RU2722538C1 - Computer-implemented method of processing information on objects, using combined calculations and methods of analyzing data - Google Patents

Abstract

FIELD: computer equipment.

SUBSTANCE: invention relates to the computer equipment. Computer-implemented method of processing information on objects using methods of combined calculations and methods of analyzing data includes steps of: one or more systems participating in joint calculations using a common computing algorithm, synchronizing object identifiers, synchronizing nomenclatures of attributes of objects, common computing algorithm is used, performing operations on attributes of objects, the result of which is a list of identifiers of target objects, which is transmitted to the operator system, which can perform operations on one or more objects from a list of target object identifiers; received list identifier is transmitted to the customer system, the system-customer is enabled to perform actions with objects, list of which is in system-operator by means of identifier of said list, wherein system-customer does not have information on content of said list.

EFFECT: providing safe processing of information on objects using methods of confidential joint calculations to exclude disclosure of results of calculations by participating systems.

20 cl, 5 dwg

Description

The present invention relates to the field of computing, in particular, to a method for processing data using confidential joint computing methods (or "secure multiparty computation", the term is given in English, since there is currently no established translation of this term into Russian) and data analysis methods.

A solution is known from the prior art that describes the use of a confidential computing protocol, which allows several participants on a single platform to interact with each other to make calculations that depend on the confidential input of each of them, so that no participant can get any information about someone else's secret input ( US 20170048208 A1, publ. 02.16.2017).

However, the above solution does not exclude a direct exchange of object identifiers between the participating systems of joint computing, which does not allow the disclosure of the results of calculations by the participating systems in terms of the properties and characteristics of the result obtained.

In addition, the prior art system is known for teaching machine learning models on data residing on different computers using a common computing scheme without exchanging personalized data. The known system uses a secure multiparty computation (MPC) protocol (WO 2018174873 Al, publ. 09/27/2018).

However, the above solution does not allow to ensure the security of the calculation result transmitted to the operator system, in terms of the use by the operator system of the result obtained for purposes that do not correspond to the task set for the operator system. The above solution also lacks the ability to synchronize the identifiers and nomenclature of objects.

A distributed system for executing machine learning models and a method for teaching machine learning models are known in the art. The system contains many computing devices, and each computing device can record and save data and perform operations on the flow of such data, while computing on the data stream is described by one or more oriented acyclic graphs (international application WO 2019042200 A1, publ. 08/22/2018 )

However, the above solution does not use the protocols of confidential calculations, but is based on the separation of data by training the model on different devices used in the calculations, each device thus gaining access to its own set of source data. The method implies the use of only one type of model, namely, based on oriented acyclic graphs, which does not allow the use of other types of implementation of algorithms. The above solution also does not allow to ensure the security of the calculation result transmitted to the operator system, in terms of the use by the operator system of the result obtained for purposes that do not correspond to the task set for the operator system.

The closest analogue to the claimed technical solution is a method for confidentially calculating the number of occurrences of a token from the provided set of tokens into one or more sets of records containing sets of tokens. (US 20160019394 Al, publ. 21.01.2016). The above solution can be used to create a safe recommender system in which the initial data, that is, data sets containing tokens, are not transmitted to either side of the calculations, while preserving data confidentiality.

Moreover, not a single known technical solution discloses all the features of the claimed technical solution, since in particular, none of the above technical solutions uses the method of sharing knowledge about the purpose of the calculation result, the identifier of the calculation results and the content of the calculation results, while maintaining confidentiality source data of data exchange participating systems using confidential joint computing methods.

The technical problem to which the claimed technical solution is directed is to create a computer-implemented method for processing information about objects using confidential joint computing methods and data analysis methods, which are described in the independent claim.

The technical result achieved from the implementation of the present invention is to provide secure processing of information about objects using confidential joint computing methods and machine learning methods using end-to-end identification of objects and using an operator system to exclude disclosure of calculation results by participating systems in terms of properties and characteristics of the obtained result of calculations. This allows several participating systems to perform joint calculations, depending on the input data of each of them, so that no participant can get any information about other people's input data and properties and characteristics of the resulting set of object identifiers and, at the same time, ensure the safety of the calculation result transferred to the operator system, in terms of the use by the operator system of the result obtained for purposes that do not correspond to the task set for the operator system in the framework of the general computational task.

In a preferred embodiment of the technical solution, a computer-implemented method for processing information about objects using confidential joint computing methods and data analysis methods, comprising the steps of:

a) one or more systems involved in confidential joint computing using a common computational algorithm synchronize the identifiers of objects;

b) one or more systems involved in confidential joint computing synchronize the nomenclatures of attributes of objects;

c) one or more systems involved in confidential joint computing use a common computational algorithm that performs operations on attributes of objects, the result of which is a list of identifiers of target objects;

f) the list of identifiers of target objects is transmitted to one of the systems involved in confidential joint computing, which is the operator system and can perform operations on one or more objects from the list of identifiers of target objects.

g) the identifier of the received list of identifiers of target objects is transmitted to the customer system in such a way that the customer system is able to perform actions with objects whose list is in the operator system using the identifier of this list, while the customer system does not have information about the contents of this list .

Objects can be any objects of the material world, any living creatures, more specifically people, as well as identifiers and groups of objects.

Identifiers can be a sequence of characters, bits, graphics, audio information, and biometric data.

Participating systems synchronize the identifiers of objects so that all participating systems participating in confidential joint calculations identify data related to the same object, regardless of which participant systems store information about this object.

Participating systems synchronize the parameters of the attribute nomenclature with the participation of one of the participating systems or an external system as the organizing system of the process of synchronization of the attribute nomenclature.

Participating systems participating in joint calculations use a common nomenclature of object attributes in such a way that each participating system contains a single catalog of object attribute names for all participating systems.

To perform computational algorithms in joint computing, participating systems use a computer program that executes the code of the computational algorithm.

To execute computational algorithms within the computational circuit of the participating systems, the participating programs are given a computer program for auditing and controlled execution of the computer program by the participating system within their information space.

The participating systems use various techniques for working with data in digital form as computational algorithms in joint computing, including machine learning models.

Participating systems use a common catalog of computational algorithms.

Based on the training samples provided by the participating systems, computational algorithms are created for use in joint computing.

Participating systems pass on the attributes of selected objects to the participating system, which is the organizing system for creating computational algorithms.

Based on the training samples provided by the participating systems, computational algorithms are created that use the methods of mathematical statistics and probability theory, numerical methods, optimization methods, and others used in the development of computational algorithms for use in joint computing.

Next, the implementation of the invention will be described in accordance with the accompanying drawings, which are presented to explain the essence of the invention and in no way limit the scope of the invention. The following drawings are attached to the application:

FIG. 1 illustrates a computer-implemented method for processing information about objects, including for communication tasks;

FIG. 2 illustrates an example of a general circuit of a computer device;

FIG. 3 illustrates a computer-implemented method for processing information about objects using an example of its implementation for communication purposes;

FIG. 4 illustrates a computer-implemented method for processing information about objects on the example of the work of the customs service;

FIG. 5. illustrates a computer-implemented method for processing information about objects on the example of operations with a computer or software

In the following detailed description of the implementation of the invention, numerous implementation details are provided to provide a clear understanding of the present invention. However, to a person skilled in the art, it will be apparent how the present invention can be used, both with and without implementation details. In other instances, well-known methods, procedures, and components have not been described in detail so as not to obscure the understanding of the features of the present invention.

In addition, from the foregoing it will be clear that the invention is not limited to the above implementation. Numerous possible modifications, changes, variations and substitutions, preserving the essence and form of the present invention, will be obvious to those skilled in the field of specialists.

The present invention is directed to providing a computer-implemented method for processing information about objects using confidential joint computing methods and data analysis methods.

The use of confidential joint computing methods refers to secure multiparty computaion, in which data requests are calculated in a distributed manner, without a trusted third party. At the same time, the data is divided between different nodes, and they calculate functions together, without passing information to other nodes.

Machine learning (Eng. Machine learning, ML) is an area of artificial intelligence associated with the development and construction of analytical models. To construct such methods, mathematical statistics, numerical methods, optimization methods, probability theory, graph theory, various techniques for working with data in digital form are used.

The claimed solution uses a new approach to data sharing - this is an environment for joint solution by project participants (participating systems) of a limited range of tasks without exchanging their source data.

As shown in FIG. 1, the claimed computer-implemented method for processing information about objects using confidential joint computing methods and data analysis methods (100) can be implemented as follows:

1. The organizing system (103) synchronizes the identifiers with each of the participating systems (101, 102) and creates a common identifier correspondence table (105). The correspondence table stores the identifier of the object in the organizing system and the identifiers corresponding to this identifier in the participating systems and at least one operator system.

1.1. The number of participating systems is not limited. At the same time, at least one of the participating systems involved in the process of identifier synchronization must be an operator system (105) that performs operations on a set of objects using information about which calculations are performed;

2. The customer system (106) selects in the host system (103) a computational algorithm (107) that will be used in confidential joint computing. The algorithm uses the data of one or more participating systems. The calculation of the result is based on one of the methods of confidential joint computing (111) and is controlled by the organizing system (103). Computations are performed simultaneously in the internal information circuits of all participating systems whose data is used to calculate the selected computational algorithm.

3. The organizing system (103) transfers to all participating systems involved in the calculations their own identifiers corresponding to each object identifier in the organizing system. The participating systems conduct confidential joint calculations for the transmitted identifiers and return to the results recovery module (108) the results of their own calculations - part of the result of the joint calculation. The results recovery module (108) can be located in the computing circuit of any of the participants in the calculations.

4. As a result of calculations in the operator system, a set of target identifiers is created (109), information on the purpose and characteristics of which the operator system (104) does not have, thus ensuring the privacy of the created set of target identifiers.

5. The organizing system (103) transmits to the customer system (106) the identifier of the set of target identifiers (110), which the customer system can use to place target information in information systems for this list of target identifiers.

A fundamental feature that allows you to implement a secure data sharing scheme is that the described method is aimed at solving the final problems of the participating systems, and not at ensuring data sharing as such.

This ensures that there is no risk of unauthorized access to both the source data of the participants and the results of the calculations.

In FIG. 2 shows an example of a computing device (500), which is used to implement the claimed solution. The device (500) can be selected from a wide range of known devices providing the necessary functionality, for example, a computer, laptop, server, tablet, smartphone, portable game console, mainframe, supercomputer, etc.

In general, device (500) comprises one or more processors (501) connected by a common bus, at least one memory (502), data storage means (503), input / output interfaces (504), and I / O devices (505) , networking tools (506).

A processor (501) (or multiple processors, a multi-core processor) can be selected from a range of devices that are currently widely used, for example, Intel ™, AMD ™, Apple ™, Samsung Exynos ™, MediaTEK ™, Qualcomm Snapdragon ™, etc. . The processor (501) of the device (500) performs the basic computing operations necessary for the operation of the device (500) or the functionality of one or more of its components. The processor (501) executes the necessary computer-readable instructions contained in the random access memory (502).

Memory (502), as a rule, is made in the form of RAM and contains the necessary software logic that provides the required functionality. RAM is a random access memory and is designed to store machine-readable instructions executed by the processor (501) to perform the necessary operations for logical data processing. RAM, as a rule, contains executable instructions of the operating system and corresponding software components (applications, program modules, etc.).

Data storage means (503) can be implemented as HDD, SSD disks, array raid, network storage, flash memory, optical information storage devices (CD, DVD, MD, Blue-Ray disks), etc. The tool (503) allows long-term storage of various types of information, for example, the aforementioned files with user data sets, a database containing records of time intervals measured for each user, user identifiers, etc.

Various types of I / O interfaces (504) are used to organize the operation of the components of the device (500) and organize the work of external connected devices.

The choice of appropriate interfaces depends on the particular computing device, which can be, but not limited to: PCI, AGP, PS / 2, IrDa, FireWire, LPT, COM, SATA, IDE, Lightning, USB (2.0, 3.0, 3.1, micro, mini, type C), TRS / Audio jack (2.5, 3.5, 6.35), HDMI, DVI, VGA, Display Port, RJ45, RS232, etc.

To ensure user interaction with computing device (500), various means of (505) I / O information are used, for example, keyboard, display (monitor), touch screen, touch pad, joystick, mouse, light pen, stylus, touch panel, trackball, speakers, microphone, augmented reality tools, optical sensors, tablet, light indicators, projector, camera, biometric identification tools (retina scanner, fingerprint scanner, voice recognition module), etc.

Network communication tools (506) provide data transfer by device (500) via an internal or external computer network, for example, Intranet, Internet, LAN, etc. As one or more means (506) may be used, but not limited to: Ethernet card, GSM modem, GPRS modem, LTE modem, 5G modem, satellite communications module, NFC module, Bluetooth and / or BLE module, Wi-Fi module and etc. Additionally, satellite navigation aids can also be used, for example, GPS, GLONASS, BeiDou, Galileo.

In FIG. 3 presents a computer-implemented method for processing information about objects on the example of its implementation for communication purposes:

(1) If the Advertiser contacts the DataHub for an advertising campaign, the advertiser will be provided with the following option in the algorithm catalog (in the model catalog): "communication (advertising) segment of the audience, in which there will be the result of calculations on the combined data from different sources". More specifically, this model will contain information that for its operation, for example, banking data on income and aggregated data of an Internet provider on human behavior on the Internet are needed. That is, based on the combined knowledge, it is possible to really build a segment with the results of the target request and conduct a narrowly targeted advertising company selling goods.

(2) After receiving an order to create a segment, the DataHub transfers the corresponding computational algorithm to the bank, Internet service provider and communication platform and manages confidential joint computation based on this algorithm.

(3) The result of the calculations - the target segment requested by the advertiser - is collected only inside the communication platform - no one except the communication platform knows which identifiers of people this segment consists of. Thus, none of the participants - neither data providers, nor DataHub itself, can use the contents of this segment and independently create a segment in any communication platform for self-reuse or use the contents of this segment by another unintended method. And the initial data on the composite data of the target segment remain respectively with the Bank and the Internet provider, these data also remain inaccessible to any of the participants in the claimed scheme. In addition, it is possible to implement the option when the communication platform in the process of computing does not know who is involved in these calculations (for this, DataHub or another system can proxy communications in confidential joint computing so that the parties cannot identify other participants in the joint computing).

(4) Based on the results of the calculations, the communication platform transmits the segment identifier (the results of the target request), by which you can refer to this segment, DataHub, and it passes it to the Advertiser. In addition, it is possible that the segment identifier is passed to the Advertiser bypassing DataHub.

(5) After the Advertiser receives the identifier, the Advertiser may apply to the communication platform for targeted advertising or other communications in the segment whose identifier was obtained earlier. It should be noted that the advertiser does not get access to the contents of the segment; the segment is stored in a communication platform.

(6) An additional option is possible when the communication platform does not participate in confidential joint computing on its own, and it is replaced by an intermediate participant, for example, an advertising agency. Then the segment is assembled inside this participant and he transfers its contents to the communication platform.

In FIG. 4 presents a computer-implemented method for processing information about objects on the example of the customs service:

(1) The governing body is faced with a problem: the work of the customs service is difficult during a significant seasonal increase in the number of parcels passing through customs. To improve the efficiency of customs, the classification of packages using data from external data providers is required. This will allow you to create narrow segments of parcels for different scenarios of the customs service and will effectively redistribute the efforts of customs officers.

External data providers are not ready to provide additional information about senders, recipients, package routes and other data necessary for analysis. The reasons may be different, including legislative restrictions on the transfer of the required data type and unwillingness to lose control over the data.

The solution to this problem is the proposed scheme of work.

There are several models in the model catalog that can identify parcels with high accuracy, which are correctly declared with a probability acceptable to the governing body. For the model to work, it will require knowledge of the senders or recipients that are stored in the Bank (individuals have no problems, the Bank has a high level of trust in senders - online stores), as well as data stored by the Internet provider (negative behavioral patterns of individuals, attendance sender - online store).

Thus, the model based on the combined data will build a segment of packages that do not require the attention of the customs service with an acceptable probability.

The governing body selects the model and sends the order to the DataHub.

(2) After receiving an order to create a segment, Datahab distributes the corresponding algorithm to the Bank, the Internet service provider and the customs service, and manages the joint calculation of this model.

(3) The calculation result - the target segment with the list of parcels - is collected only inside the customs service - no one except the customs service knows which parcel identifiers this segment consists of. Thus, none of the participants - neither data providers, nor DataHub itself can take the contents of this segment and, on the basis of it, find out additional information about the package - sender, recipient, route - there are services that provide some additional. information about the parcel only by its number, which is stored in the list of parcel identifiers. And the initial data on network behavior and assessments of individuals and legal entities remain with the Bank and the Internet provider, these data also remain inaccessible to any of the participants in the scheme.

(4) After receiving the calculation results, the customs service shall transfer the identifier of the segment by which it is possible to refer to this segment, DataHub, and it shall transmit it to the Managing Authority.

A variant is possible when the segment identifier is transferred to the Customs Authority bypassing the DataHub.

(5) The Managing Authority receives an identifier and can now, depending on circumstances, indicate to the Customs Service the mode of operation with this segment of parcels. At the same time, it is important that the Managing Authority does not get access to the contents of the segment (to the list of packages), the segment is stored in the Customs Service, information about identifiers is not transmitted to the Managing Authority. But the Customs Service does not know the characteristics of the segment, does not have information about its purpose.

In FIG. 5 presents a computer-implemented method for processing information about objects on the example of operations with computers or software (software):

(1) Based on the data that the Internet provider, the Bank and other possible information providers have, it is possible to obtain additional knowledge about the user's computer, which, in turn, can make the work of computers or software more efficient and safe. Such new knowledge can be used by software developers or other entities who can change the settings or behavior of software or computers in general. The problem is that external data providers are not ready to provide information about a computer or software that runs on that computer, which is necessary for analysis and decision-making in the field of a particular computer or software running on it. The reasons may be different, including legislative restrictions on the transfer of the required data type and unwillingness to lose control over the data. Moreover, users would not want the developers of this software to have new knowledge about their computers or software, because these companies may not use this knowledge for their intended purpose.

The solution is the proposed scheme of work.

There are several models in the model catalog that can identify computer or software identifiers with high accuracy, which, with an acceptable probability, require increased control measures for network interaction. For the model to work, it will require knowledge of computer users that are stored in the Bank (increasing the number of canceled transactions, authorization errors in banking software, and so on) and stored by the Internet Service Provider (negative behavioral patterns of individuals, suspicious network behavior of software, and so on).

Thus, the model, based on the combined data, will build a list of computers or software that requires additional attention to security, changes in settings, or other operations that can make the software or computer work more efficient and safe.

The Security Center, which is independent of the developers or operators of the software, selects the model and sends the order to the DataHub.

(2) After receiving an order to create a segment, Datahab distributes the appropriate algorithm to the Bank, Internet service provider and software owner and manages the joint calculation of this model.

(3) The result of the calculations — the target segment with a list of computers or software identifiers — is collected only inside the circuit of the software owner — no one except the software owner knows which computer or software identifiers this segment consists of. Thus, none of the participants - neither data providers, nor DataHub itself can take the contents of this segment and, on the basis of it, find out additional information about computers or software or influence computers or software based on knowledge about the purpose and content of the segment. And the initial data on the behavior in the network and the Bank’s estimates remain with the Bank and the Internet provider, these data also remain inaccessible to any of the participants in the scheme.

(4) Based on the results, the owner of the software transmits the identifier of the segment by which he can access this segment to the DataHub, and he transfers it to the Security Center.

A variant is possible when the segment identifier is passed to the Security Center bypassing the DataHub.

(5) The Security Center receives an identifier and can now, depending on the circumstances, indicate to the owner of the software the operating mode with this segment. It is important that the Security Center does not get access to the contents of the segment (to the list of computer or software identifiers), the segment is stored by the owner of the software, information about identifiers is not transmitted to the Security Center. And the software owner does not know the characteristics of the segment, does not have information about its purpose.

In the present application materials, the preferred disclosure was presented the implementation of the claimed technical solution, which should not be used as limiting other, private embodiments of its implementation, which do not go beyond the requested scope of legal protection and are obvious to specialists in the relevant field of technology.

Claims (25)

1. A computer-implemented method for processing information about objects using confidential joint computing methods and data analysis methods, comprising stages in which: a) one or more systems involved in confidential joint computing using a common computational algorithm synchronize the identifiers of objects; b) one or more systems involved in confidential joint computing synchronize the nomenclatures of attributes of objects; c) one or more systems involved in confidential joint computing use a common computational algorithm that performs operations on attributes of objects, the result of which is a list of identifiers of target objects; f) the list of identifiers of target objects is transmitted to one of the systems involved in the calculations, which is the operator system and can perform operations on one or more objects from the list of identifiers of target objects. g) the identifier of the received list of identifiers of target objects is transmitted to the customer system in such a way that the customer system is able to perform actions with objects whose list is in the operator system using the identifier of this list, while the customer system does not have information about the contents of this list . 2. The computer-implemented method according to claim 1, characterized in that the objects can be identifiers. 3. The computer-implemented method according to claim 1, characterized in that the objects can be a group of objects. 4. The computer-implemented method according to claim 1, characterized in that the identifiers can be a sequence of characters. 5. The computer-implemented method according to claim 1, characterized in that the identifiers can be a sequence of bits. 6. The computer-implemented method according to claim 1, characterized in that the identifiers can be a graphic image. 7. The computer-implemented method according to claim 1, characterized in that the identifiers can be biometric data. 8. The computer-implemented method according to claim 1, characterized in that the identifiers can be audio information. 9. The computer-implemented method according to claim 1, characterized in that the participating systems synchronize the identifiers of the objects, so that all participating participating systems identify the data related to the same object, regardless of which It is the participating systems that store information about this object. 10. The computer-implemented method according to claim 1, characterized in that the participating systems synchronize the identifiers of the objects with the participation of one of the participating systems as the organizer of the identifier synchronization process, the organizing system storing a correspondence table of identifiers of the object identifiers of the participating systems, receives information from the participating systems on the identifiers of the objects and passes them the identifiers of the objects received from the participating systems, including from the organizing system. 11. The computer-implemented method according to claim 1, characterized in that the participating systems synchronize the attributes nomenclature parameters with the participation of one of the participating systems as the organizing system of the identifier synchronization process, the organizing system storing a correspondence table of identifiers of the objects of the participating systems , receives information from the participating systems on the identifiers of the objects and passes them the identifiers of the objects received from the participating systems, including from the organizing system. 12. The computer-implemented method according to claim 1, characterized in that the participating systems participating in joint calculations use a common nomenclature of object attributes in such a way that each participating system contains a single catalog of object attribute names for all participating systems. 13. A computer-implemented method according to claim 1, characterized in that computer programs are used as a computational algorithm in joint calculations. 14. The computer-implemented method according to claim 1, characterized in that for the implementation of computational algorithms in joint computing, the participating systems use a computer program that executes the code of the computational algorithm. 15. The computer-implemented method according to claim 1, characterized in that for executing the computational algorithms within the computational circuit of the participating systems, the participating systems are transmitted the source code of the computer program for auditing and controlled execution of the computer program by the participating system within its information space . 16. The computer-implemented method according to claim 1, characterized in that for executing the computational algorithms within the computational circuit of the participating systems, the participating programs are transmitted a computer program for auditing and controlled execution of the computer program by the participating system within its information space. 17. The computer-implemented method according to claim 1, characterized in that the participating systems use a common catalog of computational algorithms. 18. The computer-implemented method according to claim 1, characterized in that based on the training samples provided by the participating systems, computational algorithms are created for use in joint computing. 19. The computer-implemented method according to claim 1, characterized in that the participating systems transmit attributes of the selected objects to the participating system, which is the organizing system for creating computational algorithms. 20. The computer-implemented method according to claim 1, characterized in that the communication with confidential joint calculations between the participating systems can be carried out not directly between the participants, but through another system, while such a system does not gain access to the contents of the communications, since the systems -participants ensure the confidentiality of their own communications, and the identification of participating systems in the calculations with each other is impossible due to the use of an intermediate system that hides the identification information of systems from each other.

Images