CN116432198A - Information processing method and electronic equipment - Google Patents

Information processing method and electronic equipment Download PDF

Info

Publication number
CN116432198A
CN116432198A CN202310161724.3A CN202310161724A CN116432198A CN 116432198 A CN116432198 A CN 116432198A CN 202310161724 A CN202310161724 A CN 202310161724A CN 116432198 A CN116432198 A CN 116432198A
Authority
CN
China
Prior art keywords
data
proxy module
processed
task
target
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310161724.3A
Other languages
Chinese (zh)
Inventor
杨四雄
朱光宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Lenovo Beijing Ltd
Original Assignee
Lenovo Beijing Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lenovo Beijing Ltd filed Critical Lenovo Beijing Ltd
Priority to CN202310161724.3A priority Critical patent/CN116432198A/en
Publication of CN116432198A publication Critical patent/CN116432198A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database

Abstract

The embodiment of the application discloses an information processing method, which comprises the following steps: acquiring first data in a first private data set corresponding to a first proxy module through the first proxy module; receiving first encrypted data sent by a second proxy module through the first proxy module; wherein the first encrypted data is generated by the second proxy module based on second data in a second private data set corresponding to the second proxy module; receiving a task to be processed sent by second electronic equipment through a first proxy module; and processing the first data and the first encrypted data based on the task to be processed through the first proxy module to obtain first target data, and sending the first target data to the second electronic equipment. The embodiment of the application also discloses electronic equipment.

Description

Information processing method and electronic equipment
Technical Field
The present invention relates to information processing technologies in the field of information processing, and in particular, to an information processing method and an electronic device.
Background
A private data set is a set used for data isolation and is only accessible to authorized organizations; when data summarization processing is performed across a plurality of private data sets, a service for exposing data needs to be developed on different private data sets, then a business system needs to be developed, the service on each private data set is called to acquire the data of each private data set, and then the acquired data of the plurality of private data sets are subjected to centralized processing; however, when data aggregation processing is performed across multiple private data sets in this manner, the process is complex and inefficient.
Disclosure of Invention
In order to solve the technical problems, it is desirable in the embodiments of the present application to provide an information processing method and an electronic device, which solve the problems of complex process and low efficiency when data summarizing is performed across multiple private data sets in the related art.
The technical scheme of the application is realized as follows:
an information processing method applied to a first electronic device, the method comprising:
acquiring first data in a first private data set corresponding to a first proxy module through the first proxy module;
receiving first encrypted data sent by a second proxy module through the first proxy module; wherein the first encrypted data is generated by the second proxy module based on second data in a second private data set corresponding to the second proxy module;
receiving a task to be processed sent by second electronic equipment through the first proxy module;
and processing the first data and the first encrypted data based on the task to be processed through the first proxy module to obtain first target data, and sending the first target data to the second electronic equipment.
In the above scheme, the first private data set and the second private data set can only be accessed by a module which grants access rights;
The first proxy module having access to the first private data set;
the second proxy module has access to the second private data set.
In the above solution, the obtaining, by the first proxy module, the first data in the first private data set corresponding to the first proxy module includes:
acquiring initial data in the first private data set through the first proxy module;
under the condition that the task to be processed sent by the second electronic equipment is received, monitoring the data volume of the first private data set through the first proxy module;
under the condition that the data quantity is not changed, determining that the initial data is the first data through the first proxy module;
under the condition that the data volume changes, acquiring current data in the first private data set through a first proxy module, and determining the current data as the first data.
In the above solution, the processing, by the first proxy module, the first data and the first encrypted data based on the task to be processed, to obtain first target data includes:
Processing the first data based on the task to be processed through the first proxy module to obtain processed first data;
determining target encryption sub-data which can be decrypted by the first proxy module from the first encryption data based on a target decryption strategy corresponding to the first proxy module through the first proxy module;
and processing the processed first data and the target encrypted sub-data based on the task to be processed through the first proxy module to obtain the first target data.
In the above solution, the determining, by the first proxy module, the target encrypted sub-data that can be decrypted by the first proxy module from the first encrypted data based on the target decryption policy corresponding to the first proxy module includes:
determining, by the first proxy module, a target encryption sub-policy that matches the target decryption policy from the encryption policies corresponding to the first encrypted data;
and determining the encryption sub-data corresponding to the target encryption sub-strategy from the first encryption data through the first proxy module to obtain the target encryption sub-data.
In the above solution, the processing, by the first proxy module, the processed first data and the encrypted sub-data based on the task to be processed, to obtain the first target data includes:
sending an acquisition request to second electronic equipment through the first proxy module; the acquisition request is used for acquiring a private key for decrypting the target encrypted sub-data; the acquisition request carries access attribute information corresponding to the first proxy module;
receiving, by the first proxy module, the private key sent by the second electronic device based on the acquisition request; the private key is generated based on the access attribute information, an access strategy for accessing the target encrypted sub-data and a master key corresponding to the second proxy module;
decrypting, by the first proxy module, the target encrypted sub-data based on the private key to obtain third data;
and processing the processed first data and the third data based on the task to be processed through the first proxy module to obtain the first target data.
In the above scheme, the method further comprises:
Encrypting fourth data determined based on the first data by the first proxy module to obtain second encrypted data;
sending the second encrypted data to at least one proxy module through the first proxy module; wherein the at least one proxy module comprises the second proxy module.
An information processing method applied to a second electronic device, the method comprising:
receiving a task to be processed;
respectively sending the task to be processed to a first proxy module and a second proxy module;
receiving first target data sent by the first proxy module based on the task to be processed; the first target data is generated by the first proxy module based on first encrypted data and first data in a first private data set corresponding to the first proxy module; the first encrypted data is generated by the second proxy module based on second data in a second private data set corresponding to the second proxy module;
and receiving second target data sent by the second agent module based on the task to be processed.
In the above scheme, the method includes:
Setting index information of the task to be processed;
determining task result data from the first target data and the second target data;
and carrying out association storage on the index information and the task result data.
An electronic device, the electronic device comprising: a processor, a memory, and a communication bus;
the communication bus is used for realizing communication connection between the processor and the memory;
the processor is configured to execute an information processing program in a memory to realize the steps of the information processing method according to any one of claims 1 to 7 or 8 to 9.
According to the information processing method and the electronic device, first data in a first private data set corresponding to a first proxy module is obtained through the first proxy module; receiving first encrypted data sent by a second proxy module through the first proxy module; wherein the first encrypted data is generated by the second proxy module based on second data in a second private data set corresponding to the second proxy module; receiving a task to be processed sent by second electronic equipment through the first proxy module; processing the first data and the first encrypted data based on the task to be processed through the first proxy module to obtain first target data, and sending the first target data to second electronic equipment; therefore, the first proxy module can acquire and process the data of the plurality of private data sets, service and business system for exposing the data do not need to be developed on different private data sets, the service on each private data set is called by the business system to acquire the data of each private data set, and then the collected data of the plurality of private data sets are processed, so that the process of acquiring the data across the private data sets is simplified, the complexity of acquiring the data across the private data sets is reduced, the processing efficiency of the data of the plurality of private data sets is improved, and the problems of complex process and low efficiency in the related art when the data across the plurality of private data sets is summarized are solved.
Drawings
Fig. 1 is a schematic flow chart of an information processing method according to an embodiment of the present application;
FIG. 2 is a schematic flow chart of another information processing method according to an embodiment of the present disclosure;
FIG. 3 is a flowchart of another information processing method according to an embodiment of the present disclosure;
FIG. 4 is a schematic workflow diagram of an information processing system according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of a first electronic device according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of a second electronic device according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application.
It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the present application.
The embodiment of the application provides an information processing method, which can be applied to a first electronic device, and is shown with reference to fig. 1, and the method comprises the following steps:
step 101, acquiring first data in a first private data set corresponding to a first proxy module through the first proxy module.
Wherein the first private data set is only accessible to the module granted access rights; the first proxy module has access to the first private data set.
In the embodiment of the application, the first electronic device may first create the first proxy module, and then register the access right of the first proxy module to access the first private data set; in the case that the first proxy module has access to the first private data set, the first data is acquired from the first private data set by the first proxy module.
The first electronic device may periodically obtain, by the first proxy module, first data from the first private data set; of course, the first electronic device may acquire the first data in the first private data set through the first proxy module after receiving the task to be processed. The first data may be all data in the first private data set, or may be part of data in the first private data set.
Wherein the first private data set may be a data set that Hyperledger fabric uses for data isolation, which is accessible only to authorized organizations; hyperledger fabric is a blockchain technology with higher activity of alliance chain communities in the blockchain and wider application.
Step 102, receiving, by the first proxy module, the first encrypted data sent by the second proxy module.
Wherein the first encrypted data is generated by the second proxy module based on second data in a second private data set corresponding to the second proxy module. The second agent module can only be accessed by the module granted access rights; the second proxy module has access to a second private data set.
In the embodiment of the application, the second proxy module may be created by the first electronic device or the third electronic device; the first electronic device or the third electronic device may register access rights of the second proxy module to access the second private data set in order to obtain the second data by accessing the second private data set through the second proxy module. The second data may be all data in the second private data set, or may be part of the data in the second private data set.
The second proxy module may process the second data based on the task to be processed after receiving the task to be processed, obtain processed second data, encrypt the processed second data to obtain first encrypted data, and send the first encrypted data to the first proxy module; of course, the second proxy module may also encrypt the second data after obtaining the second data, obtain the first encrypted data, and send the first encrypted data to the first proxy module. Thus, the first proxy module can acquire the first data in the first private data set and receive the first encrypted data generated based on the second data in the second private data set and sent by the second proxy module; the method and the device realize that the first proxy module corresponding to the first private data set is used for acquiring data across different private data sets, so that the service and the service system for exposing the data do not need to be developed on each private data set to acquire the data across different private data sets, the process of acquiring the data across different private data sets is simplified, and the efficiency of acquiring the data across different private data sets is improved.
It should be noted that the number of the second private data sets is plural; each second private data set uniquely corresponds to a second proxy module with access authority; the second proxy module may be all proxy modules except the first proxy module among the plurality of proxy modules; it may be a part of the plurality of proxy modules other than the first proxy module.
In one possible implementation manner, the third electronic device may first create the second proxy module, register the access right of the second proxy module to access the second private data set, obtain, by the second proxy module, the second data from the second private data set, encrypt the second data to obtain second encrypted data, and send the second encrypted data to the first proxy module when the second proxy module has the access right to access the second private data set.
Step 103, receiving a task to be processed sent by the second electronic device through the first proxy module.
In the embodiment of the application, the second electronic device may receive the task to be processed sent by the client, and forward the task to be processed to the target agent module; the target agent module comprises a first agent module and at least one second agent module.
In one possible implementation, the task to be processed may be a computing task or a data summarization task.
It should be noted that, step 103 may be performed before step 101 and step 102, or may be performed after step 101 and step 102; of course, it is also possible to perform step 101 and step 102 simultaneously. In the embodiment of the present application, the sequence between step 103 and steps 101 and 102 is not limited.
Step 104, processing the first data and the first encrypted data based on the task to be processed through the first proxy module to obtain first target data, and sending the first target data to the second electronic device.
In the embodiment of the application, the first encrypted data can be decrypted to obtain decrypted data, the first data is processed based on a task to be processed to obtain processed first data, and the processed first data and the decrypted data are processed again based on the task to be processed to obtain first target data. Therefore, the first proxy module can acquire and process the data of the plurality of private data sets, the process of acquiring the data across the private data sets is simplified, the complexity of acquiring the data across the private data sets is reduced, and the processing efficiency of the data of the plurality of private data sets is improved.
It should be noted that, the first proxy module may encrypt the acquired first data to obtain second encrypted data, and send the second encrypted data to the second proxy module; after receiving the task to be processed, processing the first data based on the task to be processed to obtain processed first data, encrypting the processed first data to obtain second encrypted data, and sending the second encrypted data to the second proxy module; therefore, the first proxy module is realized to share the acquired data in the first private data set to the second proxy module, so that the second proxy module processes the second data and the second encrypted data based on the received task to be processed, obtains second target data, and sends the second target data to the second electronic equipment; the second electronic device finally receives the first target data and the second target data, and can take the first target data or the second target data as task result data corresponding to the task to be processed, so that the problem that the task to be processed cannot be processed due to failure of a single agent module when the task is processed is avoided, and timeliness and safety of processing the task to be processed are ensured. The first proxy module and the second proxy module may be proxy modules corresponding to private data sets related to the task to be processed determined by the second electronic device.
In one possible implementation, the task to be processed may be a task to calculate revenue, the first data may be payroll data for enterprise a, and the second data may be stock data for enterprise a; the second encrypted data may be obtained by encrypting the second data by the second proxy module; when the first proxy module receives the task to be processed, the first proxy module may calculate the first data based on the task to be processed to obtain payroll income data, decrypt the received second encrypted data to obtain second data, process the second data based on the task to be processed to obtain stock income data, and then calculate the payroll income data and the stock income data to obtain income data (i.e. first target data) of the enterprise a, and send the income data of the enterprise a to the second electronic device.
According to the information processing method provided by the embodiment of the application, first data in a first private data set corresponding to a first proxy module is obtained through the first proxy module; receiving first encrypted data sent by a second proxy module through the first proxy module; wherein the first encrypted data is generated by the second proxy module based on second data in a second private data set corresponding to the second proxy module; receiving a task to be processed sent by second electronic equipment through a first proxy module; processing the first data and the first encrypted data based on the task to be processed through the first proxy module to obtain first target data, and sending the first target data to the second electronic equipment; therefore, the first proxy module can acquire and process the data of the plurality of private data sets, service and business system for exposing the data do not need to be developed on different private data sets, the service on each private data set is called by the business system to acquire the data of each private data set, and then the collected data of the plurality of private data sets are processed, so that the process of acquiring the data across the private data sets is simplified, the complexity of acquiring the data across the private data sets is reduced, the processing efficiency of the data of the plurality of private data sets is improved, and the problems of complex process and low efficiency in the related art when the data across the plurality of private data sets is summarized are solved.
Based on the foregoing embodiments, an embodiment of the present application provides an information processing method, applied to a second electronic device, with reference to fig. 2, including the following steps:
step 201, a task to be processed is received.
In the embodiment of the application, the task to be processed may be sent to the second electronic device by the user through the client.
In one possible implementation, the task to be processed may be a computing task.
Step 202, sending the task to be processed to the first proxy module and the second proxy module respectively.
In the embodiment of the application, the identification of the private data set related to the task to be processed can be determined based on the data type or the data identification carried in the task to be processed, and the proxy module corresponding to the private data set is determined based on the identification of the private data set; the proxy module corresponding to the private data set comprises a first proxy module and a second proxy module.
The first proxy module may be created by the first electronic device; the first proxy module having access to the first private data set; the second agent module may be created by the first electronic device or the third electronic device; the second proxy module has access to a second private data set.
Step 203, receiving first target data sent by the first proxy module based on the task to be processed.
The first target data is generated by a first proxy module in the first electronic device based on the first encrypted data and first data in a first private data set corresponding to the first proxy module; the first encrypted data is generated by the second proxy module based on second data in a second private data set corresponding to the second proxy module.
In the embodiment of the present application, the first proxy module on the first electronic device may process, based on the task to be processed, the first data in the first private data set corresponding to the first proxy module, so as to obtain the processed first data; the first proxy module can decrypt the first encrypted data to obtain decrypted data, process the processed first data and the decrypted data based on a task to be processed to obtain first target data, and then send the first target data to the second electronic equipment; the decrypted data may be second data, or may be data obtained by processing the second data based on a task to be processed.
And 204, receiving second target data sent by the second agent module based on the task to be processed.
In the embodiment of the application, the second proxy module on the third electronic device may process, based on the task to be processed, second data in the second private data set corresponding to the second proxy module, to obtain processed second data, and encrypt the processed second data to obtain first encrypted data; the second proxy module may further decrypt second encrypted data generated based on the first data in the first private data set and sent by the first proxy module to obtain decrypted data, then process the processed second data and the decrypted data based on a task to be processed to obtain second target data, and send the second target data to the second electronic device, so that the second electronic device may use the first target data or the second target data as task result data corresponding to the task to be processed.
The second electronic device finally receives the first target data and the second target data, and can take the first target data or the second target data as task result data corresponding to the task to be processed, so that the problem that the task to be processed cannot be processed due to failure of a single agent module when the task to be processed is avoided, and timeliness and safety of the task to be processed are guaranteed.
In addition, the second electronic equipment is not required to collect data on each private data set related to the task to be processed, and the collected data on the plurality of private data sets are processed to obtain task result data, but the task to be processed is processed through the proxy module corresponding to each private data set related to the task to be processed, so that the workload of the second electronic equipment is reduced, and the efficiency of processing the task to be processed is improved.
The information processing method provided by the embodiment of the application receives the task to be processed; respectively sending tasks to be processed to a first proxy module and a second proxy module; receiving first target data sent by a first proxy module based on a task to be processed; the first target data is generated by the first proxy module based on the first encrypted data and first data in a first private data set corresponding to the first proxy module; the first encrypted data is generated by the second proxy module based on second data in a second private data set corresponding to the second proxy module; receiving second target data sent by a second agent module based on a task to be processed; therefore, the first proxy module and the second proxy module can acquire and process the data of the plurality of private data sets, service and service systems for exposing the data do not need to be developed on different private data sets, the service on each private data set is called through the service systems to acquire the data of each private data set, and then the collected data of the plurality of private data sets is processed, so that the process of acquiring the data across the private data sets is simplified, the complexity of acquiring the data across the private data sets is reduced, the processing efficiency of the data of the plurality of private data sets is improved, and the problems of complex process and low efficiency when the data across the plurality of private data sets is summarized in the related technology are solved.
Further, the second electronic device can receive target data obtained after each proxy module processes the task to be processed only by sending the task to be processed to the proxy module corresponding to the private data set related to the task to be processed, the second electronic device is not required to acquire the data of each private data set for processing, the workload of the second electronic device is reduced, and the efficiency of processing the task to be processed is improved. Moreover, the tasks to be processed are processed through the plurality of proxy modules, so that the problem that the tasks to be processed cannot be processed due to faults when a single node processes the tasks to be processed is avoided, and the safety when the tasks to be processed are processed is improved.
Based on the foregoing embodiments, embodiments of the present application provide an information processing method, as shown with reference to fig. 3, including the steps of:
step 301, the second electronic device receives a task to be processed.
Step 302, the second electronic device sends the task to be processed to the first proxy module and the second proxy module respectively.
Step 303, the first electronic device receives, through the first proxy module, a task to be processed sent by the second electronic device.
Step 304, the first electronic device obtains, through the first proxy module, initial data in the first private data set.
It should be noted that, step 304 may be performed before step 303, or may be performed after step 303; of course, it is also possible that step 303 and step 304 are performed simultaneously. The sequence between step 303 and step 304 is not limited in this embodiment. Wherein step 303 is shown in fig. 3 prior to step 304; fig. 3 illustrates that the second agent module is located on the third electronic device.
In the embodiment of the application, the first electronic device may periodically obtain the data in the first private data set through the first proxy module, so as to obtain initial data; when new data is added in the first private data set, the added data can be synchronized to the first proxy module. The initial data may be all data in the first private data set at each acquisition, so as to achieve synchronization of the data in the first private data set into the first proxy module.
In step 305, the first electronic device monitors, through the first proxy module, the data amount of the first private data set, in the case of receiving the task to be processed sent by the second electronic device.
In this embodiment of the present application, in the case of receiving a task to be processed sent by the second electronic device, the first electronic device may scan, by using the first proxy module, a data amount of the first private data set to determine a current data amount of the first private data set, where, with respect to a data amount when the first proxy module obtains initial data at a latest time, there is a change. In this way, whether the data in the first private data set is increased or not is judged by detecting the data volume of the first private data set, so that the latest increased data in the first private data set can be synchronized to the first proxy module in time.
Step 306, under the condition that the data amount is not changed, the first electronic device determines that the initial data is the first data through the first proxy module.
In this embodiment of the present application, when it is determined that the current data amount of the first private data set does not change compared with the data amount of the first private data when the first proxy module acquires the initial data in the latest time, it indicates that no new data is added in the first private data set, and the initial data acquired by the first proxy module may be used as the first data.
Step 307, under the condition that the data amount changes, the first electronic device obtains the current data in the first private data set through the first proxy module, and determines that the current data is the first data.
In the embodiment of the application, under the condition that the current data volume of the first private data set is changed compared with the data volume of the first private data set when the first proxy module acquires the initial data in the latest time, the fact that new data is added in the first private data set is indicated, all the current data in the first private data set can be acquired again through the first proxy module, and the data is used as the first data; therefore, when the data is added into the first private data set, the data in the first private data set is synchronized to the first proxy module, synchronization of the first proxy module and the data in the first private data set is guaranteed, and after a task to be processed is received, the data acquired by the first proxy module can be processed in time based on the task to be processed, so that the efficiency of processing the task to be processed is improved.
Step 307, the first electronic device receives, through the first proxy module, the first encrypted data sent by the second proxy module.
Wherein the first encrypted data is generated by the second proxy module based on second data in a second private data set corresponding to the second proxy module;
step 308, the first electronic device processes, through the first proxy module, the first data based on the task to be processed, to obtain the processed first data.
In the embodiment of the application, the first data can be screened based on the task request information carried in the task to be processed to obtain screened data, and the screened data is processed based on the task to be processed to obtain processed first data; and the first data can be processed directly based on the task to be processed, so that the processed first data can be obtained. Wherein the task request information may include, but is not limited to, a time frame of data related to the task.
Step 309, the first electronic device determines, by using the first proxy module, target encrypted sub-data that can be decrypted by the first proxy module from the first encrypted data based on the target decryption policy corresponding to the first proxy module.
Wherein, the target decryption policy may be preset; the target decryption policy characterizes which proxy modules the first proxy module can decrypt send data and which encryption policy the first proxy module can decrypt encrypt data. The target decryption policy may also carry a data type of the data that can be decrypted. The target decryption policy may be access attribute information corresponding to the first proxy module, or may be information different from the access attribute information corresponding to the first proxy module.
In this embodiment of the present application, through the first proxy module, based on the identifier of the proxy module that can decrypt the first proxy module carried in the target decryption policy, when determining that the first proxy module can decrypt the data sent by the second proxy module, the multiple encrypted sub-data in the first encrypted data may be screened based on the target decryption policy, so as to obtain target encrypted sub-data that the first proxy module can specifically decrypt.
Step 309 may be implemented through steps a1 to a 2:
step a1, the first electronic device determines a target encryption sub-policy matched with a target decryption policy from encryption policies corresponding to the first encrypted data through the first proxy module.
In this embodiment of the present application, the first encrypted data includes a plurality of encrypted sub-data, where each encrypted sub-data corresponds to one encryption policy; when the first proxy module determines that the data sent by the second proxy module can be decrypted, the encryption policy matched with the target decryption policy can be determined based on matching of the target decryption policy and the encryption policies corresponding to the plurality of encryption sub-data in the second encrypted data, so as to obtain the target encryption sub-policy.
Step a2, the first electronic device determines the encrypted sub-data corresponding to the target encrypted sub-policy from the first encrypted data through the first proxy module, and obtains the target encrypted sub-data.
In the embodiment of the present application, the encrypted sub-data corresponding to the target encrypted sub-policy in the first encrypted data may be used as the target encrypted sub-data.
Step 310, the first electronic device processes, through the first proxy module, the processed first data and the target encrypted sub-data based on the task to be processed, to obtain first target data.
In the embodiment of the application, the target encrypted sub-data can be decrypted to obtain third data; wherein the third data may be second data; the third data may also be second proxy module, and the second data is processed based on the task to be processed to obtain processed second data.
In the case that the third data is the processed second data, the processed first data and third data can be processed based on the task to be processed to obtain first target data; when the third data is determined to be the second data, the second data may be processed based on the task to be processed to obtain the processed second data, and then the processed first data and the processed second data may be processed again based on the task to be processed to obtain the first target data.
It should be noted that step 310 may be implemented by steps b1 to b 4:
step b1, the first electronic device sends an acquisition request to the second electronic device through the first proxy module.
The acquisition request is used for acquiring a private key for decrypting the target encrypted sub-data; the access attribute information corresponding to the first proxy module is carried in the acquisition request. The access attribute information may include at least one of a data type in the first private data set corresponding to the first proxy module, identity information of the first proxy module, status information of the first proxy module, and the like. The access attribute information can be flexibly configured according to task request information carried in the task to be processed.
In this embodiment of the present application, the first proxy module may send an acquisition request for acquiring a private key for decrypting the target encrypted sub-data to the second electronic device, and the second electronic device may generate the private key based on the access attribute information in response to the acquisition request, and send the private key to the first proxy module of the first electronic device.
And b2, the first electronic equipment receives a private key sent by the second electronic equipment based on the acquisition request through the first proxy module.
The private key is generated based on the access attribute information, the access strategy for accessing the target encrypted sub-data and the master key corresponding to the second proxy module. Wherein the access policy for accessing the target encrypted sub-data may also be referred to as an access policy for accessing the third data.
In the embodiment of the application, when the second proxy module receives the task to be processed, the second proxy module may generate an access policy for accessing the target encrypted sub-data based on the task to be processed, and send the access policy to the second electronic device; wherein the access policy indicates which attribute information is in compliance with the rights to be able to decrypt the target encrypted sub-data. The second electronic device may generate a public key PK and a master key MK corresponding to the target encrypted sub-data (which may also be referred to as a public key PK and a master key MK corresponding to the second proxy module) based on the access policy of the target encrypted sub-data, and send the public key PK to the second proxy module, so that the second proxy module encrypts the third data according to the public key PK to obtain the target encrypted sub-data. Therefore, the security that the second agent module shares the third data to the first agent module is ensured, and the third data is prevented from being maliciously leaked and having security risks.
When the first proxy module sends an obtaining request for obtaining a private key for decrypting the target encrypted sub-data to the second electronic device, the second electronic device can match the access attribute information corresponding to the first proxy module with the attribute information in the access policy of the target encrypted sub-data, and when the attribute information in the access policy is matched with the access attribute information corresponding to the first proxy module, a private key for decrypting the target encrypted sub-data can be generated based on a master key MK corresponding to the target encrypted sub-data, and the private key is sent to the first proxy module, so that the first proxy module decrypts the target encrypted sub-data based on the private key to obtain third data.
And b3, the first electronic device decrypts the target encrypted sub-data based on the private key through the first proxy module to obtain third data.
Wherein the third data may be all or part of the second data; the second agent module may also be a data obtained by processing all or part of the second data based on the task to be processed, which may be referred to as processed second data.
And b4, the first electronic device processes the processed first data and third data through the first proxy module based on the task to be processed to obtain first target data.
In this embodiment of the present application, when the third data is the second data, the first proxy module may first process the third data based on the task to be processed to obtain the processed third data, and process the processed first data and the processed third data again based on the task to be processed to obtain the first target data.
When the third data is processed second data obtained by the second agent module after processing the second data based on the task to be processed, the first agent module can process the processed first data and the processed second data based on the task to be processed to obtain first target data. The first target data is used as task result data corresponding to the first proxy module, which is obtained after the first proxy module processes the task to be processed.
Step 311, the first electronic device sends, through the first proxy module, the first target data to the second electronic device.
In step 312, the first electronic device encrypts, through the first proxy module, the fourth data determined based on the first data to obtain second encrypted data.
In this embodiment of the present application, the first proxy module also needs to share the data acquired by the first proxy module to the second proxy module, and after receiving the task to be processed, the first proxy module may process the first data as fourth data based on the task to be processed or process the first data based on the task to be processed, and use the processed first data as fourth data. Of course, when the first proxy module does not receive the task to be processed, the fourth data obtained by screening from the first data may be used, or the first data may be used as the fourth data.
Specifically, an access policy for accessing the fourth data may be determined by the first proxy module and sent to the second electronic device, the second electronic device may generate a public key and a master key corresponding to the fourth data based on the second access policy and send the public key corresponding to the fourth data to the first proxy module, and the second proxy module may encrypt the fourth data based on the public key corresponding to the fourth data to obtain second encrypted data.
It should be noted that step 312 may be performed before step 303, and step 312 may be performed after step 303, or may be performed simultaneously with step 303.
Step 313, the first electronic device sends the second encrypted data to at least one proxy module through the first proxy module.
Wherein the at least one proxy module comprises a second proxy module.
It should be noted that at least one proxy module may be determined from a plurality of proxy modules based on a task to be processed; of course, the first proxy module may also share the second encrypted data to each of the other proxy modules before receiving the task to be processed.
In step 314, the second electronic device receives the first target data sent by the first proxy module based on the task to be processed.
The first target data is generated by the first proxy module based on the first encrypted data and first data in a first private data set corresponding to the first proxy module; the first encrypted data is generated by the second proxy module based on second data in a second private data set corresponding to the second proxy module.
Step 315, the second electronic device receives second target data sent by the second proxy module based on the task to be processed.
Based on the foregoing embodiment, in other embodiments of the present application, the information processing method may further include the steps of:
step 316, the second electronic device sets index information of the task to be processed.
In the embodiment of the application, the second electronic device may set index information of the task to be processed under the condition that the task to be processed is received; wherein, the index information can be flexibly set.
In one possible implementation, the index information may include the type of task to be processed and an identification number (Identity document, ID) of the task.
In step 317, the second electronic device determines task result data from the first target data and the second target data.
In the embodiment of the application, the first target data and the second target data can be screened to obtain the task result data.
In one possible implementation, a first time of receiving the first target data and a second time of receiving the second target data may be determined, and then data with earliest receiving time is determined from the first target data and the second target data as task result data; when the first time is earlier than the second time, the first target data can be used as task result data of the task to be processed; when the second time is earlier than the first time, the second target data can be used as task result data of the task to be processed.
And step 318, the second electronic device performs associated storage on the index information and the task result data.
In the embodiment of the application, the task result data and the index information can be associated, and the task result data and the index information can be stored.
In one possible implementation, the task result data and the index information may be stored in a local cache of the second electronic device after being associated.
Step 319, the second electronic device receives a query request of the client for the task to be processed.
Step 320, after obtaining the task result data corresponding to the task to be processed, the second electronic device sends the task result data to the client under the condition that the data volume of the first private data set and the data volume of the second private data set are unchanged.
In the embodiment of the present application, after task result data corresponding to a task to be processed is obtained, whether the data amount of the first private data set and the data amount of the second private data set change is monitored in real time or periodically, and if it is determined that the data amount of the first private data set and the data amount of the second private data set do not change, it is indicated that new data is not added in both the first private data set and the second private data set, and then the task result data may be sent to the client.
Step 321, after obtaining the first target data, the second electronic device sends the task to be processed to the first proxy module and the second proxy module under the condition that at least one of the data volume of the first private data set and the data volume of the second private data set is determined to be changed.
In this embodiment of the present application, after obtaining the first target data, when it is determined that at least one of the data amount of the first private data set and the data amount of the second private data set changes, it is indicated that new data is added in the first private data set and/or the second private data set, and at this time, a process flow of a task to be processed needs to be restarted, and the task to be processed is sent to the first proxy module and the second proxy module.
In step 322, the second electronic device receives the third target data sent by the first proxy module based on the task to be processed, and receives the fourth target data sent by the second proxy module based on the task to be processed.
In this embodiment of the present application, the second electronic device may receive third target data obtained after the first proxy module processes the task to be processed again, and receive fourth target data obtained after the second proxy module processes the task to be processed again.
It should be noted that, the process of determining the third target data by the first proxy module is similar to the process of determining the first target data, and the process of determining the fourth target data by the second proxy module is similar to the process of determining the second target data, which are not described herein.
Step 323, the second electronic device determines new task result data from the third target data and the fourth target data, and sends the new task result data to the client.
In the embodiment of the application, the second electronic device may screen the third target data and the fourth target data to obtain new task result data, update the stored task result data with the new task result data, and send the new task result data to the client.
Based on the foregoing embodiments, embodiments of the present application provide an information processing system, including a plurality of agent modules and a search engine; the plurality of agent modules comprise a first agent module and at least one second agent module; the first proxy module and the second proxy module may be both located in the first electronic device, or the first proxy module may be located in the first electronic device, and the second proxy module may be located in the third electronic device. The search engine is on the second electronic device. The agent module is responsible for synchronization and calculation (processing) of data of the private data set in the blockchain; the search engine provides services externally and also serves as a key generation center (key generating centre, KGC) and generates attribute encryption key pairs for data in the private dataset in the blockchain.
As shown in fig. 4, the private data set includes a first private data set and two second private data sets, the first private data set is denoted as collectionA, and the first proxy module corresponding to the first private data set is denoted as agent a; the two second private data sets are respectively marked as collectionB and collectionC, the second agent module corresponding to collectionB is marked as agentB, and the second agent module corresponding to collectionC is marked as agentC. The search engine is represented by a search engine. As shown in fig. 4, in the initialization stage, the agent corresponding to each collection needs to register blockchain authority and synchronize the account data of the blockchain; taking agent a as an example, the agent a needs to register access rights of accessing the collectionA, and when the agent a registers access rights of accessing the collectionA, data in the collectionA may be synchronized to the agent a. In the following description, the working process of the agent is taken as an example of the agent a, and the working processes of the agent b and the agent c are the same as those of the agent a, and specific reference may be made to the working process of the agent a.
after the agent initialization is completed, the search engine performs ciphertext policy attribute initialization for each agent, as shown in fig. 4, and performs ciphertext policy attribute initialization for agent a, so as to generate an initial access policy corresponding to agent a, and encrypt and share data, which is acquired by agent a and is irrelevant to a task to be processed, to other agents; when the agent receives a task to be processed sent by the search engine, initializing ciphertext policy attributes according to the task to be processed, generating an access policy corresponding to the task to be processed corresponding to the agent A, and sending the access policy to the search engine, so that the search engine generates a public key PK and a master key MK corresponding to the agent A based on the access policy, the search engine can send the public key PK to the agent A, so that the agent A can encrypt data (such as fourth data) to be shared by the agent A to the agent B and the agent C by adopting the public key PK to obtain second encrypted data, and then send the second encrypted data to the agent B and the agent C, so that the agent B and the agent C can obtain a private key for decrypting the second encrypted data, and decrypt the second encrypted data to obtain fourth data; similarly, the agent A also receives the first encrypted data sent by the agent B and the agent C respectively, and decrypts the first encrypted data; therefore, the agent A can acquire the data in the collectionnA, acquire the data in the collectionB and the collectionC after decrypting the first encrypted data, so that the process of acquiring the data across different collections is simplified, the agent A can process the acquired data in different collections based on the task to be processed after receiving the task to be processed to acquire the first target data, the acquired data in the multiple collections are not required to be transmitted to a search engine, the search engine processes the data based on the task to be processed, the workload of the search engine is reduced, and the efficiency of processing the task to be processed is improved.
It should be noted that, the agent b and the agent c also have the capability of collecting data of different collections, so that the agent b and the agent c can also process the collected data of different collections based on the task to be processed and send the processing results to the search engine respectively, that is, the search engine can receive the processing results of processing the task to be processed sent by agentA, agentB and the agent c respectively, so that the problem that the task to be processed cannot be processed due to abnormality of a single node when the task to be processed is avoided, and the security when the task to be processed is improved. The task to be processed carries an identifier of the proxy module related to the task, and according to the identifier, it can be determined which proxy modules the task to be processed is sent to. When sharing data, the proxy module can encrypt and share the data in the collection acquired by itself to other proxy modules based on the task to be processed, or can directly encrypt and share the data in the collection acquired by itself to other proxy modules without considering whether the task to be processed is received.
It should be noted that, taking an agent a as an example, when the agent a needs to decrypt the first encrypted data sent by the agent b, the agent a may provide the access attribute information corresponding to the agent a to the KGC, so that the KGC may match the access attribute with the attribute information in the access policy corresponding to the agent b, and when the access attribute matches with the attribute information in the access policy corresponding to the agent b, a private key for decrypting the first encrypted data may be generated based on the master key MK corresponding to the agent b, and the KGC may send the private key to the agent a, and the agent a may decrypt the first encrypted data using the private key. After receiving the task to be processed, the agent b may generate an access policy corresponding to the agent b based on the task type, submit the access policy corresponding to the agent b to KGC, and the KGC may generate a public key PK and a master key MK corresponding to the agent b based on the access policy corresponding to the agent b. The access policy corresponding to each agent includes a plurality of attribute information, such as identity attribute of the agent itself, identity attribute of other agents, status information of other agents, data type, and the like; thus, each agent divides different authority subsets by setting different access strategies, so that the authority range of the blockchain data access is limited when the fabric cross-collection retrieval is allowed.
When the search engine initiates a task to be processed, an index key value can be set, and the index key value can be flexibly set as a combined key value, such as a task type and a task ID, and after the calculation task is completed, task result data and the index key value are associated and stored in a local cache.
In addition, when the agent A receives a new task B to be processed, when the new task B to be processed is determined to be matched with or similar to the historical task A, the access strategy generated by the agent A based on the historical task A is used as the access strategy corresponding to the new task B to be processed. When it is determined that the new task B to be processed does not match or is dissimilar to the historical task a, then agent a needs to generate an access policy corresponding to the new task B to be processed based on the new task B to be processed. For the agent A, in order to relieve the pressure of the agent A and improve the retrieval efficiency, the process of acquiring the data of the collectionA by the agent A is divided into two processes, wherein when a task to be processed is received, the agent A automatically scans the data volume of the collectionA, and when the data volume of the collectionA is determined to change, the data in the collectionA is synchronized to the agent A; the other is to flexibly set a data refresh time interval, periodically scan the data volume of collectionA, and synchronize the data of collectionA into agent a when the data volume of collectionA changes.
It should be noted that, the search engine also needs to set the expiration time of the index information, and when the stored task result data is determined to be expired based on the expiration time, the index engine will automatically delete the index information and the task result data corresponding to the index information; after deleting, if a new task to be processed exists, an index is needed to be created and sent to the corresponding proxy module for processing.
The information processing method provided by the embodiment of the application can effectively solve the pain point of the target collection real-time query. Meanwhile, the access strategy is flexibly set by utilizing attribute encryption, and data can be acquired dynamically in a cross-collection manner; based on the self-defined index information, the data query mechanism is dynamically refreshed (namely, task result data are updated and timeliness of the task result data is guaranteed), so that cross collection retrieval efficiency can be effectively improved.
It should be noted that, in this embodiment, the descriptions of the same steps and the same content as those in other embodiments may refer to the descriptions in other embodiments, and are not repeated here.
According to the information processing method provided by the embodiment of the application, the first proxy module and the second proxy module can both obtain the data of the plurality of private data sets and process the obtained data of the plurality of private data sets, the service for exposing the data and the service system are not required to be developed on different private data sets, the service on each private data set is called by the service system to obtain the data of each private data set, and then the collected data of the plurality of private data sets are processed, so that the process of obtaining the data across the private data sets is simplified, the complexity of obtaining the data across the private data sets is reduced, the processing efficiency of the data of the plurality of private data sets is improved, and the problems of complex process and low efficiency in the process of summarizing the data across the plurality of private data sets in the related technology are solved.
Further, the second electronic device can receive target data obtained after each proxy module processes the task to be processed only by sending the task to be processed to the proxy module corresponding to the private data set related to the task to be processed, the second electronic device is not required to acquire the data of each private data set for processing, the workload of the second electronic device is reduced, and the efficiency of processing the task to be processed is improved. Moreover, the tasks to be processed are processed through the plurality of proxy modules, so that the problem that the tasks to be processed cannot be processed due to faults when a single node processes the tasks to be processed is avoided, and the safety when the tasks to be processed are processed is improved.
Based on the foregoing embodiments, embodiments of the present application provide an electronic device including a first electronic device, where the first electronic device may be applied to the information processing method provided in the corresponding embodiments of fig. 1 and 3, and referring to fig. 5, the first electronic device 4 includes a first processor 41, a first memory 42, and a first communication bus 43, where:
the first communication bus 43 is used to implement a communication connection between the first processor 41 and the first memory 42;
the first processor 41 is configured to execute an information processing program in the first memory 42 to implement the steps of:
Acquiring first data in a first private data set corresponding to a first proxy module through the first proxy module;
receiving first encrypted data sent by a second proxy module through the first proxy module; wherein the first encrypted data is generated by the second proxy module based on second data in a second private data set corresponding to the second proxy module;
receiving a task to be processed sent by second electronic equipment through a first proxy module;
and processing the first data and the first encrypted data based on the task to be processed through the first proxy module to obtain first target data, and sending the first target data to the second electronic equipment.
In other embodiments of the present application, the first private data set and the second private data set are only accessible to the module that grants access rights;
the first proxy module having access to the first private data set;
the second proxy module has access to a second private data set.
In other embodiments of the present application, the first processor 41 is configured to execute the information processing program in the first memory 42, and obtain, by using the first proxy module, first data in the first private data set corresponding to the first proxy module, so as to implement the following steps:
Acquiring initial data in a first private data set through a first proxy module;
under the condition that a task to be processed sent by the second electronic equipment is received, monitoring the data volume of the first private data set through the first proxy module;
under the condition that the data quantity is not changed, determining that the initial data is first data through a first proxy module;
under the condition that the data volume is changed, the current data in the first private data set is obtained through the first proxy module, and the current data is determined to be the first data.
In other embodiments of the present application, the first processor 41 is configured to execute the information processing program in the first memory 42, and process the first data and the first encrypted data based on the task to be processed by using the first proxy module, so as to obtain first target data, so as to implement the following steps:
processing the first data based on the task to be processed through a first proxy module to obtain the processed first data;
determining target encryption sub-data which can be decrypted by the first proxy module from the first encryption data based on a target decryption strategy corresponding to the first proxy module through the first proxy module;
and processing the processed first data and the target encrypted sub-data based on the task to be processed through the first proxy module to obtain first target data.
In other embodiments of the present application, the first processor 41 is configured to execute the information processing program in the first memory 42, and determine, by the first proxy module, target encrypted sub-data that can be decrypted by the first proxy module from the first encrypted data based on the target decryption policy corresponding to the first proxy module, so as to implement the following steps:
determining a target encryption sub-strategy matched with a target decryption strategy from encryption strategies corresponding to the first encrypted data through a first proxy module;
and determining the encryption sub-data corresponding to the target encryption sub-strategy from the first encryption data through the first proxy module to obtain the target encryption sub-data.
In other embodiments of the present application, the first processor 41 is configured to execute the first proxy module of the information processing program in the first memory 42, process the processed first data and the encrypted sub-data based on the task to be processed, so as to obtain the first target data, so as to implement the following steps:
sending an acquisition request to the second electronic equipment through the first proxy module; the acquisition request is used for acquiring a private key for decrypting the target encrypted sub-data; the acquisition request carries access attribute information corresponding to the first proxy module;
Receiving a private key sent by the second electronic equipment based on the acquisition request through the first proxy module; the private key is generated based on the access attribute information, the access strategy for accessing the target encrypted sub-data and the master key corresponding to the second proxy module;
decrypting the target encrypted sub-data based on the private key through the first proxy module to obtain third data;
and processing the processed first data and third data based on the task to be processed through the first proxy module to obtain first target data.
In other embodiments of the present application, the first processor 41 is configured to execute an information processing program in the first memory 42 to implement the following steps:
encrypting fourth data determined based on the first data by the first proxy module to obtain second encrypted data;
sending the second encrypted data to at least one proxy module through the first proxy module; wherein the at least one proxy module comprises a second proxy module.
It should be noted that, in the embodiment, the specific implementation process of the step executed by the first processor may refer to the implementation process in the information processing method provided in the embodiment corresponding to fig. 1 and fig. 3, which is not described herein again.
According to the first electronic device provided by the embodiment of the application, the data of the private data sets can be obtained through the first proxy module, the obtained data of the private data sets can be processed, the service and the service system for exposing the data do not need to be developed on different private data sets, the service on each private data set is called through the service system to obtain the data of each private data set, then the collected data of the private data sets are processed, the process of obtaining the data across the private data sets is simplified, the complexity of obtaining the data across the private data sets is reduced, the processing efficiency of the data of the private data sets is improved, and the problems of complex process and low efficiency in the process of summarizing the data across the private data sets in the related technology are solved.
Based on the foregoing embodiments, embodiments of the present application provide an electronic device including a second electronic device, where the second electronic device is applied to the information processing method provided in the corresponding embodiment of fig. 2 to 3, and referring to fig. 6, the second electronic device 5 may include: a second processor 51, a second memory 52 and a second communication bus 53, wherein:
The second communication bus 53 is used to implement a communication connection between the second processor 51 and the second memory 52;
the second processor 51 is configured to execute an information processing program in the second memory 52 to implement the steps of:
receiving a task to be processed;
respectively sending tasks to be processed to a first proxy module and a second proxy module;
receiving first target data sent by a first proxy module based on a task to be processed; the first target data is generated by the first proxy module based on the first encrypted data and first data in a first private data set corresponding to the first proxy module; the first encrypted data is generated by the second proxy module based on second data in a second private data set corresponding to the second proxy module;
and receiving second target data sent by the second agent module based on the task to be processed.
In other embodiments of the present application, the second processor 51 is configured to execute an information processing program in the second memory 52 to implement the following steps:
setting index information of a task to be processed;
determining task result data from the first target data and the second target data;
and carrying out associated storage on the index information and the task result data.
It should be noted that, in the embodiment, the specific implementation process of the step executed by the second processor may refer to the implementation process in the information processing method provided in the embodiment corresponding to fig. 2 to 3, which is not described herein again.
According to the second electronic device provided by the embodiment of the application, the first proxy module and the second proxy module can both obtain the data of the plurality of private data sets and process the obtained data of the plurality of private data sets, service and service systems for exposing the data do not need to be developed on different private data sets, the service on each private data set is called through the service systems to obtain the data of each private data set, and then the collected data of the plurality of private data sets are processed, so that the process of obtaining the data across the private data sets is simplified, the complexity of obtaining the data across the private data sets is reduced, the processing efficiency of the data of the plurality of private data sets is improved, and the problems of complex process and low efficiency when the data is summarized across the plurality of private data sets in the related technology are solved. Further, the second electronic device can receive target data obtained after each proxy module processes the task to be processed only by sending the task to be processed to the proxy module corresponding to the private data set related to the task to be processed, the second electronic device is not required to acquire the data of each private data set for processing, the workload of the second electronic device is reduced, and the efficiency of processing the task to be processed is improved. Moreover, the tasks to be processed are processed through the plurality of proxy modules, so that the problem that the tasks to be processed cannot be processed due to faults when a single node processes the tasks to be processed is avoided, and the safety when the tasks to be processed are processed is improved.
Based on the foregoing embodiments, embodiments of the present application provide a computer-readable storage medium storing one or more programs executable by one or more processors to implement the steps of the information processing method provided by the corresponding embodiments (fig. 1 and 3) or (fig. 2 to 3).
The computer readable storage medium may be a Read Only Memory (ROM), a programmable Read Only Memory (Programmable Read-Only Memory, PROM), an erasable programmable Read Only Memory (Erasable Programmable Read-Only Memory, EPROM), an electrically erasable programmable Read Only Memory (Electrically Erasable Programmable Read-Only Memory, EEPROM), a magnetic random access Memory (Ferromagnetic Random Access Memory, FRAM), a Flash Memory (Flash Memory), a magnetic surface Memory, an optical disk, or a compact disk Read Only Memory (Compact Disc Read-Only Memory, CD-ROM), or the like; but may be various electronic devices such as mobile phones, computers, tablet devices, personal digital assistants, etc., that include one or any combination of the above-mentioned memories.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The foregoing embodiment numbers of the present application are merely for describing, and do not represent advantages or disadvantages of the embodiments.
From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment method may be implemented by means of software plus a necessary general hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk), comprising several instructions for causing a terminal device (which may be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) to perform the method described in the embodiments of the present application.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The foregoing description is only of the preferred embodiments of the present application, and is not intended to limit the scope of the claims, and all equivalent structures or equivalent processes using the descriptions and drawings of the present application, or direct or indirect application in other related technical fields are included in the scope of the claims of the present application.

Claims (10)

1. An information processing method, wherein the method is applied to a first electronic device, the method comprising:
acquiring first data in a first private data set corresponding to a first proxy module through the first proxy module;
receiving first encrypted data sent by a second proxy module through the first proxy module; wherein the first encrypted data is generated by the second proxy module based on second data in a second private data set corresponding to the second proxy module;
receiving a task to be processed sent by second electronic equipment through the first proxy module;
and processing the first data and the first encrypted data based on the task to be processed through the first proxy module to obtain first target data, and sending the first target data to the second electronic equipment.
2. The method of claim 1, wherein,
the first private data set and the second private data set are only accessible by the module granted access rights;
the first proxy module having access to the first private data set;
the second proxy module has access to the second private data set.
3. The method of claim 1, wherein the obtaining, by the first proxy module, the first data in the first private data set corresponding to the first proxy module comprises:
acquiring initial data in the first private data set through the first proxy module;
under the condition that the task to be processed sent by the second electronic equipment is received, monitoring the data volume of the first private data set through the first proxy module;
under the condition that the data quantity is not changed, determining that the initial data is the first data through the first proxy module;
under the condition that the data volume changes, acquiring current data in the first private data set through a first proxy module, and determining the current data as the first data.
4. The method of claim 1, wherein the processing, by the first proxy module, the first data and the first encrypted data based on the task to be processed, to obtain first target data includes:
processing the first data based on the task to be processed through the first proxy module to obtain processed first data;
Determining target encryption sub-data which can be decrypted by the first proxy module from the first encryption data based on a target decryption strategy corresponding to the first proxy module through the first proxy module;
and processing the processed first data and the target encrypted sub-data based on the task to be processed through the first proxy module to obtain the first target data.
5. The method of claim 4, wherein the determining, by the first proxy module, the target encrypted sub-data that can be decrypted by the first proxy module from the first encrypted data based on the target decryption policy corresponding to the first proxy module, includes:
determining, by the first proxy module, a target encryption sub-policy that matches the target decryption policy from the encryption policies corresponding to the first encrypted data;
and determining the encryption sub-data corresponding to the target encryption sub-strategy from the first encryption data through the first proxy module to obtain the target encryption sub-data.
6. The method of claim 4, wherein the processing, by the first proxy module, the processed first data and the encrypted sub-data based on the task to be processed to obtain the first target data includes:
Sending an acquisition request to second electronic equipment through the first proxy module; the acquisition request is used for acquiring a private key for decrypting the target encrypted sub-data; the acquisition request carries access attribute information corresponding to the first proxy module;
receiving, by the first proxy module, the private key sent by the second electronic device based on the acquisition request; the private key is generated based on the access attribute information, an access strategy for accessing the target encrypted sub-data and a master key corresponding to the second proxy module;
decrypting, by the first proxy module, the target encrypted sub-data based on the private key to obtain third data;
and processing the processed first data and the third data based on the task to be processed through the first proxy module to obtain the first target data.
7. The method of claim 1, wherein the method further comprises:
encrypting fourth data determined based on the first data by the first proxy module to obtain second encrypted data;
sending the second encrypted data to at least one proxy module through the first proxy module; wherein the at least one proxy module comprises the second proxy module.
8. An information processing method, wherein the method is applied to a second electronic device, the method comprising:
receiving a task to be processed;
respectively sending the task to be processed to a first proxy module and a second proxy module;
receiving first target data sent by the first proxy module based on the task to be processed; the first target data is generated by the first proxy module based on first encrypted data and first data in a first private data set corresponding to the first proxy module; the first encrypted data is generated by the second proxy module based on second data in a second private data set corresponding to the second proxy module;
and receiving second target data sent by the second agent module based on the task to be processed.
9. The method of claim 8, wherein the method comprises:
setting index information of the task to be processed;
determining task result data from the first target data and the second target data;
and carrying out association storage on the index information and the task result data.
10. An electronic device, the electronic device comprising: a processor, a memory, and a communication bus;
The communication bus is used for realizing communication connection between the processor and the memory;
the processor is configured to execute an information processing program in a memory to realize the steps of the information processing method according to any one of claims 1 to 7 or 8 to 9.
CN202310161724.3A 2023-02-23 2023-02-23 Information processing method and electronic equipment Pending CN116432198A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310161724.3A CN116432198A (en) 2023-02-23 2023-02-23 Information processing method and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310161724.3A CN116432198A (en) 2023-02-23 2023-02-23 Information processing method and electronic equipment

Publications (1)

Publication Number Publication Date
CN116432198A true CN116432198A (en) 2023-07-14

Family

ID=87087982

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310161724.3A Pending CN116432198A (en) 2023-02-23 2023-02-23 Information processing method and electronic equipment

Country Status (1)

Country Link
CN (1) CN116432198A (en)

Similar Documents

Publication Publication Date Title
CN108123800B (en) Key management method, key management device, computer equipment and storage medium
US11582040B2 (en) Permissions from entities to access information
US20180316501A1 (en) Token-based secure data management
CN111930851B (en) Control data processing method, device, medium and electronic equipment of block chain network
CN107948152B (en) Information storage method, information acquisition method, information storage device, information acquisition device and information acquisition equipment
EP3688634A2 (en) System and method for implementing a resolver service for decentralized identifiers
EP3780483A1 (en) Cryptographic operation method, method for creating work key, and cryptographic service platform and device
US11025415B2 (en) Cryptographic operation method, method for creating working key, cryptographic service platform, and cryptographic service device
CN111556120A (en) Data processing method and device based on block chain, storage medium and equipment
US10887085B2 (en) System and method for controlling usage of cryptographic keys
CN109347839B (en) Centralized password management method and device, electronic equipment and computer storage medium
US11601258B2 (en) Selector derived encryption systems and methods
CN113259382B (en) Data transmission method, device, equipment and storage medium
CN112651001A (en) Access request authentication method, device, equipment and readable storage medium
CN111880919A (en) Data scheduling method, system and computer equipment
CN116527709A (en) Electronic medical record safe sharing system and method combining quantum key and blockchain
CN115296794A (en) Key management method and device based on block chain
US6968373B1 (en) System, computer program, and method for network resource inventory
Almutairi et al. Survey of centralized and decentralized access control models in cloud computing
Onica et al. Efficient key updates through subscription re-encryption for privacy-preserving publish/subscribe
CN114239044A (en) Decentralized traceable shared access system
CN113438293A (en) Service system, method, device and storage medium based on block chain
CN111917711A (en) Data access method and device, computer equipment and storage medium
CN116432198A (en) Information processing method and electronic equipment
EP3975015B9 (en) Applet package sending method and device and computer readable medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination