WO2022267787A1 - Procédé, appareil et système pour déterminer une ressource de calcul dans un calcul de confidentialité - Google Patents

Procédé, appareil et système pour déterminer une ressource de calcul dans un calcul de confidentialité Download PDF

Info

Publication number
WO2022267787A1
WO2022267787A1 PCT/CN2022/094323 CN2022094323W WO2022267787A1 WO 2022267787 A1 WO2022267787 A1 WO 2022267787A1 CN 2022094323 W CN2022094323 W CN 2022094323W WO 2022267787 A1 WO2022267787 A1 WO 2022267787A1
Authority
WO
WIPO (PCT)
Prior art keywords
resource
computing
target
privacy
computing resources
Prior art date
Application number
PCT/CN2022/094323
Other languages
English (en)
Chinese (zh)
Inventor
应鹏飞
李漓春
王一凡
Original Assignee
支付宝(杭州)信息技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 支付宝(杭州)信息技术有限公司 filed Critical 支付宝(杭州)信息技术有限公司
Publication of WO2022267787A1 publication Critical patent/WO2022267787A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules

Definitions

  • One or more embodiments of this specification relate to the field of computer technology, and in particular to methods, devices and systems for determining computing resources in privacy computing.
  • the electronic payment platform will classify merchants based on the merchant transaction data it owns, the e-merchant platform based on the merchant sales data it owns, and the banking institution based on the merchant loan data it owns. analyze.
  • Privacy-preserving computing has a variety of computing routes, such as Secure Multi-Party Computation (MPC), Trusted Execution Environment (Trusted Execution Environment, TEE), Federated Learning (Federated Learning, FL), etc.
  • MPC Secure Multi-Party Computation
  • TEE Trusted Execution Environment
  • FL Federated Learning
  • privacy computing routes can be selected for specific privacy computing tasks.
  • One or more embodiments of this specification describe the method for determining computing resources in privacy computing. By introducing management nodes to establish and manage computing resource pools, the holders and demanders of computing resources can release resources conveniently and quickly. and discover.
  • a method for determining computing resources in privacy computing the method is executed by a management node, and the method includes: receiving a query request for computing resources from a computing resource usage demand side, wherein the computing resources support privacy The public resources of the algorithm, the computing resources are pre-registered in the management node; based on the query request and the resource information of multiple computing resources registered locally, determine the resource list; send the resources to the computing resource usage demand side list, so that the computing resource usage demand side determines target resources from the resource list for executing target privacy computing tasks.
  • the query request includes the target privacy algorithm adopted for the target privacy computing task
  • the resource information includes the privacy algorithm supported by the computing resource
  • determining a resource list includes: determining a number of computing resources supporting the target privacy algorithm to form the resource list.
  • the method further includes: including the current usage state information of the several computing resources in the resource list.
  • the resource information includes privacy algorithms supported by computing resources; wherein, based on the query request and the resource information of a plurality of locally registered computing resources, determining a resource list includes: determining the plurality of computing resources Among the resources, several computing resources that are currently in an idle state; the resource list is determined according to the several computing resources and the privacy algorithm supported by each computing resource.
  • the method further includes: receiving a first notification from the computing resource usage demander, which indicates that the target resource is used by the Computing resources used by the demand side; according to the first notification, updating the usage status of the target resource in the resource information.
  • the method further includes: receiving a second notification from the computing resource usage demander, which indicates the computing resource usage demand The party stops using the target resource; according to the second notification, update the usage status of the target resource in the resource information; The cost incurred by the resource.
  • the resource list includes IP addresses of each computing resource therein.
  • the method before receiving a query request for computing resources from a computing resource usage demander, the method further includes: receiving a registration request from a computing resource holder, including registration information for computing resources, the registration The information includes a privacy algorithm supported by a corresponding computing resource; and if the registration request is approved, the registration information is included in the resource information.
  • adding the registration information to the resource information includes: allocating a resource ID to the computing resource corresponding to the registration request; and associating and storing the resource ID and the registration information.
  • the registration information further includes at least one of the following: IP address, domain name, and public key of the corresponding computing resource.
  • a method for determining computing resources in privacy computing the method is executed by a demander for computing resources, and the method includes: sending a query request for computing resources to a management node, where the computing resources support privacy public resources of the algorithm, the computing resources are pre-registered at the management node; receiving a resource list from the management node, the resource list is determined based on the query request and the resource information of a plurality of locally registered computing resources; based on the The above resource list is used to determine the target resource used to perform the target privacy computing task.
  • the method further includes: determining a target privacy algorithm adopted for the target privacy computing task, and including the target privacy algorithm in the query request.
  • determining a target resource for executing a target privacy computing task based on the resource list includes: randomly selecting a computing resource from the resource list as the target resource.
  • the resource list includes current usage status information of each computing resource; wherein, based on the resource list, determining the target resource for executing the target privacy computing task includes: from the resource A computing resource whose current use state is idle is selected from the list as the target resource.
  • the resource list includes privacy algorithms supported by each computing resource; wherein, based on the resource list, determining the target resource for executing the target privacy computing task includes: based on the target privacy computing For the target privacy algorithm adopted by the task, a computing resource supporting the target privacy algorithm is selected from the resource list as the target resource.
  • the method further includes: sending the IP address of the target resource to other participants; utilizing the target resource, communicating with the other Participants jointly perform the target privacy computing task.
  • a method for determining computing resources in privacy computing including: sending a query request for computing resources to a management node from a computing resource usage demand direction, wherein the computing resources are public resources that support privacy algorithms, and the computing resources are pre-determined Registered at the management node; the management node determines a resource list based on the query request and the resource information of multiple computing resources registered locally; the management node sends the resource list to the computing resource usage demand side ; The computing resource usage demander determines the target resource for executing the target privacy computing task based on the resource list.
  • the method further includes: the computing resource usage demand side determines the target privacy algorithm adopted for the target privacy computing task, and includes the target privacy algorithm in the query request; wherein, the management The node determines a resource list based on the query request and resource information of multiple computing resources stored therein, including: determining several computing resources supporting the target privacy algorithm to form the resource list.
  • the method further includes: the management node includes the current usage status information of the several computing resources in the resource list; list, determining a target resource for executing a target privacy computing task, comprising: selecting a computing resource whose current use state is idle from the resource list as the target resource.
  • the above-mentioned determination of several computing resources that support the target privacy algorithm and forming the resource list includes: the management node, based on the current usage status information of the several computing resources, from the several computing resources Selecting computing resources whose current use status is idle from the resources to form the resource list; wherein, the computing resource use demand side determines the target resource for executing the target privacy computing task based on the resource list, including: the The computing resource use demand side determines the computing resource in the resource list as the target resource.
  • the management node determines the resource list based on the query request and the resource information of multiple computing resources stored in it, including: determining several of the multiple computing resources that are currently idle Computing resources to form the resource list; wherein, based on the resource list, determining the target resource for executing the target privacy computing task includes: based on the target privacy algorithm adopted for the target privacy computing task, from the resource list Select a computing resource that supports the target privacy algorithm as the target resource.
  • a device for determining computing resources in privacy computing the device is integrated in a management node, and the device includes: a query request receiving unit configured to receive a query request for computing resources from a computing resource usage demander , wherein the computing resource is a public resource that supports a privacy algorithm, and the computing resource is pre-registered at the management node; the resource list determination unit is configured to determine the resource based on the query request and resource information of a plurality of locally registered computing resources list; a resource list sending unit configured to send the resource list to the computing resource usage demander, so that the computing resource usage demander can determine target resources from the resource list for executing target privacy computing tasks.
  • a device for determining computing resources in privacy computing the device is integrated with a computing resource usage demander, and the device includes: a query request sending unit configured to send a query request for computing resources to a management node , wherein the computing resources are public resources that support privacy algorithms, and the computing resources are pre-registered at the management node; the resource list receiving unit is configured to receive a resource list from the management node, the resource list is based on the query request and the local The resource information of a plurality of registered computing resources is determined; the target resource determining unit is configured to determine a target resource for executing a target privacy computing task based on the resource list.
  • a system for determining computing resources in privacy computing including: a demander for computing resources, configured to send a query request for computing resources to a management node, where the computing resources are public resources that support privacy algorithms, so The computing resources are pre-registered on the management node; the management node is configured to determine a resource list based on the query request and the resource information of multiple computing resources registered locally, and send the resource list to the computing resource usage demand party The resource list; the computing resource usage demander is further configured to determine a target resource for executing a target privacy computing task based on the resource list.
  • a computer-readable storage medium on which a computer program is stored, and when the computer program is executed in a computer, the computer is made to execute the method provided in any one of the first to third aspects .
  • a computing device including a memory and a processor, wherein executable code is stored in the memory, and when the processor executes the executable code, any one of the first aspect to the third aspect is implemented method provided.
  • the management node supports the computing resource holder to register the computing resources it holds, thereby establishing a resource pool, so that the demander with computing resource usage requirements can submit to the management node Send a resource query request, and determine the target resource used to perform the target privacy computing task based on the resource list returned by the management node, and then the computing resource usage demander can cooperate with other participants to jointly use the target resource to complete the target privacy computing task execution.
  • the holders and demanders of computing resources can release and discover resources conveniently and quickly.
  • Fig. 1 shows a schematic diagram of an interaction scenario for computing resources according to an embodiment
  • Fig. 2 shows a schematic diagram of multi-party interaction in determining computing resources in privacy computing according to an embodiment
  • Fig. 3 shows a schematic diagram of multi-party collaborative privacy calculation according to an embodiment
  • Fig. 4 shows a schematic diagram of multi-party collaborative privacy calculation according to another embodiment
  • Fig. 5 shows a schematic diagram of multi-party interaction in determining computing resources in privacy computing according to another embodiment
  • FIG. 6 shows a schematic diagram of an architecture for performing privacy data statistics tasks according to an embodiment
  • Fig. 7 shows a schematic structural diagram of an apparatus for determining computing resources in privacy computing according to an embodiment
  • Fig. 8 shows a schematic structural diagram of an apparatus for determining computing resources in privacy computing according to another embodiment.
  • the solution proposed by the inventor introduces management nodes to collect computing resources released by third parties, and establishes computing resource pools, so that demanders who have computing resource usage requirements can send resource query requests to management nodes, and based on the management nodes according to Query the resource list returned by the request to determine the target resource used to perform the target privacy computing task, and then, the demander can inform each participant of the privacy computing of the addressing information of the target resource, so that each participant can jointly use the The target resource completes the execution of the target privacy computing task.
  • FIG. 1 shows a schematic diagram of an interaction scenario for computing resources according to an embodiment.
  • bank A sends a query request to the management node, including its request for computing resources to support the TEE algorithm; the management node returns a list of computing resources to bank A based on the resource information of each resource in its computing resource pool, including 3 The usage status of each TEE server; then, bank A selects No. 3 TEE server in an idle state, and sends the Internet Protocol (Internet Protocol, IP) address of No. 3 TEE server to bank B, and then uses it with bank B No. 3 TEE server completes the target privacy calculation task (for example, jointly establishes a merchant classification model).
  • IP Internet Protocol
  • FIG. 2 shows a schematic diagram of multi-party interaction in determining computing resources in privacy computing according to an embodiment, and the multi-party at least includes a computing resource usage demander and a management node.
  • the computing resource usage demander may be bank A shown in FIG. 1 .
  • each of the multiple parties can be implemented as a device, platform, server or device cluster with computing and processing capabilities.
  • the interaction process includes the following steps: Step S210 , the computing resource usage demander sends a query request for the computing resource to the management node, and the computing resource is registered in the management node in advance.
  • computing resources are public resources that support privacy algorithms, where relevant computing logic for privacy algorithms is deployed, and/or are used to provide relevant algorithm parameters, which can be shared by multiple privacy computing tasks.
  • the computing resource can be carried by the public resource platform, and the public resource platform assumes the role of the algorithm provider in the process of publishing and providing the privacy algorithm; The resource platform also assumes the role of computing party.
  • computing resources are public resources, it means that the public resource platform only needs to provide computing resources, and it does not directly or indirectly provide sample data related to privacy computing, and the public resource platform can use the computing resources it provides , to flexibly establish cooperative relationships with different, non-specific privacy computing participants in multiple privacy calculations, and jointly perform privacy calculations.
  • the data provider in the privacy calculation relies on the calculation party with the privacy calculation engine to perform privacy calculation. Specifically, the data provider sends the private sample data held by itself to the first type of computing resources for privacy computing, for example, after encrypting the sample data and sending it to the computing party for privacy computing; for example, after sharding the sample data Send it to the computing party for privacy calculation.
  • Fig. 3 shows a schematic diagram of multi-party collaborative privacy computing according to an embodiment. As shown in Fig. 3, n data providers perform privacy computing based on computing power provided by t computing nodes.
  • the resources of the t computing nodes may be TEE servers; in another embodiment, the t computing nodes may be servers with MPC computing engines.
  • Fig. 4 shows a schematic diagram of multi-party collaborative privacy computing according to another embodiment. As shown in Fig. 4, the two data providers also serve as computing nodes and cooperate with auxiliary computing resources (shown as auxiliary servers in Fig. 4) Perform privacy calculations.
  • the auxiliary computing resource may be an MPC random number provider.
  • the secondary computing resource may be a Federated Learning Center server.
  • the carrier of the above computing resources may be any module, device or device cluster with computing and processing capabilities.
  • the above query request indicates a request to query computing resources in an available state.
  • being in the available state may include being in a partially idle state or a completely idle state.
  • the computing resource usage requester determines the target privacy algorithm adopted for the target privacy computing task, and includes the target privacy algorithm in the query request. It should be noted that there may be multiple types of target privacy computing tasks.
  • the task type may include joint statistical analysis for specified data items.
  • the specified data items may be user age, user gender, merchant average turnover, merchant category, enterprise scale, and the like.
  • the joint statistical analysis may be to analyze the numerical distribution of the specified data item within its definition domain, or, between different parties, to compare the value corresponding to the specified data item, or, between different parties Analysis and calculation operations such as summation, intersection, or averaging of specified data items.
  • the joint statistical analysis for the specified data item may be: counting the total number of female users in different parties. In another example, it may also be: counting the number of identical users in different parties. In yet another example, it may also be: counting age distributions of all users in the multi-party. In yet another example, it may be: comparing the average turnover of merchants of multiple parties.
  • the task type of the target computing task may include joint training of specified models.
  • the specified model may be a machine learning model such as a logistic regression model, a decision tree model, or a neural network model.
  • the specified model may be a classification model or a regression model.
  • the sample objects targeted by the specified model may be: users, merchants, commodities, events (such as login events or access events), devices (such as user terminals or Internet of Things devices), and so on.
  • the specified model may be a user classification model or a user scoring model, such as a consumer group segmentation model, a user risk assessment model, a user anomaly identification model, and the like.
  • the specified model may be a commodity classification model or a commodity scoring model, specifically such as a commodity popularity scoring model.
  • the task type of the target computing task may include joint prediction of a specified model.
  • the specified model may be a classification model or a regression model, and correspondingly, the joint prediction may be to predict a classification category based on a classification model, or to predict a regression value based on a regression model.
  • the joint prediction of the above specified models may be: predicting user risk scores based on the user risk assessment model, or identifying abnormal users based on the user anomaly identification model.
  • task types included in the description information. It should be understood that in addition to the above-mentioned joint statistical analysis for specified data items, joint training and joint prediction of specified models, task types can also include other types, which are not exhaustive.
  • one or more privacy algorithms that perform the above target privacy tasks can be determined.
  • the determined privacy algorithm may include a Private Set Intersection (PSI) algorithm, a TEE algorithm, and the like.
  • PSI Private Set Intersection
  • TEE TEE
  • the plurality of privacy algorithms may be prioritized, and the privacy algorithm with the highest priority may be included in the query request as the target privacy algorithm.
  • the staff sets priorities for all privacy algorithms that may be adopted in advance, so that in this step, the above-mentioned multiple privacy algorithms can be prioritized according to the preset priority information.
  • the above-mentioned multiple privacy algorithms may be prioritized according to the historical implementation effects of the privacy algorithms.
  • the computing resource usage demander can determine the target privacy algorithm adopted for the privacy target task, and include it in the above query request.
  • the above query request may also include the required number of computing resources supporting the target privacy algorithm (such as 2 servers, etc.).
  • the computing resource usage demander sends the generated query request to the management node.
  • the management node may receive the query request, and in step S220, determine a resource list based on the query request and the resource information of the plurality of computing resources registered locally.
  • the resource information may include resource ID (Identity) of the computing resource, addressing information, public key, supported privacy algorithm, and the like.
  • the addressing information may include an IP address.
  • the addressing information may include a domain name.
  • the above-mentioned multiple parties may also include computing resource holders.
  • the process of multi-party interaction may also include steps S205 and S206.
  • the management The node receives the registration request from the computing resource holder, which includes the registration information for the computing resource, and the registration information includes the privacy algorithm supported by the corresponding computing resource; in step S206, when the above registration request is approved, the management node will Registration information falls under the resource information.
  • computing resource holders can become computing resource issuers by registering their own computing resources with management nodes, so that management nodes can establish resource pools based on registered computing resources for query and use by demanders of computing resources .
  • resource issuers can issue multiple computing resources that support the same or different privacy algorithms.
  • the above registration information may also include the IP address, domain name or public key of the corresponding resource.
  • the review of the above-mentioned registration request may include conducting qualification review and credit review of the computing resource holder, and reviewing the validity of the computing resources involved in the registration request.
  • the management node adding the registration information to the resource information may include: allocating a resource ID to the computing resource corresponding to the registration request; and storing the resource ID and the registration information in association.
  • the above resource information may also include the current usage status of computing resources, for example, in use and idle.
  • usage details may also be included.
  • the usage details may include: how many merchants or data nodes the computing resource is used by, the CPU, memory, disk, network, etc. occupancy and remaining availability of the computing resource in the last minute.
  • the management node may obtain the above usage details through active query.
  • the above usage details may be proactively reported to the management node by the above multiple computing resources at regular intervals.
  • the query request includes the target privacy algorithm adopted for the target privacy computing task, and the resource information includes the privacy algorithm supported by the computing resource.
  • the management node may determine a number of computing resources supporting the target privacy algorithm from a plurality of computing resources to form the above-mentioned resource list.
  • the resource information also includes the current usage status of the computing resources, and accordingly, this step may further include: including the current usage status information of the above-mentioned several computing resources in the above-mentioned resource list.
  • the query request indicates that the demander for computing resources entrusts the management node to determine the target resource.
  • this step may also include: the management node, based on the current usage status information of several computing resources, selects the Computing resources whose current use status is idle are selected from the list to form the above resource list, so that the computing resource usage demand side can directly determine the computing resources in the resource list as target resources.
  • the above-mentioned target privacy algorithm is not included in the query request.
  • the management node can determine some computing resources that are currently idle among the above-mentioned multiple computing resources, and then use each of the several computing resources to
  • the resource ID of the resource and the supported privacy algorithms form a resource list.
  • the idle state may be a completely idle state (not used by any party), or a partially idle state (partial space is used, and the remaining space has not been used).
  • the resource list may also include usage details of several computing resources.
  • the above resource list may also include addressing information (such as IP address or domain name) of each computing resource, which is used to subsequently locate the corresponding computing resource and then use the resource.
  • the above resource list may further include resource IDs of respective computing resources therein.
  • the management node can determine the resource list according to the received query request and the stored resource information. Furthermore, in step S230, the management node sends the resource list to the computing resource usage demander. Correspondingly, the computing resource usage demander may receive the resource list, and then in step S240, the computing resource usage demander determines the target resource for executing the target privacy computing task based on the resource list.
  • the query request includes a target privacy algorithm adopted for the target privacy computing task, and each computing resource in the correspondingly determined resource list supports the target privacy algorithm. Based on this, in a specific embodiment, this step may include: the demander for computing resource use randomly selects a computing resource from the resource list as the above-mentioned target resource.
  • the resource list also includes the current usage status of each of the computing resources, and correspondingly, the computing resource that is currently in an idle state can be selected as the above-mentioned target resource.
  • the resource list also includes the current usage details of each computing resource, such as how many merchants or data nodes the computing resource is used by, and the CPU, memory, disk, network, etc. of the computing resource in the past one minute.
  • the corresponding computing resource can be scored based on the usage details, and the computing resource with the highest score can be determined as the target resource.
  • usage details of each computing resource may be input into a pre-trained resource scoring model to obtain a corresponding resource score.
  • resource scoring based on usage details can be combined with pre-specified scoring rules.
  • the above resource list includes the privacy algorithms supported by each computing resource.
  • this step may include: based on the above target privacy algorithm, the computing resource usage demander selects from the above resource list to support the target privacy algorithm Computing resources of , as the target resource above.
  • the computing resources in the resource list are all in an idle state, which means they can be put into use immediately.
  • the computing resources in the resource list are in use state or idle state. If the target resource determined by the computing resource usage demander is in use state, it can reserve the use of the target resource with the management node.
  • the computing resource usage demander entrusts the management node to select the target resource in advance, and accordingly, the computing resource usage demander can directly determine the computing resource in the resource list as the target resource.
  • the computing resource usage demander can determine the target resource for performing the target privacy task.
  • the above-mentioned multiple parties may also include other participants (for example, bank B shown in FIG. Other parties that participate in the execution of the above-mentioned target computing tasks.
  • the demander for computing resource usage is a certain data provider, and correspondingly, other participants may include other data providers.
  • the above interaction process may further include step S245 and step S246.
  • the computing resource usage requesting party sends the addressing information (such as IP address or domain name) of the target resource to other participating parties.
  • the public key of the target resource is also sent to other participants, so as to facilitate subsequent encrypted transmission of data or digital signature verification of the target resource.
  • the computing resource usage demander and other participants jointly use the above target resources to execute the above target privacy computing tasks.
  • the computing resource issuer shown in FIG. 5 publishes the above-mentioned target resource
  • the computing resource issuer may participate in the execution of the target privacy computing task as a participant.
  • the above-mentioned interaction process may further include: sending an authorization use request for the target resource to the management node from the computing resource usage demand direction; the management node generates a corresponding authorization token according to the authorization use request, And send it to the demander for computing resource use; the demander for computing resource use sends the authorization token to the above-mentioned other participants, after that, the demander for computing resource use and other participants each send resources for the target resource to the publisher of the target resource Use request, the resource use request includes an authorization token, and after the issuer confirms that the authorization token has passed the verification, open the use permission of the target resource to the computing resource usage demander and other participants, allowing them to access and use the target resource.
  • the above interaction process may further include: sending an authorized use request for the target resource to the management node from the computing resource usage request, and the authorized use request includes identification information of other participants;
  • the node generates a first authorization token according to the identification of the computing resource usage demander, and sends the first authorization token to the computing resource usage demander, and the management node generates a third authorization token according to the identification of other participants, and Send the third authorization token to other participants; after that, the computing resource use demander and other participants each send a resource usage request for the target resource to the issuer of the target resource, and the resource usage request includes the authorization of the corresponding participant Token, after the issuer confirms that the authorization token has passed the verification, open the usage authority of the target resource to the computing resource usage demander and other participants, allowing them to access and use the target resource.
  • the management node issues authorization tokens to different participants, which can prevent the authorization token from being stolen and cause the target resource to be illegally occupied.
  • FIG. 6 shows a schematic diagram of the architecture of performing private data statistics tasks according to an embodiment
  • data party A and data party B are based on their installed SGX client, respectively use the public key of the SGX server to hold Encrypt the private data, and send the encrypted data to the SGX server; then, the data party A sends a SQL query statement to the SGX server to query the statistical indicators of the private data (such as the average annual expenditure of the user), at this time, the SGX server
  • the private key corresponding to the above public key can be used to decrypt the encrypted data sent by data party A and data party B respectively, and calculate the index value of the statistical indicator based on the obtained decrypted data, and then return the index value to
  • the above-mentioned interaction process may further include: sending a first notification to the management node from the computing resource usage demander, which indicates that the above-mentioned target resource is used by the computing resource usage demander; the management node based on the The first notification is to modify the current usage state of the target resource in the resource information, for example, to be in use.
  • the subsequent step may also include: sending a second notification to the management node instructing the computing resource usage demander to stop using the target resource, or instructing the computing resource usage demander to stop using the target resource. Release the occupancy of the target resource.
  • the management node modifies the current usage status of the target resource in the resource information, for example, modifies it to be idle.
  • the management node calculates the cost generated by the computing resource usage requester for using the target resource.
  • both the first notification and the second notification include the resource ID of the target resource, so that the management node can quickly query the target resource.
  • the first notification and the second notification each include a time stamp, and correspondingly, the usage fee for the target resource can be calculated according to the calculated usage duration and the preset usage unit price per unit duration.
  • the first notification also includes information such as the memory space used by the target resource and the number of computing chips (such as CPU, GPU, FPGA, etc.), and accordingly, the usage fee can be calculated in combination with these specific usage information .
  • the management node can obtain the usage log of the target resource, and by analyzing the usage log, determine the usage information of the target resource by the above-mentioned computing resource usage demander and other participants, and then according to the usage information and preset Calculate the usage fee according to the specified charging standard.
  • the first notification and/or the second notification may include identification information of other participants participating in the task execution, so that the management node can correspondingly extract the usage information from the usage log.
  • the management node can calculate the cost of using the above-mentioned target resources in the process of performing the above-mentioned target privacy computing tasks, and then charge the fee to the computing resource usage demander, or charge the computing resource usage demander and other participants Fees, for example, can be divided equally according to the total number of participants of computing resource usage demanders and other participants, and then charged to each participant according to the equally divided fees. Furthermore, the management node can draw a part of the total fee collected as a handling fee, and transfer the remaining part to the account of the publisher of the target resource. In this way, it is possible to realize the mutual benefits of computing resource usage demanders, publishers and management nodes, and win-win cooperation.
  • the management node supports computing resource holders to register their computing resources, thereby establishing a resource pool.
  • the demander of the demand can send a resource query request to the management node, and based on the resource list returned by the management node, determine the target resource used to perform the target privacy computing task, and then the computing resource usage demander can cooperate with other participants to jointly use
  • the target resource completes the execution of the target privacy computing task.
  • the embodiment of this specification also discloses a determination device and a determination system.
  • Fig. 7 shows a schematic structural diagram of an apparatus for determining computing resources in privacy computing according to an embodiment, and the apparatus is integrated in a management node.
  • the device 700 includes:
  • the query request receiving unit 710 is configured to receive a query request for computing resources from a computing resource usage demander, wherein the computing resources are public resources that support privacy algorithms, and the computing resources are pre-registered at the management node; the resource list determining unit 720 , configured to determine a resource list based on the query request and the resource information of a plurality of locally registered computing resources; the resource list sending unit 730 is configured to send the resource list to the computing resource usage demander, so that the The computing resource usage demander determines the target resource from the resource list to execute the target privacy computing task.
  • the query request includes the target privacy algorithm adopted for the target privacy computing task, and the resource information includes the privacy algorithm supported by the computing resource; the resource list determining unit 720 is specifically configured to: determine Several computing resources supporting the target privacy algorithm form the resource list.
  • the resource list determining unit 720 is further configured to: include the current usage status information of the several computing resources in the resource list.
  • the resource information includes privacy algorithms supported by computing resources; the resource list determining unit 720 is specifically configured to: determine several computing resources that are currently idle among the multiple computing resources; according to the A plurality of computing resources and privacy algorithms supported by each computing resource determine the resource list.
  • the apparatus further includes: a first notification receiving unit 742 configured to receive a first notification from the computing resource usage demander, which indicates that the target resource is used by the computing resource usage demander;
  • the first status updating unit 744 is configured to update the usage status of the target resource in the resource information according to the first notification.
  • the apparatus 700 further includes: a second notification receiving unit 752 configured to receive a second notification from the computing resource usage demander, which instructs the computing resource usage demander to stop using the The target resource; the second status update unit 754 is configured to update the usage status of the target resource in the resource information according to the second notification; the fee calculation unit 756 is configured to calculate based on the first notification and the second notification
  • the computing resources use the costs generated by the demand side for using the target resources.
  • the resource list includes IP addresses of each computing resource therein.
  • the apparatus 700 further includes: a registration request receiving unit 762 configured to receive a registration request from the computing resource holder, which includes registration information for the computing resource, and the registration information includes the information supported by the corresponding computing resource. Privacy algorithm; registration information storage unit 764, configured to include the registration information into the resource information when the registration request is approved.
  • the registration information storage unit 764 is specifically configured to: allocate a resource ID to the computing resource corresponding to the registration request; and associate and store the resource ID and registration information.
  • the registration information further includes at least one of the following: IP address, domain name, and public key of the corresponding computing resource.
  • Fig. 8 shows a schematic structural diagram of an apparatus for determining computing resources in privacy computing according to another embodiment, and the apparatus is integrated in a demand side for computing resource usage.
  • the device 800 includes:
  • the query request sending unit 810 is configured to send a query request for computing resources to the management node, where the computing resources are public resources that support privacy algorithms, and the computing resources are pre-registered at the management node;
  • the resource list receiving unit 820 is configured to Receive a resource list from the management node, the resource list is determined based on the query request and the resource information of a plurality of locally registered computing resources;
  • the target resource determining unit 830 is configured to determine an execution target based on the resource list Target resource for private computing tasks.
  • the query request sending unit 810 is further configured to: determine the target privacy algorithm adopted for the target privacy computing task, and include the target privacy algorithm in the query request.
  • the target resource determining unit 830 is specifically configured to: randomly select a computing resource from the resource list as the target resource.
  • the resource list includes current usage status information of each computing resource; the target resource determining unit 830 is specifically configured to: select a computing resource whose current usage status is idle from the resource list, as The target resource.
  • the resource list includes privacy algorithms supported by each computing resource; the target resource determining unit 830 is specifically configured to: based on the target privacy algorithm adopted for the target privacy computing task, select from the resource list A computing resource that supports the target privacy algorithm is selected as the target resource.
  • the apparatus 800 further includes: an IP address sending unit 840, configured to send the IP address of the target resource to other participants; a privacy task execution unit 850, configured to utilize the target resource, and The other participants jointly execute the target privacy computing task.
  • the embodiment of this specification also discloses a system for determining computing resources in privacy computing.
  • the determination system includes:
  • Computing resource use demand side used to send a query request for computing resources to the management node, wherein the computing resources are public resources that support privacy algorithms, and the computing resources are pre-registered with the management node; the management node is used to The query request and resource information of a plurality of computing resources registered locally, determining a resource list, and sending the resource list to the computing resource usage demander; the computing resource usage demander is configured to list, identifying the target resource for performing the target private computing task.
  • the computing resource usage requester is further configured to: determine the target privacy algorithm adopted for the target privacy computing task, and include the target privacy algorithm in the query request; the management node is specifically used to : Determine a number of computing resources supporting the target privacy algorithm, and form the resource list.
  • the management node is further configured to: include the current usage status information of the several computing resources in the resource list; the computing resource usage demander is specifically configured to: A computing resource whose current use state is idle is selected from the list as the target resource.
  • the management node is specifically configured to: select a computing resource whose current usage state is idle from the several computing resources based on the current usage state information of the several computing resources, and form the resource list; the computing resource use demander is specifically configured to: determine the computing resource in the resource list as the target resource.
  • the management node is specifically configured to: determine several computing resources that are currently idle among the multiple computing resources, and form the resource list; the computing resource usage demander is specifically configured to: based on For the target privacy algorithm adopted by the target privacy computing task, computing resources supporting the target privacy algorithm are selected from the resource list as the target resource.
  • a computer-readable storage medium on which a computer program is stored.
  • the computer program is executed in a computer, the computer is instructed to execute the method described in conjunction with FIG. 2 or FIG. 5 .
  • a computing device including a memory and a processor, wherein executable code is stored in the memory, and when the processor executes the executable code, the implementation in conjunction with FIG. 2 or FIG. 5 is realized. the method described.
  • the functions described in the present invention may be implemented by hardware, software, firmware or any combination thereof.
  • the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

Des modes de réalisation de la présente invention concernent un procédé de détermination d'une ressource de calcul dans un calcul de confidentialité. Le procédé est exécuté par un nœud de gestion. Le procédé consiste à : recevoir une demande d'interrogation pour une ressource de calcul provenant d'un demandeur d'utilisation de ressources de calcul, la ressource de calcul étant une ressource publique prenant en charge un algorithme de confidentialité, et la ressource de calcul étant préenregistrée dans un nœud de gestion ; déterminer une liste de ressources sur la base de la demande d'interrogation et des informations de ressources d'une pluralité de ressources de calcul enregistrées localement ; et transmettre la liste de ressources au demandeur d'utilisation de ressources de calcul, de telle sorte que le demandeur d'utilisation de ressources de calcul détermine, à partir de la liste de ressources, une ressource cible utilisée pour exécuter une tâche de calcul de confidentialité cible.
PCT/CN2022/094323 2021-06-25 2022-05-23 Procédé, appareil et système pour déterminer une ressource de calcul dans un calcul de confidentialité WO2022267787A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202110713060.8A CN115525919A (zh) 2021-06-25 2021-06-25 隐私计算中计算资源的确定方法、装置及系统
CN202110713060.8 2021-06-25

Publications (1)

Publication Number Publication Date
WO2022267787A1 true WO2022267787A1 (fr) 2022-12-29

Family

ID=84544076

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/094323 WO2022267787A1 (fr) 2021-06-25 2022-05-23 Procédé, appareil et système pour déterminer une ressource de calcul dans un calcul de confidentialité

Country Status (2)

Country Link
CN (1) CN115525919A (fr)
WO (1) WO2022267787A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117955748A (zh) * 2024-03-26 2024-04-30 中电工业互联网有限公司 基于隐私计算的数据资产化处理方法、系统、设备及介质

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106453146A (zh) * 2016-11-17 2017-02-22 华胜信泰信息产业发展有限公司 私有云计算资源的分配方法及系统
CN106502796A (zh) * 2016-10-27 2017-03-15 广东浪潮大数据研究有限公司 一种软件开发测试平台、系统及使用方法
US20190294471A1 (en) * 2016-11-30 2019-09-26 Yokogawa Electric Corporation Information processing device, resource allocation system, and resource allocation method
CN111355731A (zh) * 2020-02-28 2020-06-30 北京奇艺世纪科技有限公司 资源访问的方法、装置、资源访问系统、设备及存储介质
CN112787812A (zh) * 2021-01-15 2021-05-11 中国工商银行股份有限公司 基于区块链的计算作业处理方法、装置及系统

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106502796A (zh) * 2016-10-27 2017-03-15 广东浪潮大数据研究有限公司 一种软件开发测试平台、系统及使用方法
CN106453146A (zh) * 2016-11-17 2017-02-22 华胜信泰信息产业发展有限公司 私有云计算资源的分配方法及系统
US20190294471A1 (en) * 2016-11-30 2019-09-26 Yokogawa Electric Corporation Information processing device, resource allocation system, and resource allocation method
CN111355731A (zh) * 2020-02-28 2020-06-30 北京奇艺世纪科技有限公司 资源访问的方法、装置、资源访问系统、设备及存储介质
CN112787812A (zh) * 2021-01-15 2021-05-11 中国工商银行股份有限公司 基于区块链的计算作业处理方法、装置及系统

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117955748A (zh) * 2024-03-26 2024-04-30 中电工业互联网有限公司 基于隐私计算的数据资产化处理方法、系统、设备及介质

Also Published As

Publication number Publication date
CN115525919A (zh) 2022-12-27

Similar Documents

Publication Publication Date Title
Aledhari et al. Federated learning: A survey on enabling technologies, protocols, and applications
US11030681B2 (en) Intermediate blockchain system for managing transactions
Lopez et al. A multi-layered blockchain framework for smart mobility data-markets
US11568437B2 (en) Systems, methods, and apparatuses for implementing commerce rewards across tenants for commerce cloud customers utilizing blockchain
US10831530B2 (en) Secure consensus-based endorsement for self-monitoring blockchain
US20210042741A1 (en) Benefit allocation method, apparatus, and electronic device
EP3655905B1 (fr) Technologie de registres répartis
CN109447648A (zh) 在区块链网络中记录数据区块的方法、记账节点和介质
TW202024944A (zh) 資料共享方法、裝置及系統、電子設備
WO2020082883A1 (fr) Procédé et dispositif de sélection d'objet et dispositif électronique
CN108428122A (zh) 一种分布式账本上的贸易融资方法及系统
CN109102269A (zh) 基于区块链的转账方法及装置、区块链节点及存储介质
US11488156B2 (en) Confidential asset transaction system
EP4000236A1 (fr) Gestion de ressources sécurisée pour empêcher un accès frauduleux à des ressources
WO2022257731A1 (fr) Procédé, dispositif et système pour effectuer une négociation d'algorithme sur un calcul de confidentialité
WO2022257720A1 (fr) Procédé, appareil et système de négociation algorithmique multipartite pour informatique de confidentialité
WO2022267787A1 (fr) Procédé, appareil et système pour déterminer une ressource de calcul dans un calcul de confidentialité
US10970180B2 (en) Methods and apparatus for verifying processing results and/or taking corrective actions in response to a detected invalid result
Lazareva et al. The Innovative Blockchain Technology in the Sharing Economy Subject Decision Making
KR102240888B1 (ko) 전문가에 의해 생성되는 프로젝트 결과물을 블록체인에 저장된 빅데이터 기반으로 관리하는 방법 및 시스템
WO2020062119A1 (fr) Procédé et système pour inciter un échange de données
US20230142659A1 (en) System and method for registering share of asset of which owner cannot be specified or ownership does not exist
KR102128874B1 (ko) 전문가에 의해 생성되는 프로젝트 결과물을 기여도 정보를 바탕으로 관리하는 방법 및 시스템
KR102128875B1 (ko) 전문가에 의해 생성되는 프로젝트 결과물에 대한 수익을 기여도 정보를 바탕으로 분배하는 방법 및 시스템
WO2021262073A1 (fr) Procédé et système permettant de commander un processus d'enchère

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22827284

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE