CN116827532A

CN116827532A - Boundary adjustment method and device for data security computation space operated by data elements

Info

Publication number: CN116827532A
Application number: CN202310802902.6A
Authority: CN
Inventors: 郑灏; 王爽; 孙琪; 王帅; 李帜
Original assignee: Hangzhou Weiwei Information Technology Co ltd
Current assignee: Hangzhou Weiwei Information Technology Co ltd
Priority date: 2023-06-30
Filing date: 2023-06-30
Publication date: 2023-09-29

Abstract

The embodiment of the invention relates to a boundary adjustment method and a device for a data security computation space operated by data elements, wherein the method comprises the following steps: acquiring a calculation task; outputting the computing task and the first connection authentication information to a first data source and a first computing node; outputting second network adjustment information to the first computing node so that the first computing node adjusts to within the boundary of the second data source at the beginning of the second period; and outputting the second connection authentication information to the second data source and the first computing node. By adopting the technical scheme, on one hand, the principle that the original data cannot go out of the domain is met through boundary adjustment, potential safety hazards of the data are avoided, and the safety of data calculation is improved; on the other hand, the effective boundary control is realized through a space and time multiplexing mode, and the flexibility of calculation deployment is improved while the safety of data calculation is improved.

Description

Boundary adjustment method and device for data security computation space operated by data elements

Technical Field

The embodiment of the invention relates to the technical field of secure computing, in particular to a boundary adjustment method and device for a data security computing space operated by data elements.

Background

The data element operation is that an owner of the data element digs through analysis of the data element to use data information hidden in massive data in a compliance form for a consumer. The existing data security computing scheme related to data element operation generally aggregates cloud service nodes into a computing space corresponding to a computing task. In the computation space, each computation node acquires data uploaded by each data source node (each data source node is not a node capable of performing computation), and performs computation. The corresponding computing scheme may include multiparty secure computing, federal learning, or setting up TEE environments for computing.

However, with the above-described calculation, the data is transmitted out of the local place where the data source is located, and the calculation space is relatively fixed, so that the flexibility of calculation is lacking.

Disclosure of Invention

Based on the above situation in the prior art, an object of the embodiments of the present invention is to provide a boundary adjustment method and apparatus for a data security computation space operated by data elements, which constructs a dynamically adjustable security computation space according to the needs of computation tasks, thereby improving the security and flexibility of data computation.

To achieve the above object, according to one aspect of the present invention, there is provided a boundary adjustment method of a data security computation space, applied to a server, the method comprising:

acquiring a calculation task, and determining at least a first safe calculation space and a first data source for calculation and a second safe calculation space and a second data source according to the calculation task; the first secure computing space includes a first computing node in a first period of time, and the second secure computing space includes a first computing node in a second period of time;

outputting a computing task and first connection authentication information to a first data source and a first computing node to establish intra-domain connection between the first data source and the first computing node, and enabling the first computing node to calculate by utilizing data of the first data source according to the computing task to obtain a first intermediate result;

outputting second network adjustment information to the first computing node so that the first computing node adjusts to within the boundary of the second data source at the beginning of the second period;

and outputting the second connection authentication information to the second data source and the first computing node so as to establish intra-domain connection between the second data source and the first computing node, and enabling the first computing node to calculate by utilizing the data of the second data source and the first intermediate result according to the calculation task to obtain a first calculation result.

Further, the first computing node is a common node, and the common node is located outside physical boundaries of all the data sources; the method further comprises the steps of:

the first network adjustment information is output to the first computing node such that the first computing node adjusts to within the boundary of the first data source at the beginning of the first period.

Further, the method further comprises:

receiving first end information sent by a first computing node, wherein the end information indicates that the computation of a first intermediate result is completed;

sending a first data clearing instruction to the first computing node according to the first ending information, so that the first computing node clears and verifies local data according to the first data clearing instruction;

the data to be cleared and verified comprises the original data of the first data source stored or cached in the first computing node, the intermediate data obtained by conversion according to the original data and the intermediate data obtained by calculation by adopting the original data.

Further, the method further comprises:

receiving second end information sent by a first computing node, wherein the end information indicates that the computation of a first computing result is completed;

sending a second data clearing instruction to the first computing node according to the second ending information, so that the first computing node clears and verifies the local data according to the second data clearing instruction;

The data to be cleared and verified comprises the original data of the second data source stored or cached in the first computing node, the intermediate data obtained by conversion according to the original data and the intermediate data obtained by calculation by adopting the original data.

Further, the method further comprises:

outputting third network adjustment information to the first computing node so that the first computing node adjusts to within the boundary of the third data source at the beginning of the third period;

outputting third connection authentication information to a third data source and a first computing node to establish intra-domain connection between the third data source and the first computing node, and enabling the first computing node to calculate by utilizing data of the third data source, a first intermediate result and a first computing result according to a computing task to obtain a second computing result;

wherein the first calculation result is an intermediate result.

Further, the method further comprises:

outputting fourth network adjustment information to the first computing node so that the first computing node adjusts to be within the boundary of the second computing node at the beginning of the fourth time period;

and outputting fourth connection authentication information to the first computing node and the second computing node so as to establish intra-domain connection between the second computing node and the first computing node, and enabling the first computing node to calculate with the second computing node according to the calculation task to obtain a third calculation result.

Further, the first network adjustment information includes network information to be adjusted, so that the first computing node adjusts the network of the first computing node and the network of the first data source to the same network in a target mode according to the first network adjustment information, and the first computing node is adjusted to be within the boundary of the first data source;

the second network adjustment information comprises network information to be adjusted, so that the first computing node adjusts the network of the first computing node and the network of the second data source to the same network in a target mode according to the second network adjustment information, and the first computing node is adjusted to be within the boundary of the second data source;

the third network adjustment information comprises network information to be adjusted, so that the first computing node adjusts the network of the first computing node and the network of the third data source to the same network in a target mode according to the third network adjustment information, and the first computing node is adjusted to be within the boundary of the third data source;

the fourth network adjustment information comprises network information to be adjusted, so that the first computing node adjusts the network of the first computing node and the network of the second computing node to the same network in a target mode according to the fourth network adjustment information, and the first computing node is adjusted to be within the boundary of the second computing node;

The target mode includes at least one of a mode of a software defined network, a mode of adjusting a gatekeeper, and a mode of adjusting a network switcher.

According to a second aspect of the present invention, there is provided a boundary adjustment method of a data security computation space, applied to a computation node, the computation node and a first data source being located in the same physical device, the method comprising:

receiving a calculation task and first connection authentication information sent by a server side, and establishing intra-domain connection with a first data source according to the first connection authentication information;

calculating according to the calculation task by utilizing the data of the first data source to obtain a first intermediate result;

receiving second network adjustment information sent by a server side, and adjusting the second network adjustment information to be within the boundary of a second data source at the beginning of a second period according to the second network adjustment information;

receiving second connection authentication information sent by a server side, and establishing intra-domain connection with a second data source according to the second connection authentication information;

calculating according to the calculation task by utilizing the data of the second data source and the first intermediate result to obtain a first calculation result;

wherein the compute node and the first data source belong to a first secure compute space in a first time period and the compute node and the second data source belong to a second secure compute space in a second time period.

Further, the calculating by using the data of the first data source to obtain a first intermediate result includes: in a trusted execution environment, loading data of a first data source and calculating by using the data to obtain a first intermediate result; data sealing and encrypting the first intermediate result and storing the first intermediate result;

the calculating by using the data of the second data source and the first intermediate result to obtain a first calculation result comprises the following steps: and in the trusted execution environment, loading the data of the second data source and calculating by using the data and the first intermediate result to obtain a first calculation result.

According to a third aspect of the present invention, there is provided a boundary adjustment method of a data security computation space, applied to a computation node, where the computation node is a common node, and the common node is located outside physical boundaries of all data sources, the method including:

receiving first network adjustment information sent by a server side, and adjusting the first network adjustment information to be within the boundary of a first data source at the beginning of a first period according to the first network adjustment information;

Further, the method further comprises:

and carrying out security audit on the received calculation task, carrying out hash on the audited calculation task, and sending the hashed calculation task to the server side so that the server side calculation node carries out hash check on the calculation task after obtaining the first calculation result.

Further, the method further comprises:

after a first intermediate result is obtained, clearing and verifying local data, wherein the cleared and verified data comprise original data of a first data source stored or cached in a first computing node, intermediate data obtained through conversion according to the original data and intermediate data obtained through calculation by adopting the original data;

After the first calculation result is obtained, the local data are cleared and verified, wherein the cleared and verified data comprise the original data of the second data source stored or cached in the first calculation node, the intermediate data obtained through conversion according to the original data and the intermediate data obtained through calculation by adopting the original data.

Further, the method further comprises:

after the first intermediate result is obtained, first end information is sent to the server side, so that the server side sends a first data clearing instruction according to the first end information;

the method comprises the steps of receiving a first data clearing instruction sent by a server side, clearing and verifying local data according to the first data clearing instruction, wherein the cleared and verified data comprise original data of a first data source stored or cached in a first computing node, intermediate data obtained through conversion of the original data and intermediate data obtained through calculation by adopting the original data;

after the first calculation result is obtained, second ending information is sent to the server side, so that the server side sends a second data clearing instruction according to the second ending information;

and receiving a second data clearing instruction sent by the server side, and clearing and verifying local data according to the second data clearing instruction, wherein the cleared and verified data comprise original data of a second data source stored or cached in the first computing node, intermediate data obtained by converting the original data and intermediate data obtained by computing by adopting the original data.

Further, the clearing the local data includes:

restarting the computing task or a server of the computing node; or alternatively, the process may be performed,

loading a mirror image of the computing task to restore the computing task, wherein the mirror image of the computing task is arranged at a server side;

the verification includes remote authentication by the server side.

According to a fourth aspect of the present invention, there is provided a boundary adjustment device for a data security computation space, applied to a server side, the device comprising:

the safe calculation space determining module is used for acquiring a calculation task and determining at least a first safe calculation space and a first data source, a second safe calculation space and a second data source for calculation according to the calculation task; the first secure computing space includes a first computing node in a first period of time, and the second secure computing space includes a first computing node in a second period of time;

the first connection module is used for outputting a calculation task and first connection authentication information to the first data source and the first calculation node so as to establish intra-domain connection between the first data source and the first calculation node, and enabling the first calculation node to calculate by utilizing the data of the first data source according to the calculation task to obtain a first intermediate result;

The network adjustment module outputs second network adjustment information to the first computing node so that the first computing node adjusts to be within the boundary of the second data source at the beginning of the second period;

the second connection module is used for outputting second connection authentication information to the second data source and the first computing node so as to establish intra-domain connection between the second data source and the first computing node, and enabling the first computing node to calculate according to the calculation task by utilizing the data of the second data source and the first intermediate result to obtain a first calculation result.

According to a fifth aspect of the present invention, there is provided a boundary adjustment method of a data security computation space, applied to a server, the method comprising:

outputting first network adjustment information to a first computing node, so that the first computing node is adjusted to be within the boundary of a first data source when a first period starts, and calculating by using the data of the first data source to obtain a first intermediate result;

outputting second network adjustment information to the first computing node, so that the first computing node is adjusted to be within the boundary of the second data source when the second period starts, and calculating by using the data of the second data source and the first intermediate result to obtain a first calculation result;

The first computing node is a common node, and the common node is located outside physical boundaries of all data sources.

Further, the method further comprises:

outputting third network adjustment information to the first computing node, so that the first computing node is adjusted to be within the boundary of the third data source when the third period starts, and calculating by using the data of the third data source, the first intermediate result and the first computing result to obtain a second computing result;

wherein the first calculation result is an intermediate result.

Further, the method further comprises:

and outputting fourth network adjustment information to the first computing node so that the first computing node is adjusted to be within the boundary of the second computing node at the beginning of the fourth time period, and calculating the first computing node and the second computing node to obtain a third computing result.

According to a sixth aspect of the present invention, there is provided a boundary adjustment method of a data security computation space, applied to a computation node, the computation node and a first data source being located in the same physical device, the method comprising: according to a preset network adjustment strategy,

establishing intra-domain connection with a first data source, and calculating by utilizing data of the first data source to obtain a first intermediate result;

Adjusting to within the boundary of the second data source at the beginning of the second period;

and establishing intra-domain connection with the second data source, and calculating by utilizing the data of the second data source and the first intermediate result to obtain a first calculation result.

In a seventh aspect of the present invention, a boundary adjustment method for a data security computation space is provided, where the boundary adjustment method is applied to a computation node, where the computation node is a common node, and the common node is located outside physical boundaries of all data sources, and the method includes: according to a preset network adjustment strategy,

from within the boundary of the first data source at the beginning of the first period;

Further, the method further comprises:

An eighth aspect of the present invention provides a boundary adjustment method of a data security computation space, applied to a computation node, where the computation node is a common node, and the common node is located outside physical boundaries of all data sources, and the method includes:

sealing the data of the first intermediate result, encrypting and storing the first intermediate result in a storage device in the computing node or an external storage device, and clearing other data except the stored data;

establishing intra-domain connection with a second data source, and calculating by utilizing the data of the second data source and a first intermediate result to obtain a first calculation result;

And sealing the data of the first calculation result, encrypting and storing the first calculation result into a storage device in the calculation node or an external storage device.

In summary, the embodiment of the present invention provides a method and an apparatus for adjusting a boundary of a data security computation space operated by a data element, where the method includes: acquiring a calculation task, and determining at least a first safe calculation space and a first data source for calculation and a second safe calculation space and a second data source according to the calculation task; outputting a computing task and first connection authentication information to a first data source and a first computing node to establish intra-domain connection between the first data source and the first computing node; outputting second network adjustment information to the first computing node so that the first computing node adjusts to within the boundary of the second data source at the beginning of the second period; and outputting second connection authentication information to the second data source and the first computing node to establish a intra-domain connection between the second data source and the first computing node. By adopting the technical scheme, on one hand, the principle that the original data cannot go out of the domain is met through boundary adjustment, potential safety hazards of the data are avoided, and the safety of data calculation is improved; on the other hand, the effective boundary control is realized through a space and time multiplexing mode, namely, at a certain moment, the shared computing elements or computing nodes are changed into exclusive sharing through the switching of the network boundary, and related original data and sensitive data are cleared after the moment is over, so that the security of data computing is improved, and meanwhile, the flexibility of computing deployment is improved.

Drawings

FIG. 1 is a flow chart of a method for adjusting boundaries of a data security computation space according to an embodiment of the present invention;

FIG. 2 is a flow chart of a method for adjusting boundaries of a data security computation space according to another embodiment of the present invention;

FIG. 3 is a flowchart of a method for adjusting boundaries of a data security computation space according to another embodiment of the present invention;

FIG. 4 is a schematic diagram 1 of network boundaries and data interactions between nodes according to an embodiment of the present invention;

FIG. 5 is a schematic diagram 2 of network boundaries and data interactions between nodes in accordance with an embodiment of the present invention;

fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.

Detailed Description

The objects, technical solutions and advantages of the present invention will become more apparent by the following detailed description of the present invention with reference to the accompanying drawings. It should be understood that the description is only illustrative and is not intended to limit the scope of the invention. In addition, in the following description, descriptions of well-known structures and techniques are omitted so as not to unnecessarily obscure the present invention.

It is to be noted that unless otherwise defined, technical or scientific terms used in one or more embodiments of the present invention should be taken in a general sense as understood by one of ordinary skill in the art to which the present invention belongs. The use of the terms "first," "second," and the like in one or more embodiments of the present invention does not denote any order, quantity, or importance, but rather the terms "first," "second," and the like are used to distinguish one element from another. The word "comprising" or "comprises", and the like, means that elements or items preceding the word are included in the element or item listed after the word and equivalents thereof, but does not exclude other elements or items. The terms "connected" or "connected," and the like, are not limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect.

The technical scheme of the invention is described in detail below with reference to the accompanying drawings. The embodiment of the invention provides a boundary adjustment method of a data security calculation space, which is applied to a server side, wherein the server side can be a supervisor for monitoring and managing a security calculation process. Embodiments of the present invention relate to a computing node that may be time-sliced during a computing process, and the same computing node may be partitioned into boundaries of different data sources during different time periods. For example, a calculation process related to a certain calculation task corresponds to a plurality of stages, and in a first stage, a first calculation node is divided into boundaries of a first data source, and after the calculation in the first stage is completed (i.e., the calculation of the data in the first data source is completed), the first calculation node is divided into boundaries of a second data source, and the calculation in the second stage is performed. A flowchart of a boundary adjustment method of a data security computation space provided in this embodiment is shown in fig. 1, and as shown in fig. 1, the method includes the following steps:

s102, acquiring a calculation task, and determining at least a first safe calculation space and a first data source, a second safe calculation space and a second data source for calculation according to the calculation task; the first secure computing space includes a first computing node during a first period of time and the second secure computing space includes a first computing node during a second period of time. The computing task may include hardware, platform and algorithm required for the present computation, and corresponding data requirements (or sources of data directly).

S104, outputting the calculation task and the first connection authentication information to the first data source and the first calculation node so as to establish intra-domain connection between the first data source and the first calculation node, and enabling the first calculation node to calculate by utilizing the data of the first data source according to the calculation task to obtain a first intermediate result. In this embodiment, the first computing node is located in the same physical device as the first data source, i.e. is located within the boundaries of the first data source itself, at which point the server side outputs the computing task and the first connection authentication information to the first data source and the first computing node to establish a intra-domain connection therebetween.

S106, outputting second network adjustment information to the first computing node so that the first computing node adjusts to be within the boundary of the second data source at the beginning of the second period. In the second period, the first computing node needs to calculate by adopting the data of the second data source, so that network adjustment is needed to the first computing node at the beginning of the second period, and the first computing node is adjusted to be within the boundary of the second data source at the beginning of the second period.

S108, outputting second connection authentication information to the second data source and the first computing node so as to establish intra-domain connection between the second data source and the first computing node, and enabling the first computing node to calculate by utilizing the data of the second data source and the first intermediate result according to the calculation task to obtain a first calculation result. In this embodiment, the first calculation result may be a final calculation result.

According to some alternative embodiments, the first computing node may be a common node, where the common node represents a computing node located outside the physical boundaries of all the data sources, so that, on the basis of the above embodiments, the first computing node needs to be adjusted to be within the boundaries of the first data source before outputting the computing task and the first connection authentication information to the first data source and the first computing node. The method further comprises the steps of:

s103, outputting first network adjustment information to the first computing node so that the first computing node adjusts to be within the boundary of the first data source at the beginning of the first period.

According to certain alternative embodiments, the method may further comprise the steps of:

s105, outputting third network adjustment information to the first computing node so that the first computing node adjusts to be within the boundary of the third data source at the beginning of the third period.

And S107, outputting third connection authentication information to the third data source and the first computing node so as to establish intra-domain connection between the third data source and the first computing node, and enabling the first computing node to calculate according to the calculation task by utilizing the data of the third data source, the first intermediate result and the first calculation result to obtain a second calculation result. The first calculation result is, for example, an intermediate result obtained by calculating by the first calculation node by using the first intermediate result and the data of the second data source.

and S109, outputting fourth network adjustment information to the first computing node so that the first computing node adjusts to be within the boundary of the second computing node at the beginning of the fourth time period.

S1011, outputting fourth connection authentication information to the first computing node and the second computing node so as to establish intra-domain connection between the second computing node and the first computing node, and enabling the first computing node to calculate with the second computing node according to the calculation task to obtain a third calculation result.

In the case that the secure computing may involve multiparty computing, the method according to the embodiment of the present invention may adjust the first computing node to be within the boundary of other computing nodes (for example, the second computing node) according to the need, so as to establish intra-domain connection with the other computing nodes and perform joint computing, which may improve the data security of the multiparty computing process.

The time periods involved in the embodiment of the present invention, such as the first time period, the second time period, the third time period and the fourth time period, may be started after responding to the instruction of the server side when the involved network is adjusted to be the first adjustment (i.e. no calculation is performed before adjustment), so as to start the calculation when the boundary adjustment is performed; when the network adjustment involved is not the first adjustment (i.e., the network adjustment has been performed and calculated prior to the adjustment), it may be determined that the data previously involved has been calculated and the period is entered after the data has been cleared and verified.

The network adjustment information related in the embodiment of the present invention includes network information to be adjusted, so that according to the corresponding network adjustment information, a computing node to be adjusted adjusts a network of the computing node and a network of a target computing node or a target data source to the same network (i.e., to within a boundary of the target computing node or the target data source) in a target manner. The target manner may include at least one of a manner of defining a network by software, a manner of adjusting a gatekeeper, and a manner of adjusting a network switcher.

The method according to the embodiment of the present invention is not limited to the above-mentioned network adjustment based on the first network adjustment information, the second network adjustment information, the third network adjustment information, and the fourth network adjustment information, and in the case that the calculation may involve using data of more data sources, or multiple times of calculation with other calculation nodes is required, the method may also perform network adjustment on the first calculation node multiple times to adjust to other data sources except the first data source, the second data source, and the third data source, or to the network boundaries of other calculation nodes except the second calculation node, as required, and perform multiple times of calculation.

The embodiment of the invention also provides a boundary adjusting method of the data security computation space, which is applied to the computation node and corresponds to the method executed by the server side. In this embodiment, the computing node is, for example, a computing node located on the same physical device as the first data source, the computing node and the first data source belonging to a first secure computing space during a first time period and the computing node and the second data source belonging to a second secure computing space during a second time period according to a computing task. A flowchart of a boundary adjustment method of a data security computation space provided in this embodiment is shown in fig. 2, and as shown in fig. 2, the method includes the following steps:

s202, receiving calculation tasks and first connection authentication information sent by a server side, and establishing intra-domain connection with a first data source according to the first connection authentication information.

S204, calculating according to the calculation task by utilizing the data of the first data source to obtain a first intermediate result. In this embodiment, since the computing node and the first data source are located in the same physical device, the computing node needs to adopt a Trusted Execution Environment (TEE) scheme to ensure that after the computing node is divided into boundaries of the second data source, the computing node receives data transmitted from the second data source and cannot be derived from the first data source physically connected to the computing node (so as to protect the data of the second data source). In the step, in a trusted execution environment, loading data of a first data source and calculating by using the data to obtain a first intermediate result; and data sealing and encrypting the first intermediate result and storing the first intermediate result.

S206, receiving second network adjustment information sent by the server side, and adjusting the second network adjustment information to be within the boundary of a second data source at the beginning of a second period according to the second network adjustment information.

S208, receiving second connection authentication information sent by the server side, and establishing intra-domain connection with a second data source according to the second connection authentication information.

And S210, calculating according to the calculation task by utilizing the data of the second data source and the first intermediate result to obtain a first calculation result. In the step, in a trusted execution environment, loading data of a second data source and calculating by using the data and a first intermediate result to obtain a first calculation result.

The embodiment of the invention also provides a boundary adjusting method of the data security computation space, which is applied to the computation node and corresponds to the method executed by the server side. In this embodiment, the computing nodes are for example common nodes, which represent computing nodes located outside the physical boundaries of all data sources, which computing nodes and first data sources belong to a first secure computing space during a first period of time and which computing nodes and second data sources belong to a second secure computing space during a second period of time, depending on the computing task. A flowchart of a boundary adjustment method of a data security computation space provided by this embodiment is shown in fig. 3, and as shown in fig. 3, the method includes the following steps:

S302, receiving first network adjustment information sent by a server side, and adjusting the first network adjustment information to be within the boundary of a first data source at the beginning of a first period according to the first network adjustment information.

S304, receiving the calculation task and the first connection authentication information sent by the server side, and establishing intra-domain connection with the first data source according to the first connection authentication information. In order to improve the security of calculation, the received calculation task can be subjected to security audit, so that the calculation task is ensured to have no problems of memory leakage, back door program and the like, the audited calculation task is hashed, and the hashed calculation task is sent to a server side, so that the server side calculation node obtains a first calculation result and then carries out hash check on the calculation task. A check may be made before each execution of the computing task to ensure that the computing task is not tampered with.

S306, calculating according to the calculation task by utilizing the data of the first data source to obtain a first intermediate result.

And S308, receiving second network adjustment information sent by the server side, and adjusting the second network adjustment information to be within the boundary of a second data source at the beginning of a second period according to the second network adjustment information.

S310, receiving second connection authentication information sent by the server side, and establishing intra-domain connection with a second data source according to the second connection authentication information.

S312, calculating according to the calculation task by utilizing the data of the second data source and the first intermediate result to obtain a first calculation result.

According to some alternative embodiments, after each calculation is completed (including calculation of the intermediate result and calculation of the first calculation result), data local to the calculation node needs to be cleared, and verification is performed after the clearing, so as to clear other original data and intermediate data except the intermediate result obtained by calculation, the first calculation result and the like, and prevent data of the data source from leaking. The process of clearing and verifying the computing node can be completed by the computing node (at this time, the computing node can adopt a trusted execution environment, preset processing logic in the trusted execution environment and process according to the processing logic), or can be completed by the server side issuing corresponding instructions (for example, after the computing node obtains the first intermediate result, the computing node uploads the end information to the server side, and the server side feeds back the corresponding instructions to complete the whole clearing process). The autonomously initiated purge process by the compute node may include the steps of:

and S42, after the first intermediate result is obtained, clearing and verifying the local data, wherein the cleared and verified data comprise the original data of the first data source stored or cached in the first computing node, the intermediate data obtained by converting the original data and the intermediate data obtained by computing by adopting the original data.

And S44, after the first calculation result is obtained, clearing and verifying the local data, wherein the cleared and verified data comprise the original data of the second data source, the intermediate data obtained through conversion according to the original data and the intermediate data obtained through calculation by adopting the original data.

The clearing process initiated by the server side feeding back the corresponding instruction may include the following steps:

and S62, after the first intermediate result is obtained, sending first end information to the server side so that the server side sends a first data clearing instruction according to the first end information.

S64, a first data clearing instruction sent by a server side is received, local data are cleared and verified according to the first data clearing instruction, and the cleared and verified data comprise original data of a first data source stored or cached in a first computing node, intermediate data obtained through conversion of the original data and intermediate data obtained through calculation by adopting the original data.

And S66, after the first calculation result is obtained, sending second ending information to the server side so that the server side sends a second data clearing instruction according to the second ending information.

And S68, receiving a second data clearing instruction sent by the server side, and clearing and verifying the local data according to the second data clearing instruction, wherein the cleared and verified data comprise the original data of the second data source, the intermediate data obtained by converting the original data and the intermediate data obtained by adopting the original data.

The data clearing can be completed by restarting the computing task or a server of the computing node; or restoring the computing task by loading the mirror image of the computing task, wherein the mirror image of the computing task is arranged at a server side; the verification after the clearing can be completed through remote verification of the server side, and the verification content is mainly to verify whether the computing node clears data including, but not limited to, the original data of the related data source, the intermediate data obtained through conversion according to the original data, the intermediate data obtained through calculation by adopting the original data and the like, namely all related data except the intermediate result obtained through calculation and the first calculation result. After all the data are calculated and the data are cleared, the server side can carry out hash check on the calculation task, the calculation node reenters the first stage after the calculation task passes through, and the previous flow is repeated.

The embodiment of the invention also provides a boundary adjustment method of the data security computation space, which is applied to a server side, wherein in the method of the embodiment, a first computation node is a public node, the public node is a computation node positioned outside physical boundaries of all data sources, and the method comprises the following steps:

S502, outputting first network adjustment information to a first computing node, so that the first computing node is adjusted to be within the boundary of a first data source at the beginning of a first period, and calculating by using the data of the first data source to obtain a first intermediate result.

S504, outputting second network adjustment information to the first computing node, so that the first computing node is adjusted to be within the boundary of the second data source when the second period starts, and calculating by using the data of the second data source and the first intermediate result to obtain a first calculation result. In this embodiment, only the data of the first data source and the second data source need be used for calculation, and the first calculation result is the final calculation result.

s506, outputting third network adjustment information to the first computing node, so that the first computing node adjusts to be within the boundary of the third data source at the beginning of the third period, and calculates by using the data of the third data source, the first intermediate result and the first computing result to obtain a second computing result. This embodiment is directed to the case where the data of the third data source is also required to be calculated, and therefore, after the first calculation result is obtained, network adjustment is also required to be performed again to adjust the first calculation node to within the boundary of the third data source at the start of the third period, and perform calculation. The first calculation result is an intermediate result, and the second calculation result is a final result.

s508, outputting fourth network adjustment information to the first computing node, so that the first computing node is adjusted to be within the boundary of the second computing node at the beginning of the fourth time period, and the first computing node and the second computing node are enabled to calculate to obtain a third computing result. This embodiment is directed to the case where the first computing node needs to perform computation with another computing node (for example, the second computing node), and therefore, after the first computing result or the second computing result is obtained, network adjustment needs to be performed again to adjust the first computing node to be within the boundary of the second computing node at the beginning of the fourth period, and perform computation, where the computation may use the first intermediate result, the first computing result, and/or the second computing result obtained by the previous several computations, and the computing result that may be already present in the second computing node. In this embodiment, the third calculation result is the final calculation result.

The embodiment of the invention also provides a boundary adjustment method of the data security computation space, which is applied to a computation node, wherein the computation node and a first data source are positioned in the same physical equipment, and the method comprises the following steps: according to a preset network adjustment strategy,

S702, establishing intra-domain connection with the first data source, and calculating by using the data of the first data source to obtain a first intermediate result.

S704, adjusting from within the boundary of the first data source to within the boundary of the second data source at the beginning of the second period.

S706, establishing intra-domain connection with the second data source, and calculating by using the data of the second data source and the first intermediate result to obtain a first calculation result.

s802, adjusting to be within the boundary of the first data source at the beginning of the first period.

S804, establishing intra-domain connection with the first data source, and calculating by utilizing the data of the first data source to obtain a first intermediate result;

s806, adjusting from within the boundary of the first data source to within the boundary of the second data source at the end of the first period and the beginning of the second period;

s808, establishing intra-domain connection with the second data source, and calculating by using the data of the second data source and the first intermediate result to obtain a first calculation result.

According to certain alternative embodiments, the method further comprises: after a first intermediate result is obtained, clearing and verifying local data, wherein the cleared and verified data comprise original data of a first data source stored or cached in a first computing node, intermediate data obtained through conversion according to the original data and intermediate data obtained through calculation by adopting the original data; after the first calculation result is obtained, the local data are cleared and verified, wherein the cleared and verified data comprise the original data of the second data source stored or cached in the first calculation node, the intermediate data obtained through conversion according to the original data and the intermediate data obtained through calculation by adopting the original data.

This embodiment of the present invention differs from the previous embodiments in that the computing node does not rely on the network adjustment policy issued by the server side for network adjustment, but rather performs network adjustment based on a preset network adjustment policy (which may be obtained in advance from the server side, the client side or other terminals that may issue the adjustment policy), upon arrival of a predetermined period of time and after obtaining the result of the previous computation.

The embodiment of the invention also provides a boundary adjustment method of the data security computation space, which is applied to the computation node, wherein the computation node is a public node, the public node is positioned outside the physical boundary of all data sources, and the method comprises the following steps:

s902, at the beginning of the first period, adjusting from within the boundary of the first data source.

S904, establishing intra-domain connection with the first data source, and calculating by using the data of the first data source to obtain a first intermediate result.

S906, data sealing is carried out on the first intermediate result, the first intermediate result is stored in storage equipment in the computing node or external storage equipment after being encrypted, and other data except the stored data are removed.

S908, adjusting from within the boundary of the first data source to within the boundary of the second data source at the end of the first period and the beginning of the second period.

S910, establishing intra-domain connection with the second data source, and calculating by using the data of the second data source and the first intermediate result to obtain a first calculation result.

S912, performing data sealing on the first calculation result, and storing the encrypted first calculation result into a storage device in the calculation node or an external storage device.

In the embodiment of the invention, when the intermediate result or the final calculation result data is obtained each time, the intermediate result or the final calculation result data is stored in the storage device in the calculation node or the external storage device after being encrypted, and other data except the stored data are cleared before the next calculation is started, so that the safety of the data is improved.

The embodiment of the invention also provides a boundary adjusting device of the data security computation space, which is applied to a server side and comprises:

The network adjustment module is used for outputting second network adjustment information to the first computing node so that the first computing node is adjusted to be within the boundary of the second data source at the beginning of the second period;

The specific procedure of each module in the boundary adjusting apparatus for a data security computation space provided in the above embodiment of the present invention to realize its function is the same as each step of the boundary adjusting method for a data security computation space provided in the above embodiment of the present invention, and thus, a repetitive description thereof will be omitted here.

Fig. 4 and fig. 5 are schematic diagrams illustrating network boundaries and data interactions between nodes in the boundary adjustment method of the data security computation space according to the embodiment of the present invention. As shown in fig. 4, the computing node a is located in the same physical device as the data source 1, and belongs to the same server within the same boundary. In the stage 1, a computing node A establishes intra-domain connection with a data source 1, exchanges data through the intra-domain connection and performs computation to obtain an intermediate result; in stage 2, after adjustment according to the network adjustment information sent by the server, the computing node a adjusts to the boundary of the data source 2, and performs intra-domain connection with the data source 2, exchanges data through intra-domain connection, and performs computation. As shown in fig. 5, computing node a is a common node that is not located in the same physical device as neither data source 1 nor data source 2. In the stage 1, a computing node A firstly needs to be adjusted to the boundary of a data source 1 according to network adjustment information, establishes intra-domain connection with the data source 1, exchanges data through the intra-domain connection and performs computation to obtain an intermediate result; in stage 2, the computing node a adjusts to the boundary of the data source 2 according to the network adjustment information sent by the server, performs intra-domain connection with the data source 2, exchanges data through intra-domain connection, and performs computation.

In the embodiment of the invention, an electronic device is further provided, and fig. 6 is a schematic structural diagram of the electronic device according to the embodiment of the invention. As shown in fig. 6, the electronic device 600 includes: one or more processors 5601 and memory 602; and computer program instructions stored in the memory 602, which when executed by the processor 601, cause the processor 601 to perform the boundary adjustment method of a data security computation space as in any of the embodiments described above. The processor 601 may be a Central Processing Unit (CPU) or other form of processing unit having data processing and/or instruction execution capabilities and may control other components in the electronic device to perform desired functions.

The memory 602 may include one or more computer program products, which may include various forms of computer-readable storage media, such as volatile memory and/or non-volatile memory. Volatile memory can include, for example, random Access Memory (RAM) and/or cache memory (cache) and the like. The non-volatile memory may include, for example, read Only Memory (ROM), hard disk, flash memory, and the like. One or more computer program instructions may be stored on a computer readable storage medium and the processor 601 may execute the program instructions to implement the steps in the boundary adjustment methods of the data security computation space of the various embodiments of the present invention above and/or other desired functions.

In some embodiments, the electronic device 600 may further include: input device 603 and output device 604, which are interconnected by a bus system and/or other form of connection mechanism (not shown in fig. 6). For example, when the electronic device is a stand-alone device, the input means 603 may be a communication network connector for receiving the acquired input signal from an external removable device. In addition, the input device 603 may also include, for example, a keyboard, a mouse, a microphone, and the like. The output device 604 may output various information to the outside, and may include, for example, a display, a speaker, a printer, a communication network, a remote output apparatus connected thereto, and the like.

In addition to the methods and apparatus described above, embodiments of the invention may also be a computer program product comprising computer program instructions which, when executed by a processor, cause the processor to perform the steps in the boundary adjustment method of a data security computation space of any of the embodiments described above.

The computer program product may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device, partly on a remote computing device, or entirely on the remote computing device or server.

Furthermore, embodiments of the present invention may also be a computer-readable storage medium having stored thereon computer program instructions which, when executed by a processor, cause the processor to perform steps in a method of boundary adjustment of a data security computation space of various embodiments of the present invention.

A computer readable storage medium may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. The readable storage medium may include, for example, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium would include the following: an electrical connection having one or more wires, a portable disk, a hard disk, random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.

It is to be appreciated that the processor in embodiments of the invention may be a central processing unit (Central Processing Unit, CPU), but may also be other general purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), off-the-shelf programmable gate arrays (Field Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.

In summary, the embodiment of the invention relates to a boundary adjustment method and device for a data security computation space operated by data elements, wherein the method comprises the following steps: acquiring a calculation task, and determining at least a first safe calculation space and a first data source for calculation and a second safe calculation space and a second data source according to the calculation task; outputting a computing task and first connection authentication information to a first data source and a first computing node to establish intra-domain connection between the first data source and the first computing node; outputting second network adjustment information to the first computing node so that the first computing node adjusts to within the boundary of the second data source at the beginning of the second period; and outputting second connection authentication information to the second data source and the first computing node to establish a intra-domain connection between the second data source and the first computing node. By adopting the technical scheme, on one hand, the principle that the original data cannot go out of the domain is met through boundary adjustment, potential safety hazards of the data are avoided, and the safety of data calculation is improved; on the other hand, the effective boundary control is realized through a space and time multiplexing mode, namely, at a certain moment, the shared computing elements or computing nodes are changed into exclusive sharing through the switching of the network boundary, and related original data and sensitive data are cleared after the moment is over, so that the security of data computing is improved, and meanwhile, the flexibility of computing deployment is improved.

It should be understood that the above discussion of any of the embodiments is exemplary only and is not intended to suggest that the scope of the invention (including the claims) is limited to these examples; combinations of features of the above embodiments or in different embodiments are also possible within the spirit of the invention, steps may be implemented in any order and there are many other variations of the different aspects of one or more embodiments of the invention described above which are not provided in detail for the sake of brevity. The above detailed description of the present invention is merely illustrative or explanatory of the principles of the invention and is not necessarily intended to limit the invention. Accordingly, any modification, equivalent replacement, improvement, etc. made without departing from the spirit and scope of the present invention should be included in the scope of the present invention. Furthermore, the appended claims are intended to cover all such changes and modifications that fall within the scope and boundary of the appended claims, or equivalents of such scope and boundary.

Claims

1. The boundary adjustment method of the data security computation space is characterized by being applied to a server side, and comprises the following steps:

2. The method of claim 1, wherein the first computing node is a common node that is located outside of physical boundaries of all of the data sources; the method further comprises the steps of:

3. The method according to claim 2, wherein the method further comprises:

4. The method according to claim 2, wherein the method further comprises:

5. The method according to claim 1, wherein the method further comprises:

wherein the first calculation result is an intermediate result.

6. The method according to claim 1, wherein the method further comprises:

7. The method according to any one of claims 3-6, wherein the first network adjustment information includes network information to be adjusted, so that the first computing node adjusts the network of the first computing node and the network of the first data source to the same network in a targeted manner according to the first network adjustment information, so that the first computing node is adjusted to be within the boundary of the first data source;

8. A method for adjusting boundaries of a data security computation space, the method being applied to a computation node, the computation node and a first data source being located in a same physical device, the method comprising:

9. The method of claim 8, wherein the computing using the data of the first data source to obtain the first intermediate result comprises: in a trusted execution environment, loading data of a first data source and calculating by using the data to obtain a first intermediate result; data sealing and encrypting the first intermediate result and storing the first intermediate result;

10. A boundary adjustment method for a data security computation space, applied to a computation node, where the computation node is a common node, and the common node is located outside physical boundaries of all data sources, the method comprising:

11. The method according to claim 10, wherein the method further comprises:

12. The method according to claim 10 or 11, characterized in that the method further comprises:

13. The method according to claim 10 or 11, characterized in that the method further comprises:

14. The method of claim 12 or 13, wherein the clearing of local data comprises:

the verification includes remote authentication by the server side.

15. A boundary adjustment device for a data security computation space, applied to a server, the device comprising:

16. The boundary adjustment method of the data security computation space is characterized by being applied to a server side, and comprises the following steps:

17. The method of claim 16, wherein the method further comprises:

wherein the first calculation result is an intermediate result.

18. The method of claim 16, wherein the method further comprises:

19. A method for adjusting boundaries of a data security computation space, the method being applied to a computation node, the computation node and a first data source being located in a same physical device, the method comprising: according to a preset network adjustment strategy,

20. A boundary adjustment method for a data security computation space, applied to a computation node, where the computation node is a common node, and the common node is located outside physical boundaries of all data sources, the method comprising: according to a preset network adjustment strategy,

21. The method of claim 20, wherein the method further comprises:

22. A boundary adjustment method for a data security computation space, applied to a computation node, where the computation node is a common node, and the common node is located outside physical boundaries of all data sources, the method comprising: