a platform for automating container operations, for example, a kubernetes cluster (also referred to as a k8s cluster). The kubernetes cluster can deploy, replicate, schedule nodes, and expand or shrink the container size at any time, organize containers into groups, provide load balancing between containers, provide container elasticity, and expand between node clusters, which is very convenient for the deployment process. .

Based on this, obtain the command line CLI interface of the engine application, initiate a cluster task (kubernetes job) on the central node according to the specified stream processing rules, and send an instruction to the CLI interface through the kubernetes job. The engine application starts after receiving the instruction. And start the stream computation of the private data according to the stream computation task parameters carried in the instruction. Among them, the stream computing task parameters are mainly used to guide the engine application how to perform data computation, such as which data to sum, integrate, and modulate.

Further, after the central node sends the instruction, the engine application starts to perform stream computing. At this time, the application monitoring service is started synchronously to monitor the stream computing process of the application, for example, to monitor whether the working status of the engine application is abnormal, and whether the engine application is calculated according to the stream computing task parameters carried in the instruction. If there is an abnormality, it can be reported to the central node, and the central node will handle it in time.

At this time, the central node receives the computing status monitoring data and desensitization data of the engine application reported by the application monitoring service through a gateway (such as a gateway, which is a restful API gateway based on the http protocol and can be used as a unified API access layer). Then upload it to the system framework API service for the framework API control engine application. Among them, the framework API service refers to the interface obtained by customizing the interface based on the corresponding framework.

In one or more embodiments of this specification, as mentioned above, desensitization calculation is performed through an engine application, so as to perform privacy protection on the data of customer participants. However, in fact, the protection here is limited to protecting private data from leakage due to multi-party computing. If the leakage of private data is caused by the local security problem of the engine application, desensitization calculation is difficult to achieve privacy protection effect.

Based on this, after receiving the desensitized data, the framework API service will not use the desensitized data to perform multi-party security calculations immediately, but instead generate simulated data for customer participants through the desensitized data. The simulated data means that after desensitization calculation is performed on the simulated data, data similar to or even the same as the simulated data can be obtained, and the similarity means that the degree of difference between the data and the desensitized data is lower than a preset threshold. For example, the original private data is the ID number "123456789", and the desensitized data obtained after desensitization calculation is "123***789". At this time, the generated simulated data is "123000789". After desensitization calculation The obtained data is "123***789", which is the same as the previous desensitization data. Of course, if the data is different from the desensitization data, but similar, it can also have a certain effect. It should be noted that the data exemplified here is only for the convenience of explanation, and does not mean that the actual ID number is as shown above.

Among them, the simulated data can be obtained after a certain degree of transformation according to the private data that can be obtained. However, the customer participant usually does not directly transmit the private data to the service provider. In this case, the desensitization data can be reversed The way to compile, to get the simulation data. For example, still taking the ID number in the above as an example, the service provider can only get the desensitized data "123***789", and after decompiling it, it can get a variety of possibilities. The desensitization data can be obtained through desensitization calculation, and at this time, one or more possibilities are selected from them as simulation data.

After the simulation data is obtained, when the calculation state monitoring data conforms to the predetermined condition, the simulation data is injected into the engine application, and the engine application processes the simulation data as part of the input stream of private data. A part of the simulated data is mixed with the private data. Even if the private data is really leaked in the engine application, the existence of this part of the simulated data will make it difficult for the illegal data acquirer to carry out illegal activities based on the private data obtained. In addition, since the calculation result of the desensitization calculation of the simulated data is similar to the desensitization data, it will not have much influence on the calculation result of the final multi-party security calculation. Of course, in order to ensure the accuracy of the calculation results, the simulated data can be used for a certain period of time. For example, one simulated data can only be used for one day.

Wherein, the predetermined situation is determined according to the calculation state monitoring data. The calculation status monitoring data is mainly used to monitor whether the calculation of the engine application is abnormal. If there is an abnormality, simulation data can be generated. For example, when an engine application is attacked, some data may fluctuate to a certain degree (for example, some data are frequently accessed and acquired in a short period of time). Part of the data generates similar simulated data. Of course, the current computing state can also be evaluated according to the computing state monitoring data, and if the evaluation result considers that there is a risk of abnormality, it can also be regarded as a predetermined situation. For example, when a certain type of data in the private data is sparsely distributed and its samples are relatively scarce in the space where it is located, once it is attacked, the specified data in this type of data is more likely to be obtained directly, and it is also easier for the attacker to obtain the specified data directly. The number of samples is quickly screened; or, if this type of data is accessed for a long time, the probability of being attacked will also increase.

Further, after sending an instruction to the engine application to add the simulated data, it can continue to send the instruction to the engine application. If the engine application verifies that the simulated data corresponding to the private data already exists locally, the private data is replaced with the simulated data. Compared with the doping method, directly replacing the private data with the simulated data can achieve a better effect of preventing leakage of privacy, but it will bring about a decrease in the accuracy of the calculation results. During the process, data replacement is required. For example, it can be determined whether data replacement is required based on the risk level of the current predetermined situation (for example, if an abnormality has occurred, it is the highest risk level; if there is no abnormality, the risk level is divided according to the actual situation). As much as possible to ensure the accuracy of the final calculation results.

In one or more embodiments of this specification, before deploying an engine application to a worker node, it needs to be constructed first, which can be constructed through kubernetes as mentioned above.

Specifically, FIG. 2 is a schematic diagram of a stream computing engine application in an application scenario provided by one or more embodiments of this specification. Get the SQL parser and calculation rule parser to build the instruction parsing layer (SQL/Rule Parser) of the central node. Among them, the SQL parser is used to determine which data needs to be obtained from which customer participants, and the calculation rule parser is used to determine how to perform calculation processing on these data. Get the SQL processor to build the execution plan generation layer. Get the Streaming runtime and SQL runtime to build the plan execution layer. At this time, through the containerized application deployment capability of the kubernetes cluster, the instruction parsing layer, the execution plan generation layer, and the plan execution layer are packaged on the worker nodes, and the engine application can be obtained. Of course, the engine application may also include a data storage layer (storage), a data source layer (sources), a data sink layer (sinks), and the like. Among them, the data source of the data source layer can obtain data through message queue MQ and message queue MQTT, and the data of the data sink layer can sink data through message queue MQTT, HTTP, File and other methods. It provides a complete authority audit and certificate storage scheme, which effectively prevents security risks.

Based on this, in the process of sending the command, a SQL query command is sent to the CLI interface through the kubernetes job, instructing to enable streaming computing of the private data queried through the SQL query command. Wherein, if the stream computing task parameter is not included in the SQL query instruction, a description file is generated, the description file includes the stream computing task parameter, and the description file is sent to the CLI interface. If the parameters of the subsequent streaming computing tasks change, with the help of the kubernetes-like system framework, by initiating a kubernetes job (it should be noted that the kubernetes job can be the same as the kubernetes job that sends the SQL query command in this embodiment, It can also be newly generated) modify the description file to complete the change of the parameters of the streaming computing task, realize the rapid deployment of iterative processing logic, decouple the system, enhance the robustness of the system and reduce the deployment cost.

FIG. 3 is a schematic diagram of a service execution flow in an application scenario provided by one or more embodiments of this specification. Here, the solution in this article is explained for a common business scenario. In this business scenario, the private data of the customer participant is the business data of the actual user served by the customer participant, and the desensitized data is used to determine the credit status of the actual user. For example, the customer participant is the bank, and the service provider is the credit Query platform.

Actual users want to query their own credit status, initiate business requirements on the credit query platform, trigger the framework API service, and the framework API service generates and sends SQL query commands to the engine application. After the engine application receives it, it parses the instruction through the instruction parsing layer, and performs desensitization calculation and streaming calculation according to the private data obtained from the log file (for example, the stream data obtained from the log file through the data flow module fluent module). The calculation results are uploaded to the gateway of the central node, and during the calculation process, the running status is reported to the gateway of the central node through the application monitoring service. When the gateway reports its own running status to the framework API service, it reports the obtained data statistics and performs subsequent processing, obtains the credit status for the actual user, and displays it to the actual user.

In this business scenario, the user's credit score usually does not change drastically in a short period of time, which has a certain hysteresis (for example, after the user owes money, the credit score does not change immediately, but when the user owes money The change in credit score will only occur after the payment has not been returned for a certain period of time). Therefore, this business scenario is especially suitable for the above-mentioned method of generating simulated data and mixing or replacing it with private data. privacy protection.

Based on the same idea, one or more embodiments of the present specification also provide apparatuses and devices corresponding to the above methods, as shown in FIG. 4 and FIG. 5 .

FIG. 4 is a schematic structural diagram of a multi-party computing control device for providing privacy protection according to one or more embodiments of the present specification, and the device includes:

The first deployment module 402, which determines the service provider on which the central node of the cluster system is deployed, and the client participant on which the working node of the cluster system is deployed;

The second deployment module 404 determines the streaming computing engine application and application monitoring service deployed on the worker node;

The task initiating module 406, according to the specified stream processing rule, initiates a cluster task at the central node, and sends an instruction to the streaming computing engine application through the cluster task to instruct the streaming computing engine application to obtain locally the private data of the customer participant, and perform desensitization calculation on the private data according to the stream processing rule to obtain desensitized data;

A data acquisition module 408, which communicates with the application monitoring service at the central node, and obtains the computing state monitoring data and the desensitization data of the streaming computing engine application;

The service providing module 410, according to the calculation state monitoring data and the desensitization data, completes the multi-party security calculation of the client participants, so that the service provider provides services according to the result of the multi-party security calculation.

Optionally, the cluster is a kubernetes cluster;

The task initiating module 406 obtains the command line CLI interface of the streaming computing engine application;

According to the specified stream processing rule, a kubernetes job is initiated at the central node, and the instruction for enabling streaming computing and the streaming computing task parameters are sent to the CLI interface through the kubernetes job, so that the streaming computing engine application can follow the The streaming computing task parameter initiates streaming computing on the private data.

Optionally, a synchronization monitoring module 412 is further included, when the instruction for enabling streaming computing is sent, the application monitoring service is started synchronously, so that the application monitoring service monitors the process of the streaming computing;

The data acquisition module 408 receives, through the gateway of the central node, the computing state monitoring data and the desensitization data for the streaming computing engine application reported by the application monitoring service;

The computing state monitoring data reported by the gateway is received through the framework API service of the central node, so that the framework API service controls the streaming computing engine application.

Optionally, in the data acquisition module 408, the framework API service generates simulated data for the client participant according to the desensitization data, so that the simulated data can be obtained through the desensitization calculation and the desensitization calculation. Data similar to desensitized data;

When the computing state monitoring data meets a predetermined condition, inject the simulated data into the streaming computing engine application, so that the streaming computing engine application processes the simulated data as a part of the data in the input stream, The input stream contains the private data of the corresponding client participant.

Optionally, it also includes a simulated data replacement module 414, which sends an instruction to the streaming computing engine application through the cluster task to instruct the streaming computing engine application to verify whether there is a local data corresponding to the private data. simulated data;

If so, replace the private data with the simulated data, so as to generate desensitized data for the actual user corresponding to the private data.

Optionally, a cluster building module 416 is also included to obtain an SQL parser and a calculation rule parser for constructing a central node instruction parsing layer;

Get the SQL processor for building the execution plan generation layer;

Get the stream runtime and SQL runtime for building the plan execution layer;

Through the containerized application deployment capability of the kubernetes cluster, the instruction parsing layer, the execution plan generation layer, and the plan execution layer are packaged on the worker node to obtain the stream computing engine application.

Optionally, the cluster building module 416 sends an SQL query instruction to the CLI interface through the kubernetes job, to instruct to start streaming computing on the private data queried through the SQL query instruction;

If the SQL query instruction does not contain the streaming computing task parameters corresponding to the streaming computing, a description file containing the streaming computing task parameters is generated, and the description file is sent to the CLI interface. When the parameters of the streaming computing task change, modify the description file through the kubernetes job.

Optionally, the private data of the customer participant is business data of an actual user served by the customer participant, and the desensitization data is used to determine the credit status of the actual user.

FIG. 5 is a schematic structural diagram of a multi-party computing control device that provides privacy protection according to one or more embodiments of this specification, and the device includes:

at least one processor; and,

a memory communicatively coupled to the at least one processor; wherein,

The memory stores instructions executable by the at least one processor, the instructions being executed by the at least one processor to enable the at least one processor to:

Determine the service provider that deploys the central node of the cluster system, and the client participant that deploys the worker nodes of the cluster system;

Determine the stream computing engine application and application monitoring service deployed on the worker node;

According to the specified stream processing rule, a cluster task is initiated at the central node, and an instruction is sent to the streaming computing engine application through the cluster task to instruct the streaming computing engine application to obtain the client participant locally. private data, and perform desensitization calculation on the private data according to the stream processing rules to obtain desensitized data;

Communicate with the application monitoring service at the central node to obtain the computing state monitoring data and the desensitization data applied to the streaming computing engine;

According to the computing state monitoring data and the desensitization data, the multi-party security calculation of the customer participant is completed, so that the service provider provides services according to the result of the multi-party security calculation.

Based on the same idea, one or more embodiments of this specification also provide a non-volatile computer storage medium corresponding to the above method, storing computer-executable instructions, and the computer-executable instructions are set to:

Determine the service provider that deploys the central node of the cluster system, and the client participant that deploys the worker nodes of the cluster system;

Determine the stream computing engine application and application monitoring service deployed on the worker node;

According to the specified stream processing rule, a cluster task is initiated at the central node, and an instruction is sent to the streaming computing engine application through the cluster task to instruct the streaming computing engine application to obtain the client participant locally. private data, and perform desensitization calculation on the private data according to the stream processing rules to obtain desensitized data;

Communicate with the application monitoring service at the central node to obtain the computing state monitoring data and the desensitization data applied to the streaming computing engine;

According to the computing state monitoring data and the desensitization data, the multi-party security calculation of the customer participant is completed, so that the service provider provides services according to the result of the multi-party security calculation.

In the 1990s, improvements in a technology could be clearly differentiated between improvements in hardware (for example, improvements in circuit structures such as diodes, transistors, switches, etc.) or improvements in software (improvements in method flow). However, with the development of technology, the improvement of many methods and processes today can be regarded as a direct improvement of the hardware circuit structure. Designers almost get the corresponding hardware circuit structure by programming the improved method flow into the hardware circuit. Therefore, it cannot be said that the improvement of a method flow cannot be realized by hardware entity modules. For example, a Programmable Logic Device (PLD) (eg, Field Programmable Gate Array (FPGA)) is an integrated circuit whose logic function is determined by user programming of the device. It is programmed by the designer to "integrate" a digital system on a PLD without having to ask a chip manufacturer to design and manufacture a dedicated integrated circuit chip. And, instead of making integrated circuit chips by hand, these days, much of this programming is done using software called a "logic compiler", which is similar to the software compiler used in program development and writing, but before compiling The original code of the device must also be written in a specific programming language, which is called Hardware Description Language (HDL), and there is not only one HDL, but many kinds, such as ABEL (Advanced Boolean Expression Language) , AHDL (Altera Hardware Description Language), Confluence, CUPL (Cornell University Programming Language), HDCal, JHDL (Java Hardware Description Language), Lava, Lola, MyHDL, PALASM, RHDL (RubyHardware Description Language), etc. The most commonly used are VHDL (Very-High-Speed Integrated Circuit Hardware Description Language) and Verilog. It should also be clear to those skilled in the art that a hardware circuit for implementing the logic method process can be easily obtained by simply programming the method process in the above-mentioned several hardware description languages and programming it into the integrated circuit.

The controller may be implemented in any suitable manner, for example, the controller may take the form of eg a microprocessor or processor and a computer readable medium storing computer readable program code (eg software or firmware) executable by the (micro)processor , logic gates, switches, application specific integrated circuits (ASICs), programmable logic controllers and embedded microcontrollers, examples of controllers include but are not limited to the following microcontrollers: ARC625D, Atmel AT91SAM, Microchip PIC18F26K20 and Silicon Labs C8051F320, the memory controller can also be implemented as part of the control logic of the memory. Those skilled in the art also know that, in addition to implementing the controller in the form of pure computer-readable program code, the controller can be implemented as logic gates, switches, application-specific integrated circuits, programmable logic controllers and embedded devices by logically programming the method steps. The same function can be realized in the form of a microcontroller, etc. Therefore, such a controller can be regarded as a hardware component, and the devices included therein for realizing various functions can also be regarded as a structure within the hardware component. Or even, the means for implementing various functions can be regarded as both a software module implementing a method and a structure within a hardware component.

The systems, devices, modules or units described in the above embodiments may be specifically implemented by computer chips or entities, or by products with certain functions. A typical implementation device is a computer. Specifically, the computer can be, for example, a personal computer, a laptop computer, a cellular phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or A combination of any of these devices.

For the convenience of description, when describing the above device, the functions are divided into various units and described respectively. Of course, when implementing this specification, the functions of each unit may be implemented in one or more software and/or hardware.

As will be appreciated by one skilled in the art, the embodiments of the present specification may be provided as a method, a system, or a computer program product. Accordingly, embodiments of this specification may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present specification may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.

The specification is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the specification. It will be understood that each flow and/or block in the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to the processor of a general purpose computer, special purpose computer, embedded processor or other programmable data processing device to produce a machine such that the instructions executed by the processor of the computer or other programmable data processing device produce Means for implementing the functions specified in a flow or flow of a flowchart and/or a block or blocks of a block diagram.

These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory result in an article of manufacture comprising instruction means, the instructions The apparatus implements the functions specified in the flow or flow of the flowcharts and/or the block or blocks of the block diagrams.

These computer program instructions can also be loaded on a computer or other programmable data processing device to cause a series of operational steps to be performed on the computer or other programmable device to produce a computer-implemented process such that The instructions provide steps for implementing the functions specified in the flow or blocks of the flowcharts and/or the block or blocks of the block diagrams.

In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.

Memory may include non-persistent memory in computer readable media, random access memory (RAM) and/or non-volatile memory in the form of, for example, read only memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.

Computer-readable media includes both persistent and non-permanent, removable and non-removable media, and storage of information may be implemented by any method or technology. Information may be computer readable instructions, data structures, modules of programs, or other data. Examples of computer storage media include, but are not limited to, phase-change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read only memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), Flash Memory or other memory technology, Compact Disc Read Only Memory (CD-ROM), Digital Versatile Disc (DVD) or other optical storage, Magnetic tape cassettes, magnetic tape magnetic disk storage or other magnetic storage devices or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, computer-readable media does not include transitory computer-readable media, such as modulated data signals and carrier waves.

It should also be noted that the terms "comprising", "comprising" or any other variation thereof are intended to encompass a non-exclusive inclusion such that a process, method, article or device comprising a series of elements includes not only those elements, but also Other elements not expressly listed, or which are inherent to such a process, method, article of manufacture, or apparatus are also included. Without further limitation, an element qualified by the phrase "comprising a..." does not preclude the presence of additional identical elements in the process, method, article of manufacture, or device that includes the element.

This specification may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The specification can also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including storage devices.

Each embodiment in this specification is described in a progressive manner, and the same and similar parts between the various embodiments may be referred to each other, and each embodiment focuses on the differences from other embodiments. In particular, for the apparatus, equipment, and non-volatile computer storage medium embodiments, since they are basically similar to the method embodiments, the description is relatively simple, and reference may be made to some descriptions of the method embodiments for related parts.

The foregoing describes specific embodiments of the present specification. Other embodiments are within the scope of the appended claims. In some cases, the actions or steps recited in the claims can be performed in an order different from that in the embodiments and still achieve desirable results. Additionally, the processes depicted in the figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.

The above descriptions are merely one or more embodiments of the present specification, and are not intended to limit the present specification. Various modifications and variations of the one or more embodiments of this specification are possible for those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of one or more embodiments of this specification should be included within the scope of the claims of this specification.

Claims (17)

1. A multi-party computing control method providing privacy protection, comprising:

determining a service provider with a central node of a cluster system and a client participant with a working node of the cluster system;

determining a streaming compute engine application and an application monitoring service deployed on the worker node;

initiating a cluster task at the central node according to a specified stream processing rule, sending an instruction to the stream type calculation engine application through the cluster task to instruct the stream type calculation engine application to locally acquire private data of the client participant, and performing desensitization calculation on the private data according to the stream processing rule to obtain desensitization data;

communicating with the application monitoring service at the central node to obtain computing state monitoring data and desensitization data applied to the streaming computing engine;

and according to the calculation state monitoring data and the desensitization data, completing the multi-party security calculation of the client participants so that the service provider provides services according to the result of the multi-party security calculation.

2. The method of claim 1, the cluster being a kubernets cluster;

the initiating a cluster task at the central node according to the specified stream processing rule, and sending an instruction to the stream type calculation engine application through the cluster task specifically includes:

acquiring a command line CLI (common line interface) of the streaming computing engine application;

according to a specified flow processing rule, a kubernetes jobis initiated at the central node, and an instruction for starting flow calculation and flow calculation task parameters are sent to the CLI through the kubernetes jobso that the flow calculation engine application starts flow calculation of the private data according to the flow calculation task parameters.

3. The method of claim 2, further comprising:

when the instruction for starting the stream-oriented computation is sent, the application monitoring service is synchronously started so that the application monitoring service monitors the process of the stream-oriented computation;

the communicating with the application monitoring service at the central node to obtain the calculation state monitoring data and the desensitization data applied to the streaming calculation engine specifically includes:

receiving, by the gateway of the central node, computation state monitoring data and desensitization data for the streaming computation engine application, which are reported by the application monitoring service;

and receiving the calculation state monitoring data reported by the gateway through the framework API service of the central node so that the framework API service controls the application of the streaming calculation engine.

4. The method of claim 3, wherein the framework API service controls the streaming computing engine application, and specifically comprises:

the framework API service generates simulation data for the client participant according to the desensitization data, so that the simulation data can obtain data similar to the desensitization data through desensitization calculation;

and when the calculation state monitoring data meet a preset condition, injecting the simulation data into the streaming calculation engine application so as to enable the streaming calculation engine application to process the simulation data as part of data in an input stream, wherein the input stream contains private data of a corresponding client participant.

5. The method of claim 4, after the central node initiates a cluster task, the method further comprising:

sending, by the cluster task, an instruction to the streaming computing engine application to instruct the streaming computing engine application to check whether simulated data corresponding to the private data already exists locally;

and if so, replacing the private data with the simulation data for generating desensitization data for the actual user corresponding to the private data.

6. The method of claim 2, the determining prior to the streaming compute engine application deployed on the worker node, the method further comprising:

acquiring an SQL parser and a calculation rule parser, and constructing a central node instruction parsing layer;

an acquisition SQL processor for constructing an execution plan generation layer;

acquiring a stream runtime and an SQL runtime, and constructing a plan execution layer;

packing the instruction analysis layer, the execution plan generation layer and the plan execution layer on the working node through the containerization application deployment capacity of the kubernets cluster to obtain the stream type computing engine application.

7. The method of claim 6, wherein the sending of the instruction for starting streaming computation and the streaming computation task parameter to the CLI interface through the kubernetes jobincludes:

sending an SQL query instruction to the CLI through the kubernets jobto indicate to start streaming calculation of private data obtained through query of the SQL query instruction;

if the SQL query instruction does not contain the streaming computing task parameters corresponding to the streaming computing, generating a description file containing the streaming computing task parameters, sending the description file to the CLI, and modifying the description file through kubernets joba when the streaming computing task parameters are changed.

8. A method according to any one of claims 1 to 7 wherein the private data of the customer party is business data of an actual user served by the customer party, the desensitization data being used to determine the credit status of the actual user.

9. A multi-party computing control device providing privacy protection, comprising:

the first deployment module is used for determining a service provider with a central node of the cluster system and a client participant with a working node of the cluster system;

the second deployment module is used for determining the streaming computing engine application and the application monitoring service deployed on the working node;

the task initiating module initiates a cluster task at the central node according to a specified stream processing rule, sends an instruction to the stream type calculation engine application through the cluster task to instruct the stream type calculation engine application to locally acquire the private data of the client participant, and performs desensitization calculation on the private data according to the stream processing rule to obtain desensitization data;

the data acquisition module is used for communicating with the application monitoring service at the central node to obtain the calculation state monitoring data and the desensitization data applied to the streaming calculation engine;

and the service providing module is used for finishing the multi-party security calculation of the client participants according to the calculation state monitoring data and the desensitization data so that the service provider provides services according to the result of the multi-party security calculation.

10. The apparatus of claim 9, the cluster being a kubernets cluster;

the task initiating module acquires a command line CLI (common line interface) of the streaming computing engine application;

according to a specified flow processing rule, a kubernetes jobis initiated at the central node, and an instruction for starting flow calculation and flow calculation task parameters are sent to the CLI through the kubernetes jobso that the flow calculation engine application starts flow calculation of the private data according to the flow calculation task parameters.

11. The apparatus of claim 10, further comprising a synchronization monitoring module that, when the instruction to start streaming computation is sent, synchronously starts the application monitoring service so that the application monitoring service monitors the process of the streaming computation;

the data acquisition module receives the calculation state monitoring data and the desensitization data applied to the streaming calculation engine reported by the application monitoring service through a gateway of the central node;

and receiving the calculation state monitoring data reported by the gateway through the framework API service of the central node so that the framework API service controls the application of the streaming calculation engine.

12. The apparatus of claim 11, the data acquisition module, the framework API service to generate simulation data for the customer participant based on the desensitization data such that the simulation data is accessible to data similar to the desensitization data via the desensitization calculation;

and when the calculation state monitoring data meet a preset condition, injecting the simulation data into the streaming calculation engine application so as to enable the streaming calculation engine application to process the simulation data as part of data in an input stream, wherein the input stream contains private data of a corresponding client participant.

13. The apparatus of claim 12, further comprising a simulation data replacement module to send, by the cluster task, an instruction to the streaming compute engine application to instruct the streaming compute engine application to check whether simulation data corresponding to the private data already exists locally;

and if so, replacing the private data with the simulation data for generating desensitization data for the actual user corresponding to the private data.

14. The apparatus of claim 10, further comprising a cluster building module that obtains an SQL parser and a computation rules parser for building a central node instruction parsing layer;

an acquisition SQL processor for constructing an execution plan generation layer;

acquiring a stream runtime and an SQL runtime, and constructing a plan execution layer;

packing the instruction analysis layer, the execution plan generation layer and the plan execution layer on the working node through the containerization application deployment capacity of the kubernets cluster to obtain the stream type computing engine application.

15. The apparatus of claim 14, said cluster building module to send an SQL query instruction to said CLI interface via said kubernets joba to indicate to start streaming computation of private data queried via said SQL query instruction;

if the SQL query instruction does not contain the streaming computing task parameters corresponding to the streaming computing, generating a description file containing the streaming computing task parameters, sending the description file to the CLI, and modifying the description file through kubernets joba when the streaming computing task parameters are changed.

16. An apparatus according to any one of claims 9 to 15, the private data of the customer party being business data of an actual user served by the customer party, the desensitization data being used to determine a credit status of the actual user.

17. A multi-party computing control device providing privacy protection, comprising:

at least one processor; and the number of the first and second groups,

a memory communicatively coupled to the at least one processor; wherein,

the memory stores instructions executable by the at least one processor to enable the at least one processor to:

determining a service provider with a central node of a cluster system and a client participant with a working node of the cluster system;

determining a streaming compute engine application and an application monitoring service deployed on the worker node;

initiating a cluster task at the central node according to a specified stream processing rule, sending an instruction to the stream type calculation engine application through the cluster task to instruct the stream type calculation engine application to locally acquire private data of the client participant, and performing desensitization calculation on the private data according to the stream processing rule to obtain desensitization data;

communicating with the application monitoring service at the central node to obtain computing state monitoring data and desensitization data applied to the streaming computing engine;

and according to the calculation state monitoring data and the desensitization data, completing the multi-party security calculation of the client participants so that the service provider provides services according to the result of the multi-party security calculation.

Images