CN116049322B - Data sharing platform and method based on privacy calculation - Google Patents

Data sharing platform and method based on privacy calculation Download PDF

Info

Publication number
CN116049322B
CN116049322B CN202310342479.6A CN202310342479A CN116049322B CN 116049322 B CN116049322 B CN 116049322B CN 202310342479 A CN202310342479 A CN 202310342479A CN 116049322 B CN116049322 B CN 116049322B
Authority
CN
China
Prior art keywords
data
computing
user
target
privacy
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202310342479.6A
Other languages
Chinese (zh)
Other versions
CN116049322A (en
Inventor
刘维炜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Anling Technology Hangzhou Co ltd
Original Assignee
Anling Technology Hangzhou Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Anling Technology Hangzhou Co ltd filed Critical Anling Technology Hangzhou Co ltd
Priority to CN202310342479.6A priority Critical patent/CN116049322B/en
Publication of CN116049322A publication Critical patent/CN116049322A/en
Application granted granted Critical
Publication of CN116049322B publication Critical patent/CN116049322B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Abstract

The invention provides a data sharing platform and a data sharing method based on privacy calculation, and belongs to the technical field of data processing. According to the data sharing platform based on privacy calculation, through setting the data application platform with high authority level and configuring the privacy calculation node corresponding to the user mechanism, the data resources of the calculation task can be guaranteed not to flow to the user mechanism, the privacy and the safety of data are guaranteed, and the transmission cost of first target data among different mechanisms is reduced by setting the first target database on the data application platform, and the privacy calculation node capable of configuring the calculation resource can also guarantee that the calculation requirement of the calculation task can be met.

Description

Data sharing platform and method based on privacy calculation
Technical Field
The invention relates to the technical field of data processing, in particular to a data sharing platform and method based on privacy calculation.
Background
After entering the information age, more and more production and living activities need to be completed independently in the information space, thereby generating a large amount of information data, and again, a great efficiency improvement is brought to production and living through processing, circulation, sharing and application of the data. The data is used as a key production element in the digital economic age, and value release needs to be realized through cross-domain, cross-industry, cross-region and cross-organization circulation sharing. However, as a virtual asset, there are characteristics of easy replication and difficult management compared with physical assets, so that data circulation is still hindered.
After the current organization issues the data, the data is stored in the node position corresponding to the current organization. If the other institution needs the data, the data is applied to the current institution, and the current institution approves and then sends the data to the other institution for the computing node of the other institution to perform the operation. In this case, the data may be protected by some means such as data encryption transmission, digital watermarking, data desensitization, etc. But the direction and the use of the data after the data flow out are uncontrollable, only can be deterred by law, the data after the data flow out cannot be found and traced in time through the watermark, and the data value after the desensitization is reduced, so that the data is not available, or the data value is not changed in practice due to incomplete desensitization. In addition, if the current organization is requested by a plurality of other organizations at the same time, the node of the current organization may repeatedly send related data, which causes waste of transmission resources. And for different types of data, the computing node configuration of another mechanism is single, and for different acquired data resources and different computing tasks, there may be a situation that the computing resources cannot meet the current computing task. On the basis of ensuring the data security, improving the data transmission efficiency and meeting the configuration requirement of each data calculation is a problem to be solved.
Disclosure of Invention
The invention provides a data sharing platform and a data sharing method based on privacy calculation, which are used for solving the defects of unsafe data transmission among different mechanisms, low efficiency and limited calculation resources of a single mechanism in the prior art, and realizing the effects of improving the data transmission efficiency and meeting the configuration requirements of each data calculation on the basis of ensuring the data security.
The invention provides a data sharing platform based on privacy calculation, which comprises:
the system comprises a data application platform, a plurality of privacy computing nodes and a plurality of user mechanisms, wherein the data application platform is internally provided with the privacy computing nodes, and each privacy computing node is in communication connection with the different user mechanisms through respective computing interfaces; each user mechanism is in communication connection with a respective database through a respective data interface;
the data application platform further comprises a first target database, wherein first target data are stored in the first target database, and the first target data are data which are called by each privacy computing node for a total number of times exceeding a target number of times in a target historical time period;
the privacy computing node corresponding to the user mechanism is used for acquiring data from the first target database and/or the database of each user mechanism to perform privacy computation on the data application platform under the condition that the computing task of the user mechanism is received, and sending a computing result to the user mechanism; the data application platform further comprises a computing resource library, and the privacy computing node corresponding to the user mechanism is further used for acquiring computing resources from the computing resource library according to the computing task of the user mechanism and configuring the computing resources so as to meet the configuration required by the computing task.
According to the data sharing platform based on privacy calculation, the privacy calculation node corresponding to the user mechanism is used for determining the first target data and the second target data required by the calculation task of the user mechanism under the condition that the calculation task of the user mechanism is received; the first target data is stored in the first target database, and the second target data is stored in a database corresponding to the user mechanism and uploaded to the data application platform through the user mechanism.
The invention provides a data sharing platform based on privacy calculation, which further comprises a blockchain platform, wherein the blockchain platform comprises a platform chain corresponding to the data application platform and mechanism chains corresponding to user mechanisms respectively;
the user mechanism comprises a trusted user mechanism and a pending user mechanism; the trusted user mechanism encrypts second target data through a stored first public key and then uploads the encrypted second target data to the data application platform, and the data application platform decrypts the second target data through a stored first private key corresponding to the first public key; the mechanism chain corresponding to the to-be-inspected user mechanism receives a second public key sent by the platform chain corresponding to the data application platform, the to-be-inspected user mechanism encrypts second target data through the second public key and then uploads the encrypted second target data to the data application platform, and the data application platform decrypts the second target data through a second private key corresponding to the second public key, which is generated by the corresponding platform chain.
According to the data sharing platform based on privacy calculation, the data application platform uploads the data information of the acquired data to the platform chain for storage; the data information comprises a data type, a data source, a computing task corresponding to the data and a user mechanism corresponding to the initiating computing task.
According to the data sharing platform based on privacy calculation, which is provided by the invention, the data application platform further comprises a second target database; the data application platform stores data used by each computing task into the second target database under the condition that each computing task corresponding to each privacy computing node is completed;
and under the condition that the storage space of the second target database is used, the platform chain determines the data, which is called by each privacy computing node for a total number of times exceeding a target number of times, in the target historical time period as the new first target data according to the uploaded data information, and migrates the first target data from the second target database to the first target database.
The invention also provides a data sharing method based on privacy calculation, which is applied to the data sharing platform based on privacy calculation and comprises the following steps:
Receiving a computing task initiated by a user mechanism corresponding to a privacy computing node through the privacy computing node;
determining data and computing resources required by the computing task based on the computing task;
retrieving the first target data from a first target database in the case that the data required for the computing task includes the first target data; and based on the computing resources required by the computing task, acquiring the computing resources from a computing resource library and configuring the computing resources in the privacy computing nodes corresponding to the computing task.
According to the data sharing method based on privacy calculation, when the data required by the calculation task comprises second target data, the type of a user mechanism to which the second target data belongs is determined; the types of the user institutions comprise trusted user institutions and pending user institutions;
the second target data is obtained from the user mechanism to which the second target data belongs based on the type of the user mechanism from which the second target data originates.
According to the data sharing method based on privacy calculation provided by the invention, the obtaining the second target data from the user mechanism to which the second target data belongs based on the type of the user mechanism from which the second target data belongs comprises the following steps:
Determining that the user institution of the second target data source is a trusted user institution;
transmitting request information for acquiring the second target data to the trusted user institution;
receiving the second target data encrypted by the trusted user authority through a pre-stored first public key;
decrypting the second target data by a stored first private key corresponding to the first public key.
According to the data sharing method based on privacy calculation provided by the invention, the obtaining the second target data from the user mechanism to which the second target data belongs based on the type of the user mechanism from which the second target data belongs comprises the following steps:
determining that the user mechanism of the second target data source is a pending user mechanism;
transmitting request information for acquiring the second target data to the to-be-examined user mechanism;
under the condition that the identity verification information sent by the mechanism chain corresponding to the user mechanism to be checked is received through the corresponding platform link and verification is passed, a second public key is generated through the platform chain and sent to the mechanism chain corresponding to the user mechanism to be checked;
and receiving the second target data encrypted by the pending user mechanism by using the second public key, and obtaining a second private key corresponding to the second public key through the platform chain to decrypt the second target data.
According to the data sharing method based on privacy calculation provided by the invention, after the data and the computing resources required by the computing task are determined based on the computing task, the method further comprises the following steps:
determining data and computing resources required by the computing task, and completing the computing task through the privacy computing node;
uploading the data information of the acquired data to a platform chain for storage; the platform chain is a block chain corresponding to the data application platform; the data information comprises a data type, a data source, a computing task corresponding to the data and a user mechanism corresponding to the initiating computing task.
The invention also provides an electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the privacy calculation based data sharing method as described in any one of the above when executing the program.
The present invention also provides a non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements a data sharing method based on privacy calculations as described in any of the above.
The invention also provides a computer program product comprising a computer program which when executed by a processor implements a data sharing method based on privacy calculations as described in any of the above.
According to the data sharing platform and the method based on privacy calculation, the data application platform with high authority level is arranged, and the privacy calculation node corresponding to the user mechanism is configured, so that the data resources of the calculation task can not flow to the user mechanism, the privacy and the safety of data are guaranteed, the transmission cost of first target data among different mechanisms is reduced by arranging the first target database on the data application platform, and the privacy calculation node capable of configuring the calculation resources can also meet the calculation requirement of the calculation task.
Drawings
In order to more clearly illustrate the invention or the technical solutions of the prior art, the following description will briefly explain the drawings used in the embodiments or the description of the prior art, and it is obvious that the drawings in the following description are some embodiments of the invention, and other drawings can be obtained according to the drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic diagram of a data sharing platform based on privacy computation according to the present invention;
FIG. 2 is a schematic diagram of a second embodiment of a privacy-based data sharing platform according to the present invention;
FIG. 3 is a schematic flow chart of a privacy computation-based data sharing platform provided by the invention;
fig. 4 is a schematic structural diagram of an electronic device provided by the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the present invention more apparent, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is apparent that the described embodiments are some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The privacy computing-based data sharing platform and method of the present invention are described below in conjunction with fig. 1-4.
The data is taken as a virtual asset, and in the circulation sharing process, due to the replicable characteristic, the worry of a data holder on privacy disclosure is necessarily caused, so that the first key goal of the data sharing is to meet the requirement of the data holder on privacy protection, otherwise, the data holder can actively stop the data sharing due to privacy disclosure risk, and the service is terminated.
The privacy protection requirement of data sharing mainly comprises two parts, namely data privacy and business privacy. The protection requirement of the data privacy means that the privacy information contained in the data content must be ensured in the data sharing process, so that the privacy information cannot be abused by a partner due to data sharing, and the rights and interests of the corresponding data body are infringed. The protection requirement of the business privacy means that in the process of data sharing, the business privacy information of a data holder must be ensured, and the information cannot be acquired by a partner according to data circulation, so that the infringement of own business rights and interests is caused.
The privacy protection is a basic premise that the implementation of data sharing must meet, and the data sharing platform based on privacy calculation in the embodiment of the invention comprises a data application platform, wherein the data application platform is a supervised intermediate platform, and a general user institution cannot actively acquire data in the data application platform. The data application platform can realize sharability of data value without circulation of data content by utilizing a privacy computing technology.
The data application platform is internally provided with a plurality of privacy computing nodes, and each privacy computing node is in communication connection with different user institutions through respective computing interfaces.
Under different application scenarios, the user mechanisms are also different. In an e-commerce application scenario, the user mechanism may include an e-commerce platform mechanism, a logistics transportation mechanism, a platform merchant mechanism, a consumer mechanism, and the like. In a government application scenario, the user institutions may include institutions of various office organizations, enterprise institutions, third party organization institutions, natural people institutions, and the like.
It will be appreciated that each user entity has its own database for storing data for the entity, and that each user entity is communicatively coupled to its own database via its own data interface.
In the present embodiment, the user organization is only the owner of the data, and does not send the data to other user organizations, and does not perform the operation across organizations using the data, so as to prevent the data leakage. When the computing is performed, the computing task of the user mechanism is completed through privacy computing nodes corresponding to the user mechanism and distributed in the data application platform.
It should be noted that, the data application platform further includes a computing resource library, and the privacy computing node corresponding to the user mechanism is further configured to obtain computing resources from the computing resource library according to the computing task of the user mechanism, and perform configuration to meet the configuration required by the computing task.
The computing resource library includes computing hardware resources, business rights, computer module components including operator components, and the like. The data application platform can provide a calculation task creation operation taking the current privacy calculation node as an initiator, and after the calculation task initiated by the user mechanism is received, the corresponding privacy calculation node can acquire calculation resources from a calculation resource library in a visual configuration mode, and the creation of the calculation task is completed through the combination, connection and parameter configuration of the operator components.
On the basis, the visual display device can be used for providing display and management operation of the existing computing tasks of the current node, a user mechanism can check the computing tasks initiated and participated by the corresponding privacy computing nodes, can perform execution operation on the initiated computing tasks, and can check the computing execution records of the tasks.
The data application platform is used for providing service release operation of the computing task taking the current node as an initiator, and the user mechanism corresponding to the privacy computing node can release the executed and confirmed effective computing task as computing service and configure data required by the service.
In some embodiments, the data application platform further provides a call interface of the computing service, so that the call interface is used for other privacy computing nodes to call, and data results generated after the joint computation of the privacy computing nodes corresponding to the user institutions are obtained.
The data application platform is also used for providing visualized node hardware resource management operation, and the user mechanism corresponding to the privacy computing node can check the current resource condition and load condition of the node and can carry out the use restriction configuration of the resource. The data application platform is also used for providing visualized node task management operation, and the user mechanism corresponding to the privacy computing node can check the current computing task condition of the node and can adjust the execution state and the execution priority of the computing task.
The data application platform also provides authority management operation of external cooperative nodes, and a user mechanism corresponding to the privacy computing node can check and configure the computing authority and service authority of the current cooperative node, wherein the computing authority comprises whether a computing task can be initiated, whether the computing task can be used as a third party for cooperation, computing resource limitation and the like, and whether a service authority report can apply for data, the type of an authorization mechanism of the data application and the like.
For example, collaborative computing execution may also be implemented between different privacy computing nodes in the event that the computing tasks of a single privacy computing node are saturated. As shown in fig. 2, after the calculation task of the a privacy calculation node is created, the a privacy calculation node may initiate execution of the task, and other calculation tasks, such as the B privacy calculation node and the C privacy calculation node, participate in the calculation task, and cooperatively complete data calculation under the support of the privacy calculation protocol or the trusted execution environment, and return a calculation result to the a privacy calculation node.
In this embodiment, in order to improve data transmission efficiency and avoid the user mechanism from repeatedly sending the same data, the data application platform is further provided with a first target database.
The first target database stores first target data, wherein the first target data is data which is called by each privacy computing node for a total number of times exceeding a target number of times in a target historical time period.
It should be noted that, the target historical time period is a user-defined time period length, and may be set according to an actual application scenario. The target number of times may also be set according to the actual application scenario, which is not limited herein.
Because the privacy computing nodes are arranged in the data application platform, the data application platform can determine the number of times of using the data used by all the privacy computing nodes governed by the data application platform.
It is understood that the first target data stored in the first target database is data that is called by each privacy computing node for a total number of times exceeding a target number of times in a target history period, that is, data used by high frequencies.
The privacy computing node corresponding to the user mechanism is used for acquiring data from the first target database and/or the databases of the user mechanisms under the condition that the computing tasks of the user mechanisms are received, performing privacy computation on the data application platform, and sending the computation result to the user mechanism.
It can be understood that after receiving the computing task of the user mechanism, the privacy computing node corresponding to the user mechanism may determine the required data and the user mechanism to which the data belongs, and determine whether the required data is the first target data.
In some embodiments, the privacy computing node corresponding to the user mechanism is configured to determine, when receiving a computing task of the user mechanism, first target data and second target data required for the computing task; the first target data is stored in a first target database, and the second target data is stored in a database corresponding to the user mechanism and uploaded to the data application platform through the user mechanism.
It can be appreciated that the privacy computing node corresponding to the user institution may also obtain data uploaded by other user institutions from the corresponding databases, so as to implement scheduling and operation of data resources across institutions.
If the required data comprises the first target data, the first target data is directly called from the first target database, so that the data is prevented from being obtained from a user mechanism corresponding to the first target data, the data transmission flow and the data transmission resources are saved, and the data transmission efficiency is improved.
If the required data includes data that does not exist in the first target database, such as the second target data, the required data may be obtained from the database of the user entity to which the data corresponds.
If the required data comprises both the first target data and other data, acquiring the data from the first target database and the databases of all user institutions, performing privacy calculation on the data application platform, and sending the calculation result to the user institutions.
It can be understood that after the data required by the computing task is obtained, computing resources are configured for the privacy computing nodes arranged in the data application platform with high authority level, and the data required by the computing is obtained for operation, so that the data flow can be prevented from being transferred to the user mechanism, and the safety of the data is ensured.
On the basis, the first target database is established for storing the data used by high frequency, so that the data transmission resources can be effectively saved, and the data transmission efficiency is further improved. Furthermore, by setting the computing resource library, the configuration of computing resources can be conveniently carried out on the privacy computing nodes in the data application platform, so that the privacy computing nodes can meet the requirements of computing tasks.
According to the data sharing platform based on privacy calculation, which is provided by the embodiment of the invention, by setting the data application platform with high authority level and internally configuring the privacy calculation node corresponding to the user mechanism, the data resource of the calculation task can be ensured not to flow to the user mechanism, the privacy and the safety of the data are ensured, and the transmission cost of the first target data among different mechanisms is reduced by setting the first target database on the data application platform, and the privacy calculation node capable of configuring the calculation resource can also ensure the calculation requirement of the calculation task.
In some embodiments, the privacy computation based data sharing platform of embodiments of the present invention further comprises a blockchain platform.
The blockchain platform comprises a platform chain corresponding to the data application platform and a mechanism chain corresponding to each user mechanism respectively, and the platform chain and the mechanism chain can be developed based on a public chain. The data application platform can deploy a plurality of nodes on the corresponding mechanism chains respectively to realize the management inside the data application platform. The user mechanism can deploy a plurality of nodes on the mechanism chains corresponding to the user mechanism to realize the management inside the mechanism.
Of course, in other embodiments, the data application platform and the user entities may not belong to different nodes on the same blockchain, and may be deployed on a federated chain, for example.
It should be noted that the user mechanism includes a trusted user mechanism and a pending user mechanism. The trusted user institution is an institution with higher credit or an institution with supervision meeting certain conditions. The pending user institution is an institution where there is a risk of data leakage or data security.
For example, in a government scenario, the user entity corresponding to the government department may be a trusted user entity, while the user entity corresponding to the third party enterprise or the like is a pending user entity.
In this embodiment, when the computing task of the current privacy computing node needs to use the data in the database of the other user mechanism, the type of the user mechanism may be determined first.
When the user mechanism is a trusted user mechanism, the current privacy computing node can send request information for acquiring the second target data to the trusted user mechanism through the data application platform.
In this case, the data application platform receives second target data encrypted by the trusted user authority via the pre-stored first public key. The data application platform decrypts the second target data through the stored first private key corresponding to the first public key, and accordingly relevant calculation is conducted according to the second target data.
It should be noted that the first public key and the first private key are determined by an asymmetric encryption algorithm. Each trusted user authority has an independent set of first public and private keys with the data application platform. The first public key and the first private key are generated in advance and stored, and can be directly used in data transmission.
Because the trusted user organization has higher security, the key can be distributed to the trusted user organization in advance to encrypt the data transmission, so that the data transmission efficiency is improved, and the security of the data transmission is ensured.
When the user mechanism is a pending user mechanism, the current privacy computing node can send request information for acquiring second target data to the pending user mechanism through the data application platform.
After receiving the identity verification information sent by the mechanism chain corresponding to the user mechanism to be verified through the corresponding platform link, the data application platform can verify the identity verification information of the user mechanism to be verified, and under the condition that verification is passed, the second public key can be generated through the intelligent contract of the platform chain. On the basis, the platform chain sends the second public key to the mechanism chain corresponding to the to-be-checked user mechanism.
In this embodiment, the key used for encryption needs to be generated and transmitted with verification passed on the blockchain.
After receiving second target data encrypted by the user institution to be checked by using the second public key, the data application platform obtains a second private key corresponding to the second public key through a corresponding platform chain to decrypt the second target data, so that relevant calculation is carried out according to the second target data.
In other words, the mechanism link corresponding to the user mechanism to be checked receives the second public key sent by the platform chain corresponding to the data application platform, the user mechanism to be checked encrypts the second target data through the second public key and then uploads the encrypted second target data to the data application platform, and the data application platform decrypts the second target data through the second private key corresponding to the second public key generated by the corresponding platform chain.
In the embodiment, identity authenticity of the data sender can be further guaranteed by checking the identity of the user mechanism to be checked on the blockchain, the secret key is transmitted through the blockchain, but data is transmitted through the transmission channel between the data application platform and the user mechanism, so that the transmission of the secret key and the data in different channels is realized, and the safety of data transmission is improved.
In some embodiments, the data application platform uploads the data information of the acquired data to the platform chain for storage. The data information comprises data types, data sources, computing tasks corresponding to the data and user mechanisms corresponding to the initiating computing tasks. It will be appreciated that the data type may be a storage format of the data, a subject of the data content, etc., and the data source is a user entity to which the data belongs.
In this embodiment, the uplink storage is performed on the data information, so that specific information of the data can be counted, so that the data can be analyzed conveniently, and further, the data acquisition, transmission and storage modes can be optimized according to the analysis result.
In some embodiments, the data application platform further includes a second target database, and the data application platform stores data used by each computing task to the second target database when each computing task corresponding to each private computing node is completed.
It is understood that the second target database may be understood as a data cache for caching data of computing tasks that are related to the private computing node over a period of time.
However, for cost consideration, the second target database has limited cache space, and under the condition that the storage space of the second target database is used, the platform chain may count and analyze the uploaded data information, for example, the data which is called by each privacy computing node for a total number of times exceeding the target number of times in the target historical time period can be determined as new first target data according to the uploaded data information, and the first target data is migrated from the second target database to the first target database.
In this case, each time the storage space of the second target database is used, the platform chain performs statistical analysis on the data used in a period of time in the past, determines the first target data used at high frequency, stores the data in the first target database, and then empties the data in the second target database.
In the embodiment, the data in the first target database is updated, so that the data transmission resources are saved and the data transmission efficiency is improved.
The embodiment of the invention also provides a data sharing method based on privacy calculation, and the data sharing method based on privacy calculation of the embodiment of the invention is applied to the data sharing platform based on privacy calculation.
As shown in fig. 3, the data sharing method based on privacy calculation according to the embodiment of the present invention mainly includes step 310, step 320 and step 330.
In step 310, a computing task initiated by a user mechanism corresponding to the privacy computing node is received by the privacy computing node.
Step 320, based on the computing task, determining data required for the computing task and computing resources.
Step 330, in the case that the data required by the computing task includes the first target data, retrieving the first target data from the first target database; based on the computing resources required by the computing task, computing resources are obtained from a computing resource library and are configured at the privacy computing nodes corresponding to the computing task.
It can be appreciated that in the case where the data required for the computing task includes the first target data, the first target data may be directly retrieved from the first target database, without interaction and acquisition of the first target data by the user mechanism corresponding to the first target data, thereby saving data transmission flows and resources.
The privacy computing node corresponding to the user mechanism is further used for acquiring computing resources from a computing resource library according to the computing task of the user mechanism and configuring the computing resources so as to meet the configuration required by the computing task. The computing resource library includes computing hardware resources, business rights, computer module components including operator components, and the like.
It can be understood that after the data required by the computing task is obtained, computing resources are configured for the privacy computing nodes arranged in the data application platform with high authority level, and the data required by the computing is obtained for operation, so that the data flow can be prevented from being transferred to the user mechanism, and the safety of the data is ensured.
On the basis, the data used by high frequency is acquired from the first target database, so that the data transmission resources can be effectively saved, and the data transmission efficiency is further improved. Furthermore, by setting the computing resource library, the configuration of computing resources can be conveniently carried out on the privacy computing nodes in the data application platform, so that the privacy computing nodes can meet the requirements of computing tasks.
According to the data sharing method based on privacy calculation, the privacy calculation nodes corresponding to the user institutions are configured in the data application platform with high authority level, so that data resources of calculation tasks can not flow to the user institutions, the privacy and safety of the data are guaranteed, the first target data are directly acquired from the first target database, the transmission cost of the first target data among different institutions is reduced, and the privacy calculation nodes capable of configuring the calculation resources can meet the calculation requirements of the calculation tasks.
In some embodiments, after determining data required for a computing task based on the computing task, the privacy computing-based data sharing method of the embodiments of the present invention further includes: in the case where the data required for the computing task includes second target data, a type of the user institution to which the second target data belongs is determined.
The types of user institutions include trusted user institutions and pending user institutions. On this basis, the second target data is acquired from the user institution of the second target data based on the type of the user institution from which the second target data originated.
It can be understood that different data acquisition modes can be adopted for user mechanisms with different security levels, so that the data transmission efficiency and the data transmission security are ensured.
In some embodiments, the second target data is obtained from the user entity to which the second target data belongs based on the type of user entity from which the second target data pertains, including the following processes.
When the user entity is a trusted user entity, the request information for obtaining the second target data may be sent to the trusted user entity.
In this case, the trusted user authority may receive the second target data encrypted by the pre-stored first public key and decrypt the second target data by the stored first private key corresponding to the first public key, thereby performing the correlation calculation based on the second target data.
It should be noted that the first public key and the first private key are determined by an asymmetric encryption algorithm. Each trusted user authority has an independent set of first public and private keys with the data application platform. The first public key and the first private key are generated in advance and stored, and can be directly used in data transmission.
Because the trusted user organization has higher security, the key can be distributed to the trusted user organization in advance to encrypt the data transmission, so that the data transmission efficiency is improved, and the security of the data transmission is ensured.
In some embodiments, the second target data is obtained from the user entity to which the second target data belongs based on the type of user entity from which the second target data pertains, including the following processes.
When the user mechanism is determined to be a pending user mechanism, request information for acquiring the second target data may be sent to the pending user mechanism.
In this case, after the authentication information sent by the mechanism chain corresponding to the user mechanism to be checked is received through the corresponding platform link, the authentication information of the user mechanism to be checked can be verified, and in the case that the authentication is passed, the second public key can be generated through the intelligent contract of the platform link. On the basis, the platform chain sends the second public key to the mechanism chain corresponding to the to-be-checked user mechanism.
In this embodiment, the key used for encryption needs to be generated and transmitted with verification passed on the blockchain.
After receiving second target data encrypted by the user institution to be checked by using the second public key, the data application platform obtains a second private key corresponding to the second public key through a corresponding platform chain to decrypt the second target data, so that relevant calculation is carried out according to the second target data.
In other words, the mechanism link corresponding to the user mechanism to be checked receives the second public key sent by the platform chain corresponding to the data application platform, the user mechanism to be checked encrypts the second target data through the second public key and then uploads the encrypted second target data to the data application platform, and the data application platform decrypts the second target data through the second private key corresponding to the second public key generated by the corresponding platform chain.
In the embodiment, identity authenticity of the data sender can be further guaranteed by checking the identity of the user mechanism to be checked on the blockchain, the secret key is transmitted through the blockchain, but data is transmitted through the transmission channel between the data application platform and the user mechanism, so that the transmission of the secret key and the data in different channels is realized, and the safety of data transmission is improved.
In some embodiments, after determining data and computing resources required for a computing task based on the computing task, the privacy computing-based data sharing method of the embodiments of the present invention further includes the following processes: determining data and computing resources required by acquiring a computing task, and completing the computing task through a privacy computing node; uploading the data information of the acquired data to a platform chain for storage; the platform chain is a block chain corresponding to the data application platform; the data information comprises data types, data sources, computing tasks corresponding to the data and user mechanisms corresponding to the initiating computing tasks.
In this embodiment, the uplink storage is performed on the data information, so that specific information of the data can be counted, so that the data can be analyzed conveniently, and further, the data acquisition, transmission and storage modes can be optimized according to the analysis result.
Fig. 4 illustrates a physical schematic diagram of an electronic device, as shown in fig. 4, which may include: processor 410, communication interface (Communications Interface) 420, memory 430 and communication bus 440, wherein processor 410, communication interface 420 and memory 430 communicate with each other via communication bus 440. The processor 410 may invoke logic instructions in the memory 430 to perform a privacy calculation based data sharing method comprising: receiving a computing task initiated by a user mechanism corresponding to the privacy computing node through the privacy computing node; determining data required by a computing task and computing resources based on the computing task; in the case that the data required for the computing task includes first target data, retrieving the first target data from a first target database; based on the computing resources required by the computing task, computing resources are obtained from a computing resource library and are configured at the privacy computing nodes corresponding to the computing task.
Further, the logic instructions in the memory 430 described above may be implemented in the form of software functional units and may be stored in a computer-readable storage medium when sold or used as a stand-alone product. Based on this understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
In another aspect, the present invention also provides a computer program product, the computer program product comprising a computer program, the computer program being storable on a non-transitory computer readable storage medium, the computer program, when executed by a processor, being capable of performing the privacy calculation based data sharing method provided by the above methods, the method comprising: receiving a computing task initiated by a user mechanism corresponding to the privacy computing node through the privacy computing node; determining data required by a computing task and computing resources based on the computing task; in the case that the data required for the computing task includes first target data, retrieving the first target data from a first target database; based on the computing resources required by the computing task, computing resources are obtained from a computing resource library and are configured at the privacy computing nodes corresponding to the computing task.
In yet another aspect, the present invention also provides a non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, is implemented to perform the privacy calculation based data sharing method provided by the above methods, the method comprising: receiving a computing task initiated by a user mechanism corresponding to the privacy computing node through the privacy computing node; determining data required by a computing task and computing resources based on the computing task; in the case that the data required for the computing task includes first target data, retrieving the first target data from a first target database; based on the computing resources required by the computing task, computing resources are obtained from a computing resource library and are configured at the privacy computing nodes corresponding to the computing task.
The apparatus embodiments described above are merely illustrative, wherein the elements illustrated as separate elements may or may not be physically separate, and the elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
From the above description of the embodiments, it will be apparent to those skilled in the art that the embodiments may be implemented by means of software plus necessary general hardware platforms, or of course may be implemented by means of hardware. Based on this understanding, the foregoing technical solution may be embodied essentially or in a part contributing to the prior art in the form of a software product, which may be stored in a computer readable storage medium, such as ROM/RAM, a magnetic disk, an optical disk, etc., including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method described in the respective embodiments or some parts of the embodiments.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims (9)

1. A privacy computing-based data sharing platform, comprising:
the system comprises a data application platform, a plurality of privacy computing nodes and a plurality of user mechanisms, wherein the data application platform is internally provided with the privacy computing nodes, and each privacy computing node is in communication connection with the different user mechanisms through respective computing interfaces; each user mechanism is in communication connection with a respective database through a respective data interface;
the data application platform further comprises a first target database, wherein first target data are stored in the first target database, and the first target data are data which are called by each privacy computing node for a total number of times exceeding a target number of times in a target historical time period;
the privacy computing node corresponding to the user mechanism is used for acquiring data from the first target database and/or the database of each user mechanism to perform privacy computation on the data application platform under the condition that the computing task of the user mechanism is received, and sending a computing result to the user mechanism; the data application platform further comprises a computing resource library, and the privacy computing node corresponding to the user mechanism is further used for acquiring computing resources from the computing resource library according to the computing task of the user mechanism and configuring the computing resources so as to meet the configuration required by the computing task;
The privacy computing node corresponding to the user mechanism is used for determining the first target data and the second target data required by the computing task of the user mechanism under the condition that the computing task of the user mechanism is received; the first target data is stored in the first target database, and the second target data is stored in a database corresponding to the user mechanism and uploaded to the data application platform through the user mechanism.
2. The privacy computing-based data sharing platform of claim 1, further comprising:
the block chain platform comprises a platform chain corresponding to the data application platform and mechanism chains corresponding to user mechanisms respectively;
the user mechanism comprises a trusted user mechanism and a pending user mechanism; the trusted user mechanism encrypts second target data through a stored first public key and then uploads the encrypted second target data to the data application platform, and the data application platform decrypts the second target data through a stored first private key corresponding to the first public key; the mechanism chain corresponding to the to-be-inspected user mechanism receives a second public key sent by the platform chain corresponding to the data application platform, the to-be-inspected user mechanism encrypts second target data through the second public key and then uploads the encrypted second target data to the data application platform, and the data application platform decrypts the second target data through a second private key corresponding to the second public key, which is generated by the corresponding platform chain.
3. The privacy computation-based data sharing platform according to claim 2, wherein the data application platform uploads the data information of the acquired data to the platform chain for storage; the data information comprises a data type, a data source, a computing task corresponding to the data and a user mechanism corresponding to the initiating computing task.
4. The privacy-based computing data sharing platform of claim 3, wherein the data application platform further comprises a second target database; the data application platform stores data used by each computing task into the second target database under the condition that each computing task corresponding to each privacy computing node is completed;
and under the condition that the storage space of the second target database is used, the platform chain determines the data, which is called by each privacy computing node for a total number of times exceeding a target number of times, in the target historical time period as the new first target data according to the uploaded data information, and migrates the first target data from the second target database to the first target database.
5. A data sharing method based on privacy computation, which is applied to the data sharing platform based on privacy computation according to any one of claims 1 to 4, and comprises the following steps:
Receiving a computing task initiated by a user mechanism corresponding to a privacy computing node through the privacy computing node;
determining data and computing resources required by the computing task based on the computing task;
retrieving the first target data from a first target database in the case that the data required for the computing task includes the first target data; and based on the computing resources required by the computing task, acquiring the computing resources from a computing resource library and configuring the computing resources in the privacy computing nodes corresponding to the computing task.
6. The privacy-based computing-data sharing method of claim 5, wherein after the determining the data required for the computing task based on the computing task, the method further comprises:
determining the type of a user mechanism to which the second target data belongs in the case that the data required by the computing task comprises the second target data; the types of the user institutions comprise trusted user institutions and pending user institutions;
the second target data is obtained from the user mechanism to which the second target data belongs based on the type of the user mechanism from which the second target data originates.
7. The privacy-based computing data sharing method of claim 6, wherein the obtaining the second target data from the user entity to which the second target data belongs based on the type of the user entity from which the second target data originated comprises:
determining that the user institution of the second target data source is a trusted user institution;
transmitting request information for acquiring the second target data to the trusted user institution;
receiving the second target data encrypted by the trusted user authority through a pre-stored first public key;
decrypting the second target data by a stored first private key corresponding to the first public key.
8. The privacy-based computing data sharing method of claim 6, wherein the obtaining the second target data from the user entity to which the second target data belongs based on the type of the user entity from which the second target data originated comprises:
determining that the user mechanism of the second target data source is a pending user mechanism;
transmitting request information for acquiring the second target data to the to-be-examined user mechanism;
under the condition that the identity verification information sent by the mechanism chain corresponding to the user mechanism to be checked is received through the corresponding platform link and verification is passed, a second public key is generated through the platform chain and sent to the mechanism chain corresponding to the user mechanism to be checked;
And receiving the second target data encrypted by the pending user mechanism by using the second public key, and obtaining a second private key corresponding to the second public key through the platform chain to decrypt the second target data.
9. The privacy-based computing-data sharing method of claim 5, wherein after the determining data and computing resources required for the computing task based on the computing task, the method further comprises:
determining data and computing resources required by the computing task, and completing the computing task through the privacy computing node;
uploading the data information of the acquired data to a platform chain for storage; the platform chain is a block chain corresponding to the data application platform; the data information comprises a data type, a data source, a computing task corresponding to the data and a user mechanism corresponding to the initiating computing task.
CN202310342479.6A 2023-04-03 2023-04-03 Data sharing platform and method based on privacy calculation Active CN116049322B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310342479.6A CN116049322B (en) 2023-04-03 2023-04-03 Data sharing platform and method based on privacy calculation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310342479.6A CN116049322B (en) 2023-04-03 2023-04-03 Data sharing platform and method based on privacy calculation

Publications (2)

Publication Number Publication Date
CN116049322A CN116049322A (en) 2023-05-02
CN116049322B true CN116049322B (en) 2023-06-13

Family

ID=86127689

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310342479.6A Active CN116049322B (en) 2023-04-03 2023-04-03 Data sharing platform and method based on privacy calculation

Country Status (1)

Country Link
CN (1) CN116049322B (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114020841A (en) * 2021-11-03 2022-02-08 广州广电运通金融电子股份有限公司 Data sharing system, method, storage medium and equipment

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111047450A (en) * 2020-03-18 2020-04-21 支付宝(杭州)信息技术有限公司 Method and device for calculating down-link privacy of on-link data
CN111770200B (en) * 2020-08-31 2020-12-08 支付宝(杭州)信息技术有限公司 Information sharing method and system
CN115694949A (en) * 2022-10-26 2023-02-03 上海和数软件有限公司 Private data sharing method and system based on block chain

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114020841A (en) * 2021-11-03 2022-02-08 广州广电运通金融电子股份有限公司 Data sharing system, method, storage medium and equipment

Also Published As

Publication number Publication date
CN116049322A (en) 2023-05-02

Similar Documents

Publication Publication Date Title
US11836616B2 (en) Auditable privacy protection deep learning platform construction method based on block chain incentive mechanism
CN110535833B (en) Data sharing control method based on block chain
CN111600908B (en) Data processing method, system, computer device and readable storage medium
JP6234607B2 (en) Method and apparatus for verifying processed data
CN109274652B (en) Identity information verification system, method and device and computer storage medium
CN110881063B (en) Storage method, device, equipment and medium of private data
CN109067528B (en) Password operation method, work key creation method, password service platform and equipment
CN111292174A (en) Tax payment information processing method and device and computer readable storage medium
CN111881487A (en) Data application system and data application method based on block chain
CN108319857A (en) Trusted application adds unlocking method and system
CN114020841A (en) Data sharing system, method, storage medium and equipment
CN114500069A (en) Method and system for storing and sharing electronic contract
CN112765642A (en) Data processing method, data processing apparatus, electronic device, and medium
CN114239044A (en) Decentralized traceable shared access system
CN116502732B (en) Federal learning method and system based on trusted execution environment
CN117240625A (en) Tamper-resistant data processing method and device and electronic equipment
CN116049322B (en) Data sharing platform and method based on privacy calculation
KR102258064B1 (en) System and method for providing hybrid blockchain based aircraft control service
CN114897177A (en) Data modeling method and device, electronic equipment and storage medium
CN114239043A (en) Shared encryption storage system constructed based on block chain technology
CN113407931A (en) Password management method and device and input terminal
Hasimi Cost-effective solutions in cloud computing security
CN112199695A (en) Processing method and device for receivable financing, electronic device and storage medium
CN111861736A (en) Block chain-based government affair data processing method and device and computer equipment
CN113792890B (en) Model training method based on federal learning and related equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant