CN115982742A - Service execution method, device, storage medium and electronic equipment - Google Patents
Service execution method, device, storage medium and electronic equipment Download PDFInfo
- Publication number
- CN115982742A CN115982742A CN202211739342.6A CN202211739342A CN115982742A CN 115982742 A CN115982742 A CN 115982742A CN 202211739342 A CN202211739342 A CN 202211739342A CN 115982742 A CN115982742 A CN 115982742A
- Authority
- CN
- China
- Prior art keywords
- key
- user data
- encrypted
- matrix
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The present specification discloses a service execution method, a device, a storage medium, and an electronic apparatus, where the service execution method includes: acquiring encrypted user data required by executing a current service, wherein the encrypted user data is obtained by encrypting initial user data by a client according to a first secret key stored locally at the client and an encryption parameter related to a second secret key, inputting the encrypted user data into a service model constructed in advance so as to determine an encryption execution result corresponding to the encrypted user data through the service model, wherein the encrypted model parameter is deployed in the service model, and the encryption execution result, the relationship between the encrypted model parameter and the encrypted user data satisfy a linear relationship, and sending the encryption execution result to the client so that the client decrypts the encryption execution result according to the second secret key to obtain a decrypted execution result.
Description
Technical Field
The present disclosure relates to the field of computer technologies, and in particular, to a method and an apparatus for executing a service, a storage medium, and an electronic device.
Background
With the development of science and technology, machine learning models can also provide more and more services for users, such as risk monitoring, intention recognition, disease diagnosis and the like, but while the work and life of the users are facilitated by the services, the privacy and safety of the users face huge challenges.
At present, when a user uses a business service provided based on a machine learning model, user data of the user is generally required to be sent to the machine learning model in a plaintext mode so that the model executes a prediction task according to the plaintext data, the process can bring huge hidden dangers to the safety of the user data, and possibly private data of the user can be leaked.
Therefore, how to avoid the parameter of the model from being leaked and protect the privacy and safety of the user in the process of executing the service is an urgent problem to be solved.
Disclosure of Invention
The specification provides a service execution method, a service execution device, a storage medium and an electronic device, so as to protect the privacy and safety of a user and prevent model data from being leaked in the service execution process.
The technical scheme adopted by the specification is as follows:
the present specification provides a service execution method, including:
acquiring encrypted user data required by executing a current service, wherein the encrypted user data is obtained by encrypting initial user data by a client according to a first key stored locally at the client and an encryption parameter related to a second key, and the first key is issued to the client by a server in advance;
inputting the encrypted user data into a service model which is constructed in advance, and determining an encryption execution result corresponding to the encrypted user data through the service model, wherein an encrypted model parameter is deployed in the service model, and the relationship among the encryption execution result, the encrypted model parameter and the encrypted user data satisfies a linear relationship;
and sending the encryption execution result to the client, so that the client decrypts the encryption execution result according to the second key to obtain a decrypted execution result.
Optionally, the constructing the service model specifically includes:
acquiring initial model parameters;
encrypting the initial model parameters through a predetermined third key to obtain encrypted model parameters;
and constructing the service model according to the encrypted model parameters.
Optionally, before obtaining the encrypted user data required for executing the current service, the method further includes:
acquiring a key generation parameter;
and generating an encrypted public key as the third key according to the key generation parameter, generating an encrypted private key corresponding to the encrypted public key as the first key, and issuing the first key to the client for storage.
Optionally, generating an encryption private key corresponding to the encryption public key as the first key specifically includes:
and randomly generating a specified matrix, and determining a first secret key for the user according to the specified matrix and the encrypted private key.
The present specification provides a service execution method, which is applied to a client and includes:
determining initial user data during service execution, and encrypting the initial user data according to a first key stored locally and encryption parameters related to a second key to obtain encrypted user data, wherein the first key is issued to the client by a server in advance;
sending the encrypted user data to the server so that the server determines an encryption execution result corresponding to the encrypted user data through a service model constructed in advance, and sends the encryption execution result to the client, wherein an encrypted model parameter is deployed in the service model, and the encryption execution result, the encrypted model parameter and the encrypted user data satisfy a linear relationship;
and decrypting the encryption execution result according to the second key to obtain a decrypted execution result.
Optionally, before determining the initial user data at the time of service execution, the method further comprises:
randomly generating a first matrix and a second matrix which are reversible matrixes with each other, determining a reversible matrix pair formed by the first matrix and the second matrix, and randomly generating a third matrix and a fourth matrix;
and generating the second key according to the reversible matrix pair, the third matrix and the first matrix.
Optionally, encrypting the initial user data according to a locally stored first key and an encryption parameter related to a second key to obtain encrypted user data, specifically including:
and taking the second matrix, the third matrix and the fourth matrix as the encryption parameters related to the second key, and encrypting the user data according to the second matrix, the third matrix, the fourth matrix and the first key to obtain encrypted user data.
The present specification provides a service execution apparatus, including:
an acquisition module: acquiring encrypted user data required by executing a current service, wherein the encrypted user data is obtained by encrypting initial user data by a client according to a first key stored locally at the client and an encryption parameter related to a second key, and the first key is issued to the client by a server in advance;
an input module: inputting the encrypted user data into a service model which is constructed in advance, and determining an encryption execution result corresponding to the encrypted user data through the service model, wherein an encrypted model parameter is deployed in the service model, and the relationship among the encryption execution result, the encrypted model parameter and the encrypted user data satisfies a linear relationship;
a decryption module: and sending the encryption execution result to the client so that the client decrypts the encryption execution result according to the second key to obtain a decrypted execution result.
Optionally, the apparatus further comprises: the building module is specifically used for obtaining initial model parameters; encrypting the initial model parameters through a predetermined third key to obtain encrypted model parameters; and constructing the service model according to the encrypted model parameters.
Optionally, before acquiring the encrypted user data required for executing the current service, the acquiring module is further configured to acquire a key generation parameter; and generating an encrypted public key as the third key according to the key generation parameter, generating an encrypted private key corresponding to the encrypted public key as the first key, and issuing the first key to the client for storage.
Optionally, the obtaining module is specifically configured to randomly generate a specified matrix, and determine the first key for the user according to the specified matrix and the encrypted private key.
The present specification provides a service execution apparatus, including:
the encryption module is used for determining initial user data during service execution and encrypting the initial user data according to a first key stored locally and encryption parameters related to a second key to obtain encrypted user data, wherein the first key is issued to a client by a server in advance;
the sending module is used for sending the encrypted user data to the server so that the server determines an encryption execution result corresponding to the encrypted user data through a pre-constructed service model and sends the encryption execution result to the client, wherein an encrypted model parameter is deployed in the service model, and the relation among the encryption execution result, the encrypted model parameter and the encrypted user data meets a linear relation;
and the decryption module decrypts the encryption execution result according to the second key to obtain a decrypted execution result.
Optionally, the apparatus further comprises: the generating module is specifically configured to randomly generate a first matrix and a second matrix which are reversible matrices of each other, determine a reversible matrix pair formed by the first matrix and the second matrix, and randomly generate a third matrix and a fourth matrix; generating the second key according to the reversible matrix pair, the third matrix and the first matrix;
optionally, the encryption module is specifically configured to take the second matrix, the third matrix, and the fourth matrix as the encryption parameters related to the second key, and encrypt the user data according to the second matrix, the third matrix, the fourth matrix, and the first key to obtain encrypted user data.
The present specification provides a computer-readable storage medium storing a computer program which, when executed by a processor, implements the above-described service execution method.
The present specification provides an electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the service execution method when executing the program.
The technical scheme adopted by the specification can achieve the following beneficial effects:
in the service execution method provided by the present specification, encrypted user data required for executing a current service is obtained, where the encrypted user data is obtained by a client encrypting initial user data according to a first key stored locally at the client and an encryption parameter related to a second key, the encrypted user data is input to a service model constructed in advance, so as to determine an encryption execution result corresponding to the encrypted user data through the service model, where an encrypted model parameter is deployed in the service model, and a relationship among the encryption execution result, the encrypted model parameter, and the encrypted user data satisfies a linear relationship, and the encryption execution result is sent to the client, so that the client decrypts the encryption execution result according to the second key, and obtains a decrypted execution result.
Compared with the prior method for executing the model prediction task by the user data in the form of the plaintext and the model parameter in the form of the plaintext, the method can determine the encryption execution result by the encrypted model parameter and the encrypted user data, and further decrypt the encryption execution result, so that the user data is not leaked in the process of inputting the service model, and the model parameter is also encrypted, thereby effectively ensuring the safety of the model data and the safety of the user data in the service execution process.
Drawings
The accompanying drawings, which are included to provide a further understanding of the specification and are incorporated in and constitute a part of this specification, illustrate embodiments of the specification and together with the description serve to explain the specification and not to limit the specification in a non-limiting sense. On the attachment
In the figure:
fig. 1 is a schematic flowchart of a service execution method provided in this specification;
fig. 2 is a schematic flow chart of a service execution method provided in this specification;
fig. 3 is a schematic diagram of a service execution apparatus provided in the present specification;
fig. 4 is a schematic diagram of a service execution apparatus provided in the present specification;
fig. 5 is a schematic diagram of an electronic device corresponding to fig. 1 or fig. 2 provided in the present specification.
Detailed Description
In order to make the objects, technical solutions and advantages of the present disclosure more clear, the technical solutions of the present disclosure will be clearly and completely described below with reference to the specific embodiments of the present disclosure and the accompanying drawings. It is to be understood that the embodiments described are only a few embodiments of the present disclosure, and not all embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present specification without any creative effort belong to the protection scope of the present specification.
The technical solutions provided by the embodiments of the present description are described in detail below with reference to the accompanying drawings.
Fig. 1 is a schematic flow chart of a service execution method provided in this specification, including the following steps:
s100: the method comprises the steps of obtaining encrypted user data required by current service execution, wherein the encrypted user data are obtained by encrypting initial user data by a client according to a first secret key stored locally at the client and an encryption parameter related to a second secret key, and the first secret key is issued to the client by a server in advance.
Under the service scenes such as risk monitoring, intention identification, disease diagnosis and the like, a server usually obtains user data required by the current service when executing the service, and then inputs the user data into a service model which is deployed in advance, so that corresponding prediction is carried out according to the user data through the service model, and the prediction result is returned to a user.
For example, when a user executes financial services, the business model generally needs to acquire user data such as occupation, age, income, borrowing records, credit rating and the like of the user, so as to evaluate repayment capacity and consumption level of the user according to the user data, and predict borrowing amount which can be issued to the user according to an evaluation result and issue the user.
However, in this process, the user data is sent in the clear text, so that leakage of the user data is likely to occur in the process of executing the business, and in addition, when the provider of the business model deploys the model in the server, the parameter data of the model is also stored in the clear text, so that the model parameters are also at a certain risk of leakage.
Based on this, the present specification provides a service execution method, so as to send encrypted user data to a service model whose parameters are encrypted, thereby obtaining an encryption execution result output by the service model, and further decrypting the encrypted execution result to obtain a plaintext execution result visible to a user.
In this specification, the services executed by the server may be various, such as loan issuance, risk monitoring, intention identification, disease detection, and the like, and the initial user data (unencrypted user data) may include the age, income, credit rating, loan status, work time, physical status, and historical diagnosis records of the user. Of course, other services and other user data under other services may also be included, which is not illustrated here.
It should be noted that, the user data required under different services may be different, for example, in the loan issuing service, the service model may predict the amount of loan that the user can bear according to the age, income, credit rating, loan condition, and work of the user and issue the predicted amount of loan to the user, and in the disease diagnosis service, the service model may predict the physical health condition of the user according to the age, work, rest time, physical state, and historical diagnosis records of the user, so as to determine whether the user has a physical disease and a disease type.
In addition, the business model in this specification may be a regression model, and the regression model may include a linear regression model and a logistic regression model.
When a user registers identity in a service platform provided by a server, the server generates a first key and sends the first key to a client, so that the client encrypts initial user data in a plaintext form through the first key and encryption parameters related to a second key before sending the encrypted user data. The first key may be generated by the server and sent to the client when the user registers in the server, and stored locally at the client. When the client sends the user data, the user data can be directly encrypted by the first key stored locally in advance without being acquired again.
Specifically, the server may first obtain the key generation parameter, so as to generate the key according to the key generation parameter. The key generation parameter may be determined by a corresponding program logic in the server, or may be set manually. The key generation parameters may include: a larger integer v, an identity matrix I, an error matrix E, a random matrix A and a random matrix T, wherein the identity matrix I is composed of matrices P which are reciprocal matrices m And matrix P s And (5) calculating. Of course, other key generation parameters such as security parameters may also be included, and this specification is not limited in this respect.
The server can determine a corresponding encryption algorithm according to the key generation parameters, so that an encryption public key and an encryption private key corresponding to the encryption public key are determined according to the encryption algorithm, the encryption public key is used as a third key, the encryption private key is used as a first key, and then the first key is sent to the client for storage. The first key is used to encrypt initial user data, the third private key is used to encrypt model parameters (such as weights of a model network layer) of a service model, and the first key (encryption private key) determined by the key generation parameters may be represented as:
SK=[I,T]P s
SK is a first key used to encrypt initial user data.
The third key (encryption public key) can be expressed as:
where PK is the third key used to encrypt the model parameters.
In order to ensure that the model parameters of the business model are not leaked, the server can obtain the initial model parameters, the initial model parameters are stored in a plaintext mode, then the server can encrypt the initial model parameters through the encryption public key, so that encrypted model parameters are obtained, and then the business model is built and deployed according to the encrypted model parameters. The encrypted model parameters can be expressed by the following formula:
ω c =PK·ω+e
wherein, ω is c And omega is an initial model parameter before encryption, and e is a tiny error in the encryption process.
Substituting the calculation formulas of the first key and the third key into the calculation formula of the encryption model parameters to obtain the corresponding relation between the first key and the encrypted model parameters and the initial model parameters, wherein the formula can be expressed as:
SK·ω c =v·ω+e
further, when the client sends the encrypted user data to the server, a second key corresponding to the encrypted user data may be generated locally, and is used to decrypt the finally obtained encrypted execution result, and a process of decrypting the encrypted execution result will be described in detail below, which is not limited in this specification.
The client terminal can generate a first matrix P 'of reciprocal invertible matrices' m And a secondary matrix P' s So that, P' m ·P′ s = I, for ease of distinction, P' m And P' s The constructed reversible matrix pair can be represented by I'. Meanwhile, the client may also randomly generate a third matrix T 'and a fourth matrix a'.
The server may then be based on the invertible matrix pair I ', the third matrix T ', and the first matrix P ' m Generating the second key, which may be expressed as:
SK′=[I′·T′]·P′ s
wherein SK' is a second key for decrypting the encryption execution result
The server may combine the third matrix T ', the fourth matrix A ', and the first matrix P ' m As a cryptographic parameter related to the second matrix and based on the first key SK, the third matrix T ', the fourth matrix A ' and the first matrix P ' m Encrypting the initial user data to obtain encrypted user data, where the encrypted user data may be represented as:
wherein x is c To encrypt user data.
In the process of practical application, there are likely a plurality of users executing services under the service model provided by the server, and in order to ensure privacy security of data among the users, the server may generate different first keys for different users according to the key generation algorithm and send the different first keys to the clients of the users for local storage.
For the user j, the server may first randomly generate a fifth matrix which is a reciprocal matrix
And a sixth matrix +>
So that the fifth matrix->
And a sixth matrix>
Is equal to the identity matrix I.
The server may assign a fifth matrix
As a randomly generated assignment matrix, and further based on the assignmentA matrix and an encryption private key, a first key SK for the user j is generated, and a first key SK for the user j is generated j Can be expressed as:
because the matrix is randomly generated, the first keys received by each user are different, so that different first keys can be stored in the clients of different users, and the uniqueness of the first keys for each user is realized.
It should be noted that the service model in this specification may be deployed in a server, and certainly may also be deployed in a terminal device such as a mobile phone and a computer where a client is located, and when the service model is deployed in the client, the client may input user data into the service model.
In addition, an execution subject for implementing the service execution method in this specification may be a specific device such as a server, and for convenience of description, the service execution method provided in this specification is described by taking the server-time execution subject as an example.
S102: inputting the encrypted user data into a service model constructed in advance, and determining an encryption execution result corresponding to the encrypted user data through the service model, wherein encrypted model parameters are deployed in the service model, and the relationship among the encryption execution result, the encrypted model parameters and the encrypted user data satisfies a linear relationship.
After the server can input the encrypted user data into the service model, the server can calculate the encryption model parameters of the service model and the encrypted user data through the linear network of the service model, so that the encryption execution result of the current service is determined according to the calculation result. Since the business model in this specification is a regression model, the relationship between the encryption execution result, the encrypted model parameter, and the encrypted user data satisfies a linear relationship.
The encryption execution result can be expressed by the following formula:
y c =x c ·w c
wherein, y c According to the cryptographic model parameter w c And encrypting the user data x c And determining an encryption execution result.
Of course, in the case that the server does not encrypt the service model parameter, the service model may also determine the encryption execution result according to the encrypted initial model parameter and the encrypted user data.
In addition, when the first keys sent by different users are different, the calculation result determined by the service model for user j may be expressed as:
s103: and sending the encryption execution result to the client, so that the client decrypts the encryption execution result according to the second key to obtain a decrypted execution result.
The server may send the encryption execution result to the client, and after the client obtains the encryption execution result, the client may decrypt the execution result by using a second key that is generated in advance and stored locally. The execution result after decryption can be represented by the following formula:
in practical applications, the business models in different businesses calculate different execution results, such as a disease diagnosis result (whether a disease is present or not, and a disease type) in a disease diagnosis business, a user intention identified in a business, and the like, and of course, other execution results may be included, which is not specifically limited in this specification.
In normal operation of the service model, when neither the model parameters of the service model nor the user data are encrypted, the linear relationship satisfied should be: y = wx, on the basis of which the decryption formula of the execution result can be verified to determine whether the condition can be satisfied.
Specifically, when the server does not distinguish the first key transmitted to the different user, since SK ' = [ I ' · T ']·P′ s And y is c =x c ·w c Then the following relationship is satisfied:
SK′·y c =[I′·T′]·P′ s ·x c ·w c
and because
Then->
Since the correspondence SK · ω has already been determined in step S100 c = v · ω + e, the following equation can be obtained:
SK′·y c =x·v·w+x·e
substituting the equation into the decryption equation of the execution result can obtain:
since e is a slight error value having a value of approximately 0 and v is a positive integer having a value of approximately infinity, the values of the first and second elements are different
Can be approximated by 0, and thus SK' y can be derived c = y = xw. The method and the device can obtain the correct execution result which is not encrypted after the encryption execution result calculated by the encryption model parameter and the encrypted user data is decrypted. />
When the server sends different first encrypted data to different users, the following equation is satisfied:
further obtain the result
Because it is->
The following formula is available:
due to the fact that
Are invertible matrices of each other, so SK' y is obtained c =SK·w c The subsequent steps may be verified by the same method when the server does not distinguish the first keys issued to different users, which is not described in detail herein.
In the above, a service execution method provided in the present specification is described from the perspective of a server, and for ease of understanding, a service execution method provided in the present specification is described below from the perspective of a client, as shown in fig. 2.
Fig. 2 is a schematic flow chart of a service execution method provided in this specification, including the following steps:
s200: determining initial user data during service execution, and encrypting the initial user data according to a first key stored locally and an encryption parameter related to a second key to obtain encrypted user data, wherein the first key is issued to a client in advance by a server.
When the service is executed, the client encrypts the required user data through the first key stored locally and the encryption parameter related to the second key, so that encrypted user data is obtained and sent to the server.
S202: and sending the encrypted user data to the server so that the server determines an encryption execution result corresponding to the encrypted user data through a pre-constructed service model, and sends the encryption execution result to the client, wherein encrypted model parameters are deployed in the service model, and the relationship among the encryption execution result, the encrypted model parameters and the encrypted user data satisfies a linear relationship.
After receiving the encrypted user data, the server performs model calculation on the encrypted user data according to the model parameters with the encryption, so that an encrypted prediction result of the model is obtained and used as an encryption execution result, and the encryption execution result is sent to the client.
S204: and decrypting the encryption execution result according to the second key to obtain a decrypted execution result.
After receiving the decryption execution result, the client may decrypt the encryption execution result according to the second key, thereby obtaining an encryption execution result in a plaintext form.
Compared with the prior method for executing the model prediction task by the user data in the form of the plaintext and the model parameter in the form of the plaintext, the method can determine the encryption execution result by the encrypted model parameter and the encrypted user data, and further decrypt the encryption execution result, so that the user data is not leaked in the process of inputting the service model, and the model parameter is also encrypted, thereby effectively ensuring the safety of the model data and the safety of the user data in the service execution process.
Based on the same idea, the present specification further provides a corresponding service execution device, as shown in fig. 3 or fig. 4.
Fig. 3 is a schematic diagram of a service execution device provided in this specification, including:
the acquisition module 300: the system comprises a client, a server and a server, wherein the client is used for acquiring encrypted user data required by executing a current service, the encrypted user data is obtained by encrypting initial user data by the client according to a first key stored locally at the client and an encryption parameter related to a second key, and the first key is issued to the client by the server in advance;
the input module 302: the system comprises a business model, an encryption execution result and a data processing module, wherein the business model is used for inputting the encrypted user data into a pre-constructed business model so as to determine the encryption execution result corresponding to the encrypted user data through the business model, the business model is provided with encrypted model parameters, and the relation among the encryption execution result, the encrypted model parameters and the encrypted user data meets a linear relation;
the decryption module 304: and the encryption execution result is sent to the client, so that the client can decrypt the encryption execution result according to the second key to obtain a decrypted execution result.
Optionally, the apparatus further comprises:
a construction module 306 for obtaining initial model parameters; encrypting the initial model parameters through a predetermined third key to obtain encrypted model parameters; and constructing the service model according to the encrypted model parameters.
Optionally, before acquiring the encrypted user data required for executing the current service, the acquiring module 300 is further configured to acquire a key generation parameter; and generating an encrypted public key as the third key according to the key generation parameter, generating an encrypted private key corresponding to the encrypted public key as the first key, and issuing the first key to the client for storage.
Optionally, the obtaining module 300 is specifically configured to randomly generate a specified matrix, and determine the first key for the user according to the specified matrix and the encrypted private key.
Fig. 4 is a schematic diagram of a service execution device provided in this specification, including:
an encryption module 400, configured to determine initial user data during service execution, and encrypt the initial user data according to a first key stored locally and an encryption parameter related to a second key to obtain encrypted user data, where the first key is issued by a server to a client in advance;
a sending module 402, configured to send the encrypted user data to the server, so that the server determines, through a service model constructed in advance, an encryption execution result corresponding to the encrypted user data, and sends the encryption execution result to the client, where an encrypted model parameter is deployed in the service model, and a relationship between the encryption execution result, the encrypted model parameter, and the encrypted user data satisfies a linear relationship;
and a decryption module 404, configured to decrypt the encryption execution result according to the second key to obtain a decrypted execution result.
Optionally, the apparatus further comprises:
a generating module 406, configured to randomly generate a first matrix and a second matrix that are reversible matrices of each other, determine a reversible matrix pair formed by the first matrix and the second matrix, and randomly generate a third matrix and a fourth matrix; and generating the second key according to the reversible matrix pair, the third matrix and the first matrix.
Optionally, the encryption module 400 is specifically configured to take the second matrix, the third matrix, and the fourth matrix as the encryption parameters related to the second key, and encrypt the user data according to the second matrix, the third matrix, the fourth matrix, and the first key to obtain encrypted user data.
The present specification also provides a computer-readable storage medium storing a computer program, which can be used to execute a service execution method provided in fig. 1 or fig. 2.
The present specification also provides a schematic structural diagram of an electronic device shown in fig. 5 corresponding to the figure. As shown in fig. 5, at the hardware level, the electronic device includes a processor, an internal bus, a network interface, a memory, and a non-volatile memory, but may also include hardware required for other services. The processor reads a corresponding computer program from the non-volatile memory into the memory and then runs the computer program to implement the service execution method described in fig. 1 or fig. 2. Of course, besides the software implementation, the present specification does not exclude other implementations, such as logic devices or a combination of software and hardware, and the like, that is, the execution subject of the following processing flow is not limited to each logic unit, and may be hardware or logic devices.
In the 90 s of the 20 th century, improvements in a technology could clearly distinguish between improvements in hardware (e.g., improvements in circuit structures such as diodes, transistors, switches, etc.) and improvements in software (improvements in process flow). However, as technology advances, many of today's process flow improvements have been seen as direct improvements in hardware circuit architecture. Designers almost always obtain the corresponding hardware circuit structure by programming an improved method flow into the hardware circuit. Thus, it cannot be said that an improvement in the process flow cannot be realized by hardware physical modules. For example, a Programmable Logic Device (PLD), such as a Field Programmable Gate Array (FPGA), is an integrated circuit whose Logic functions are determined by programming the Device by a user. A digital system is "integrated" on a PLD by the designer's own programming without requiring the chip manufacturer to design and fabricate application-specific integrated circuit chips. Furthermore, nowadays, instead of manually manufacturing an Integrated Circuit chip, such Programming is often implemented by "logic compiler" software, which is similar to a software compiler used in program development and writing, but the original code before compiling is also written by a specific Programming Language, which is called Hardware Description Language (HDL), and HDL is not only one but many, such as ABEL (Advanced Boolean Expression Language), AHDL (alternate Hardware Description Language), traffic, CUPL (core universal Programming Language), HDCal, jhddl (Java Hardware Description Language), lava, lola, HDL, PALASM, rhyd (Hardware Description Language), and vhigh-Language (Hardware Description Language), which is currently used in most popular applications. It will also be apparent to those skilled in the art that hardware circuitry for implementing the logical method flows can be readily obtained by a mere need to program the method flows with some of the hardware description languages described above and into an integrated circuit.
The controller may be implemented in any suitable manner, for example, the controller may take the form of, for example, a microprocessor or processor and a computer-readable medium storing computer-readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, an Application Specific Integrated Circuit (ASIC), a programmable logic controller, and an embedded microcontroller, examples of which include, but are not limited to, the following microcontrollers: ARC625D, atmel AT91SAM, microchip PIC18F26K20, and Silicone Labs C8051F320, the memory controller may also be implemented as part of the control logic for the memory. Those skilled in the art will also appreciate that, in addition to implementing the controller in purely computer readable program code means, the same functionality can be implemented by logically programming method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Such a controller may thus be considered a hardware component, and the means included therein for performing the various functions may also be considered as a structure within the hardware component. Or even means for performing the functions may be regarded as being both a software module for performing the method and a structure within a hardware component.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. One typical implementation device is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smartphone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
For convenience of description, the above devices are described as being divided into various units by function, respectively. Of course, the functionality of the various elements may be implemented in the same one or more pieces of software and/or hardware in the practice of this description.
As will be appreciated by one skilled in the art, embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, the description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the description may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The description has been presented with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the description. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Disks (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising a … …" does not exclude the presence of another identical element in a process, method, article, or apparatus that comprises the element.
As will be appreciated by one skilled in the art, embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, the description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the description may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
This description may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The specification may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The above description is only an example of the present specification, and is not intended to limit the present specification. Various modifications and alterations to this description will become apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present specification should be included in the scope of the claims of the present specification.
Claims (16)
1. A service execution method is applied to a server and comprises the following steps:
acquiring encrypted user data required by executing a current service, wherein the encrypted user data is obtained by encrypting initial user data by a client according to a first key stored locally at the client and an encryption parameter related to a second key, and the first key is issued to the client by a server in advance;
inputting the encrypted user data into a service model which is constructed in advance, and determining an encryption execution result corresponding to the encrypted user data through the service model, wherein an encrypted model parameter is deployed in the service model, and the relationship among the encryption execution result, the encrypted model parameter and the encrypted user data satisfies a linear relationship;
and sending the encryption execution result to the client, so that the client decrypts the encryption execution result according to the second key to obtain a decrypted execution result.
2. The method according to claim 1, wherein constructing the business model specifically comprises:
obtaining initial model parameters;
encrypting the initial model parameters through a predetermined third key to obtain encrypted model parameters;
and constructing the service model according to the encrypted model parameters.
3. The method of claim 2, prior to obtaining encrypted user data required to perform a current service, the method further comprising:
acquiring a key generation parameter;
and generating an encrypted public key as the third key according to the key generation parameter, generating an encrypted private key corresponding to the encrypted public key as the first key, and issuing the first key to the client for storage.
4. The method according to claim 3, wherein generating an encryption private key corresponding to the encryption public key as the first key specifically comprises:
and randomly generating a specified matrix, and determining a first secret key for the user according to the specified matrix and the encrypted private key.
5. A service execution method is applied to a client and comprises the following steps:
determining initial user data during service execution, and encrypting the initial user data according to a first key stored locally and encryption parameters related to a second key to obtain encrypted user data, wherein the first key is issued to the client by a server in advance;
sending the encrypted user data to the server so that the server determines an encryption execution result corresponding to the encrypted user data through a pre-constructed service model and sends the encryption execution result to the client, wherein encrypted model parameters are deployed in the service model, and the relation among the encryption execution result, the encrypted model parameters and the encrypted user data meets a linear relation;
and decrypting the encryption execution result according to the second key to obtain a decrypted execution result.
6. The method of claim 5, prior to determining initial user data at the time of service execution, the method further comprising:
randomly generating a first matrix and a second matrix which are reversible matrixes with each other, determining a reversible matrix pair formed by the first matrix and the second matrix, and randomly generating a third matrix and a fourth matrix;
and generating the second key according to the reversible matrix pair, the third matrix and the first matrix.
7. The method according to claim 6, wherein the encrypting the initial user data according to the locally stored first key and the encryption parameter associated with the second key to obtain the encrypted user data specifically comprises:
and taking the second matrix, the third matrix and the fourth matrix as the encryption parameters related to the second key, and encrypting the user data according to the second matrix, the third matrix, the fourth matrix and the first key to obtain encrypted user data.
8. A service execution apparatus comprising:
an acquisition module: acquiring encrypted user data required by executing a current service, wherein the encrypted user data is obtained by encrypting initial user data by a client according to a first key stored locally at the client and an encryption parameter related to a second key, and the first key is issued to the client by a server in advance;
an input module: inputting the encrypted user data into a service model which is constructed in advance, and determining an encryption execution result corresponding to the encrypted user data through the service model, wherein an encrypted model parameter is deployed in the service model, and the relationship among the encryption execution result, the encrypted model parameter and the encrypted user data satisfies a linear relationship;
a decryption module: and sending the encryption execution result to the client, so that the client decrypts the encryption execution result according to the second key to obtain a decrypted execution result.
9. The apparatus of claim 8, further comprising: the building module is specifically used for obtaining initial model parameters; encrypting the initial model parameters through a predetermined third key to obtain encrypted model parameters; and constructing the service model according to the encrypted model parameters.
10. The apparatus of claim 9, the obtaining module is further configured to, prior to obtaining the encrypted user data required for performing the current service, obtain a key generation parameter; and generating an encrypted public key as the third key according to the key generation parameter, generating an encrypted private key corresponding to the encrypted public key as the first key, and issuing the first key to the client for storage.
11. The apparatus of claim 10, wherein the obtaining module is specifically configured to randomly generate a specified matrix and determine the first key for the user according to the specified matrix and the encrypted private key.
12. A service execution apparatus comprising:
the encryption module is used for determining initial user data during service execution and encrypting the initial user data according to a first key stored locally and encryption parameters related to a second key to obtain encrypted user data, wherein the first key is issued to a client by a server in advance;
the sending module is used for sending the encrypted user data to the server so that the server determines an encryption execution result corresponding to the encrypted user data through a pre-constructed service model and sends the encryption execution result to the client, wherein an encrypted model parameter is deployed in the service model, and the relation among the encryption execution result, the encrypted model parameter and the encrypted user data meets a linear relation;
and the decryption module is used for decrypting the encryption execution result according to the second secret key to obtain a decrypted execution result.
13. The apparatus of claim 12, the apparatus further comprising: the generating module is specifically configured to randomly generate a first matrix and a second matrix which are reversible matrices of each other, determine a reversible matrix pair formed by the first matrix and the second matrix, and randomly generate a third matrix and a fourth matrix; and generating the second key according to the reversible matrix pair, the third matrix and the first matrix.
14. The apparatus according to claim 13, wherein the encryption module is specifically configured to take the second matrix, the third matrix, and the fourth matrix as the encryption parameters related to the second key, and encrypt the user data according to the second matrix, the third matrix, the fourth matrix, and the first key to obtain encrypted user data.
15. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the method of any one of the preceding claims 1 to 7.
16. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the method of any of the preceding claims 1 to 7 when executing the program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211739342.6A CN115982742A (en) | 2022-12-31 | 2022-12-31 | Service execution method, device, storage medium and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211739342.6A CN115982742A (en) | 2022-12-31 | 2022-12-31 | Service execution method, device, storage medium and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115982742A true CN115982742A (en) | 2023-04-18 |
Family
ID=85958509
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211739342.6A Pending CN115982742A (en) | 2022-12-31 | 2022-12-31 | Service execution method, device, storage medium and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115982742A (en) |
-
2022
- 2022-12-31 CN CN202211739342.6A patent/CN115982742A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108932297B (en) | Data query method, data sharing method, device and equipment | |
| CN111539813B (en) | Method, device, equipment and system for backtracking processing of business behaviors | |
| CN108364223B (en) | Data auditing method and device | |
| CN112016120B (en) | Event prediction method and device based on user privacy protection | |
| CN108063756B (en) | Key management method, device and equipment | |
| CN110222531B (en) | Method, system and equipment for accessing database | |
| CN109726563B (en) | Data statistics method, device and equipment | |
| CN113076527B (en) | Block chain-based digital asset processing method and device | |
| CN111342966B (en) | Data storage method, data recovery method, device and equipment | |
| CN113821817B (en) | Data processing method, device, equipment and system based on block chain | |
| CN112287376A (en) | Method and device for processing private data | |
| CN113282959A (en) | Service data processing method and device and electronic equipment | |
| CN112182509A (en) | Method, device and equipment for detecting abnormity of compliance data | |
| CN111600882A (en) | Block chain-based account password management method and device and electronic equipment | |
| CN115640589A (en) | Security protection equipment, service execution method, device and storage medium | |
| CN115982742A (en) | Service execution method, device, storage medium and electronic equipment | |
| CN111641499A (en) | Block chain-based private key restoration method, device, equipment and medium | |
| CN113497710A (en) | Data decryption method and device | |
| CN110995447B (en) | Data storage method, device, equipment and medium | |
| CN114301710B (en) | Method for determining whether message is tampered, secret pipe platform and secret pipe system | |
| CN112818380B (en) | Backtracking processing method, device, equipment and system for business behaviors | |
| CN116028958B (en) | Key encryption and decryption method and device, security machine and medium | |
| CN116050847A (en) | Data risk assessment method and device, storage medium and electronic equipment | |
| CN116455657A (en) | Service providing method, device, equipment and system | |
| CN116432235A (en) | Privacy protection method and device for account data in blockchain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |