WO2024016549A1 - Multi-party collaboration-based privacy computing method and apparatus - Google Patents

Multi-party collaboration-based privacy computing method and apparatus Download PDF

Info

Publication number
WO2024016549A1
WO2024016549A1 PCT/CN2022/135217 CN2022135217W WO2024016549A1 WO 2024016549 A1 WO2024016549 A1 WO 2024016549A1 CN 2022135217 W CN2022135217 W CN 2022135217W WO 2024016549 A1 WO2024016549 A1 WO 2024016549A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
operator
instantiation
collaboration
privacy
Prior art date
Application number
PCT/CN2022/135217
Other languages
French (fr)
Chinese (zh)
Inventor
马超
王天雨
孙善禄
杨仁慧
Original Assignee
蚂蚁区块链科技(上海)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 蚂蚁区块链科技(上海)有限公司 filed Critical 蚂蚁区块链科技(上海)有限公司
Publication of WO2024016549A1 publication Critical patent/WO2024016549A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange

Definitions

  • Multiple embodiments of this specification relate to the field of blockchain technology, and in particular, to a privacy computing method and device based on multi-party collaboration.
  • Privacy computing refers to the technology that realizes data analysis and calculation on the premise of protecting the data itself from being leaked to the outside world.
  • the current mainstream privacy computing technologies usually include FL (Federated Learning) technology, MPC (Secure Multi-party Computation, multi-party secure computing) technology, TEE (Trusted Execute Environment, Trusted Execution Environment) technology, etc. wait.
  • FL Federated Learning
  • MPC Secure Multi-party Computation, multi-party secure computing
  • TEE Trusted Execution Environment
  • the data involved in privacy calculations may come from multiple different data sources. Therefore, how to use data from multiple different data sources to perform privacy calculations has been a focus of the industry.
  • the blockchain-based data collaboration platform connects multiple collaboration participants; the method is applied to any target collaboration participant among the multiple collaboration participants.
  • Corresponding server wherein, the plurality of collaboration participants respectively maintain data for participating in privacy calculations; the method includes: obtaining the user-specified data maintained by at least some of the collaboration participants among the plurality of collaboration participants.
  • the calculation process of performing privacy calculation on the data includes a calculation process composed of at least one functional operator specified by the user and related to the privacy calculation; obtaining at least part of the collaboration participants for which According to the data security requirements of the maintained data, at least one instantiation operator corresponding to the at least one functional operator that meets the data security requirements is selected from the instantiation operator library related to the privacy calculation, and based on The at least one instantiation operator generates an instantiation calculation process corresponding to the calculation process; creates a smart contract containing privacy calculation logic corresponding to the instantiation calculation process, and deploys the created smart contract to the
  • the data collaboration platform is connected to the blockchain network for the user to call.
  • This specification also proposes a privacy computing method based on multi-party collaboration, which method is applied to a data collaboration platform based on blockchain; wherein, the data collaboration platform connects multiple collaboration participants; the multiple collaboration participants Data used to participate in privacy calculations are respectively maintained; the method includes: obtaining the user-specified data uploaded by the corresponding server of any target collaboration participant among the multiple collaboration participants.
  • the calculation process of performing privacy calculation on at least part of the data maintained by the collaborative participants wherein the calculation process includes a calculation process composed of at least one functional operator specified by the user and related to the privacy calculation; obtaining the According to the data security requirements of at least some of the collaboration participants for the data they maintain, at least one corresponding to the at least one functional operator that meets the data security requirements is selected from the instantiation operator library related to the privacy calculation.
  • An instantiation operator and generate an instantiation calculation process corresponding to the calculation process based on the at least one instantiation operator; create a smart contract containing privacy calculation logic corresponding to the instantiation calculation process, and create The smart contract is deployed into the blockchain network connected to the data collaboration platform for the user to call.
  • This specification also proposes a privacy computing device based on multi-party collaboration.
  • the blockchain-based data collaboration platform connects multiple collaboration participants; the method is applied to collaborate with any target among the multiple collaboration participants.
  • the server corresponding to the party; wherein, the multiple collaboration participants respectively maintain data for participating in privacy calculations; the device includes: a first acquisition module, which acquires the user-specified data for the multiple collaboration participants.
  • a calculation process for performing privacy calculation on at least part of the data maintained by the collaborative participants wherein the calculation process includes a calculation process composed of at least one functional operator specified by the user and related to the privacy calculation; the first generation module , obtain the data security requirements of at least some of the collaborative participants for the data they maintain, and select the at least one functional operator that meets the data security requirements from the instantiation operator library related to the privacy calculation. corresponds to at least one instantiation operator, and generates an instantiation calculation process corresponding to the calculation process based on the at least one instantiation operator; the first deployment module creates a privacy calculation corresponding to the instantiation calculation process logical smart contract, and deploy the created smart contract to the blockchain network connected to the data collaboration platform for the user to call.
  • This specification also proposes a privacy computing device based on multi-party collaboration, which device is applied to a data collaboration platform based on blockchain; wherein, the data collaboration platform connects multiple collaboration participants; the multiple collaboration participants The data used to participate in privacy calculations are respectively maintained; the device includes: a second acquisition module, which acquires the data uploaded by the corresponding server of any target collaboration participant among the multiple collaboration participants and specified by the user.
  • the second generation module obtains the data security requirements of at least some of the collaborative participants for the data they maintain, and selects from the instantiation operator library related to the privacy calculation that satisfies the data security requirements. At least one instantiation operator corresponding to the at least one functional operator, and based on the at least one instantiation operator, an instantiation calculation process corresponding to the calculation process is generated; the second deployment module creates the Calculate the smart contract corresponding to the privacy calculation logic of the process, and deploy the created smart contract to the blockchain network connected to the data collaboration platform for the user to call.
  • Figure 1 is a system architecture diagram of a data collaboration platform according to an exemplary embodiment of this specification.
  • Figure 2 is a flowchart of a privacy calculation method based on multi-party collaboration illustrated in this specification according to an exemplary embodiment.
  • FIG. 3 is a schematic diagram illustrating virtualization processing of data maintained by multiple collaboration participants according to an exemplary embodiment of this specification.
  • Figure 4 is a flowchart of another privacy calculation method based on multi-party collaboration illustrated in this specification according to an exemplary embodiment.
  • FIG. 5 is a schematic structural diagram of an electronic device provided by an exemplary embodiment.
  • Figure 6 is a block diagram of a privacy computing device based on multi-party collaboration according to an exemplary embodiment of this specification.
  • FIG. 7 is a block diagram of another privacy computing device based on multi-party collaboration according to an exemplary embodiment of this specification.
  • the steps of the corresponding method are not necessarily performed in the order shown and described in this specification.
  • methods may include more or fewer steps than described in this specification.
  • a single step described in this specification may be broken down into multiple steps for description in other embodiments; and multiple steps described in this specification may also be combined into a single step in other embodiments. describe.
  • a centralized data collaboration platform is usually built.
  • This centralized data collaboration platform is usually responsible for scheduling and managing data from various data sources.
  • the data collaboration platform can query data from different data sources separately, and perform privacy calculations on the queried data based on its own privacy computing capabilities.
  • this specification proposes a scenario where privacy computing is performed based on data maintained by multiple data sources. Based on the privacy computing capabilities of the data collaboration platform itself, the user does not understand the security requirements of each collaboration participant for data use. Under the premise, we can flexibly plan technical solutions for instantiated computing processes corresponding to user-customized computing processes that meet the security requirements of each data source.
  • a data collaboration platform based on blockchain can be built, which can connect multiple collaboration participants. Each collaboration participant can maintain data used to participate in privacy calculations.
  • a user who accesses the server corresponding to the target collaboration participant has data maintained for at least some of the collaboration participants among the multiple collaboration participants.
  • the server corresponding to the target collaborator after obtaining the calculation process specified by the user, can further obtain the data security requirements of at least some of the collaboration participants for the data it maintains, from the instantiation related to privacy calculations Select at least one instantiation operator corresponding to the at least one functional operator that meets the data security requirements from the operator library, and generate an instantiation calculation process corresponding to the above calculation process based on the at least one instantiation operator.
  • a smart contract containing the privacy calculation logic corresponding to the instantiation calculation process can be created, and the created smart contract can be deployed to the blockchain network connected to the data collaboration platform for the user Make the call.
  • the calculation process of privacy calculation be more transparent, credible and easy to trace when performing privacy calculation on data from multiple data sources; moreover, it can also be used when the user does not understand the data of each collaborative participant.
  • the security requirements of use based on the privacy computing capabilities of the data collaboration platform itself, according to the different computing needs of users, different instantiation computing processes that can meet the security requirements of each collaboration participant for data use are planned, so as to This allows the data collaboration platform to flexibly adapt to different data privacy scenarios and activate more privacy computing scenarios.
  • Figure 1 is a system architecture diagram of a data collaboration platform according to an exemplary embodiment of this specification.
  • the above-mentioned data collaboration platform can be a blockchain-based privacy collaboration platform, which can connect to a blockchain network and multiple collaboration participants (that is, multiple data sources).
  • the data collaboration platform can perform calculation and scheduling on the data maintained by multiple collaboration participants, and complete privacy calculations from a global data perspective.
  • the data maintained by each collaboration participant is used for privacy calculations as a whole.
  • the data set is used to store data participating in privacy calculations.
  • the above calculation result set is used to store the calculation results obtained by performing privacy calculations on the data in the above data set.
  • the calculation result may specifically be an intermediate calculation result or a final calculation result.
  • the above data set and the above calculation result set can be a database.
  • the database used may be a homogeneous database or a heterogeneous database, which is not particularly limited in this specification.
  • each collaboration participant can also be equipped with several instantiation operators and functional components related to privacy computing.
  • the instantiation operators related to privacy computing carried by each collaboration participant can specifically include MPC-based instantiation operators, TEE-based instantiation operators, and TL-based instantiation operators, etc. wait.
  • Each instantiation operator corresponds to a computing operation or computing function based on a specific privacy computing technology. For a specific computing operation or computing function, it can correspond to a variety of instantiation operators based on a variety of privacy computing technologies.
  • the instantiation operator corresponding to the intersection calculation function may specifically include an instantiation operator for intersection calculation based on MPC, and an intersection calculation based on TEE. instantiation operator, etc. That is to say, for the intersection calculation function, two instantiation operators can be implemented based on MPC technology and TEE technology respectively.
  • each collaboration participant may include the following components, for example.
  • the application execution planning component is used to select at least one functional operator included in the user-specified calculation process from the instantiated operator library managed by the data collaboration platform based on the data security requirements of the data maintained by each collaboration participant. At least one instantiation operator corresponding to the child, and then based on the above at least one instantiation operator, plan an instantiation calculation process corresponding to the above calculation process that meets the above data security requirements of each collaboration participant.
  • the instantiated computing process is a specific data collaboration application for privacy computing planned based on the user-specified computing process.
  • the application contract management component is used to generate execution code related to the privacy calculation logic corresponding to the above instantiation calculation process, compile the generated execution code into smart contract code, and deploy it in the blockchain network connected to the data collaboration platform A smart contract containing the above smart contract code.
  • the execution scheduling component is used to interact with the above-mentioned smart contracts. By monitoring the call results of the smart contracts stored on the blockchain, it further calls the local instantiation operator to complete the relevant privacy calculations and submits the calculation results to The above smart contract.
  • Each collaboration participant can also provide an application execution client for users.
  • the application executes the client and is specifically used to provide users with access services to the data collaboration platform. Users can use the application to execute the client and specify the data corresponding to their own privacy computing needs based on the functional operators managed by the data collaboration platform.
  • the execution client can also be used to initiate a contract call for the above-mentioned smart contract, and the application execution client can be used to query the call result of the smart contract.
  • Figure 2 is a flow chart of a privacy calculation method based on multi-party collaboration illustrated in this specification according to an exemplary embodiment. This method can be applied to any of the multiple collaboration participants shown in Figure 1
  • Step 202 Obtain the user-specified calculation process for performing privacy calculations on data maintained by at least some of the multiple collaboration participants; wherein the calculation process includes the user-specified calculation process and the privacy calculation process.
  • a calculation process composed of at least one related functional operator.
  • the above-mentioned collaboration participants can specifically access data providers of the data collaboration platform.
  • the above-mentioned multiple collaboration participants may specifically include multiple data centers distributed in different regions.
  • the operators described in this manual refer to various calculation operations/calculation functions involved in the process of privacy calculation for data maintained by each collaboration participant. That is to say, any computing operation/computing function involved in the process of privacy calculation for data maintained by each collaboration participant can be called an operator.
  • the above-mentioned functional operator refers to a computing function or computing operation to be implemented. Any computing operation/computing function to be implemented in the process of performing privacy calculations on data maintained by each collaboration participant can be called a functional operator.
  • the above-mentioned instantiation operator refers to a computing function or computing operation that has been implemented based on a specific privacy computing technology.
  • the current mainstream privacy computing technologies usually include FL technology, MPC technology, and TEE technology, etc. Therefore, the instantiation operators in the above instantiation operator library can include instantiation operators implemented based on FL technology, Instantiation operators implemented based on MPC technology, operators implemented based on TEE technology, etc.
  • the instantiation operator corresponding to the functional operator can specifically include The instantiation operator for intersection calculation implemented by MPC technology, the instantiation operator for intersection calculation based on TEE technology, etc. That is to say, for the intersection calculation function, two instantiation operators can be implemented based on MPC technology and TEE technology respectively.
  • the privacy computing capability of the data collaboration platform itself is usually determined by the instantiation operator library managed by the data collaboration platform.
  • the instantiation operators in the instantiation operator library managed by the data collaboration platform can specifically be implemented based on the privacy computing technology supported by the data collaboration platform, and can also include operators based on each collaboration participation. Operator implemented by privacy computing technology supported by the party.
  • the data collaboration platform can cover the private computing capabilities of each accessed collaboration participant.
  • each collaboration participant can maintain a data collection locally for participating in privacy calculations.
  • the data collaboration platform can use data virtualization technology to perform data virtualization processing on the data sets maintained by each collaboration participant.
  • Data virtual machine technology is a kind of mapping of physical data maintained by multiple data sources into virtual data at the logical level, and then integrating the physical data maintained by multiple data sources into a logical virtual data collection (also known as is a logical view), a technology used by upper-layer applications.
  • a logical virtual data collection also known as is a logical view
  • the data sets maintained by each collaboration participant can be integrated into a virtual data collection for users to use.
  • mapping physical data maintained by multiple data sources into virtual data it usually refers to the process of mapping physical data attributes contained in the physical data into virtual data attributes. It should be noted that when mapping the physical data attributes contained in the physical data to virtual data attributes, a one-to-one mapping method can be used to map a physical data attribute contained in the physical data to a corresponding virtual data attribute. , you can also use many-to-one mapping to map multiple physical data attributes contained in physical data into a corresponding virtual data attribute.
  • FIG. 3 is a schematic diagram of performing data virtualization processing on data maintained by multiple collaborative participants according to an exemplary embodiment of this specification.
  • each attribute can represent a field in the data table.
  • the virtual data table obtained after performing data virtualization processing on the data stored in data sets 1-3 can contain attributes A-F.
  • the data virtualization processing method shown in Figure 3 shows that attribute 1 in data set 1, attribute 4 in data set 2, and attribute 8 in data set 3 adopt a many-to-one mapping method.
  • Attribute B; attribute 3 in data set 1 and attribute 6 in data set 2 are mapped to attribute C in the virtual data table using many-to-one mapping.
  • Attribute 10 in data set 3 is mapped to attribute D in the virtual data table using one-to-one mapping; attribute 7 in data set 2 is mapped to a virtual data table using one-to-one mapping.
  • Attribute E in Data Set 3; Attribute 11 in Data Set 3 is mapped to attribute F in the virtual data table using one-to-one mapping.
  • the data mapping method shown in Figure 3 is only exemplary. In actual applications, the data mapping method used when performing data virtualization on data maintained by multiple collaborative participants usually depends on the data.
  • the data semantics itself are not particularly limited in this specification; for example, when performing data mapping, if the data semantics of multiple data fields distributed in different collaboration participants are related, then the multiple data fields can be mapped Become a virtual data attribute.
  • the obtained virtual data table can be distributed to each collaboration participant, and each collaboration participant will further use the virtual data table as a global reflection of each collaboration participant.
  • the data view of the data status maintained by the collaboration participants is output and displayed to the user.
  • the above-mentioned data query request is specifically used to express the user's data query needs to the data collaboration platform.
  • the specific form of the data query request is not particularly limited in this specification.
  • the above data query request may be a data query statement (such as a SQL statement) input by the user.
  • users can specify the calculation process corresponding to their own privacy calculation needs based on the functional operators managed by the data collaboration platform.
  • the specific content of the above calculation process usually depends on the user's privacy calculation needs, and is not specifically limited in this specification.
  • users can use the functions in the above functional operator library to Operators can be combined in any form to customize the calculation process corresponding to your own calculation needs.
  • users can specify the calculation process operations corresponding to their own privacy calculation needs based on the functional operators managed by the data collaboration platform, which can be completed on the client.
  • the above virtual data set is a user information table that stores user personal information.
  • the information table includes gender fields and age fields.
  • the user's privacy calculation requirement for the user information table is to "query the average age data of male users stored in the user information table”
  • the user can choose from the above functional operator library
  • the functional operator corresponding to the calculation function "query and calculate the user information of male users in the user information table” and “screening and calculation of age data in the user information of male users in the user information table”
  • the functional operator corresponding to this calculation function, and the functional operator corresponding to the calculation function "average calculation sub-operation for filtered age data" are then customized based on the three selected functional operators.
  • the calculation process corresponding to its own privacy calculation needs.
  • the user's privacy calculation requirement for the user information table is to "train a machine learning model based on the user data in the user information table”
  • the user can select "Machine Learning Training" in the above functional operator library
  • the functional operator corresponding to this computing function can be used to customize the computing process corresponding to its own privacy computing needs.
  • the server corresponding to the above-mentioned target collaboration participant can specifically output the functional operator library related to privacy calculation managed by the data collaboration platform to the user through the client, and Obtain at least one functional operator selected by the user in the output functional operator library, and then generate privacy calculations based on the at least one functional operator based on the data maintained by at least some of the multiple collaboration participants. calculation process.
  • the server corresponding to the above-mentioned target collaboration participant can specifically output a calculation process planning interface to the user through the client; wherein, the calculation process planning interface can include the functional operator library .
  • Users can interact with the client through the computing process planning interface to express their own privacy computing needs.
  • the user can operate in the calculation process planning interface, select at least one functional operator from the functional operator library, and specify the logical sequence for the at least one functional operator in the calculation process planning interface. Express your computing needs to the client.
  • the user can form a DAG (Directed Acyclic Graph) by specifying a one-way logical sequence for at least one of the above functional operators in the calculation process planning interface.
  • Acyclic graph graphic structure.
  • the user's operation method in the calculation process planning interface is not particularly limited in this manual.
  • the functional operators included in the functional operator library can be input to the user in the form of options through the above-mentioned calculation process planning interface, and the user can select at least one functional operator from it, and perform the calculation in the above-mentioned calculation process.
  • the process planning interface one-way connections are set between the selected functional operators to express the logical sequence between the functional operators, and then based on the one-way logical sequence, at least one of the above functional operators is Concatenate them into a DAG graphic structure to serve as your own designated calculation process.
  • Step 204 Obtain the data security requirements of at least some of the collaboration participants for the data they maintain, and select the at least one functionality that meets the data security requirements from the instantiation operator library related to the privacy calculation. At least one instantiation operator corresponding to the operator, and based on the at least one instantiation operator, an instantiation calculation process corresponding to the calculation process is generated.
  • the server corresponding to the above-mentioned target collaboration participant after obtaining the user-specified calculation process for performing privacy calculations on the data maintained by at least some of the above-mentioned multiple collaboration participants, can calculate from the above-mentioned instantiation managed In the sub-library, select at least one instantiation operator corresponding to the above-mentioned at least one functional operator, and generate an instantiation query process corresponding to the above-mentioned calculation process based on the selected at least one instantiation operator.
  • the server corresponding to the above-mentioned target collaboration participant obtains the user-specified calculation process for performing privacy calculations on the data maintained by at least some of the above-mentioned multiple collaboration participants, it can specifically First, obtain the data security requirements of the data maintained by each collaboration participant, and then select at least one instantiation operator corresponding to at least one of the above functional operators that meets the above data security requirements from the above-mentioned instantiation operator library.
  • the data collaboration platform can still automatically make selections for users based on the user's privacy computing needs that meet the requirements of each collaboration participant.
  • the data security policy configured by each collaboration participant for the data maintained by each collaboration participant can, to a certain extent, reflect the security requirements of each collaboration participant for the use of data; therefore, when obtaining the data maintained by each collaboration participant, When meeting data security requirements, you can first obtain the data security policy configured by each collaboration participant for the data it maintains. After obtaining the data security policy configured by each collaboration participant for the data it maintains, you can based on the data security policy, To further determine the data security requirements of each collaboration participant for the data they maintain.
  • the specific content of the data security policy configured by each collaboration participant for the data maintained by each collaboration participant usually depends on the specific security requirements of each collaboration participant for data use, and therefore will not be specifically limited in this specification.
  • the above-mentioned data security policy may specifically include one or a combination of one or more of the following: a security level configured for the data; a security protection level configured for the data; and other The data trust relationship of the collaboration participants.
  • the security requirements of each collaboration participant for data use may also include one or a combination of the following: determining whether to allow the use of data based on the security level. Derive the security requirements of the data domain in which it is located; the security requirements determined based on the security protection level, whether to allow data desensitization processing on the data and the privacy calculation results of the data; determine based on the data trust relationship Security requirements to allow aggregation of data with data maintained by other collaborative participants.
  • corresponding data security requirements can also be configured for the instantiation operator library included in the instantiation operator library.
  • the data security requirements configured for the instantiation operator library are specifically used to indicate the data security requirements that the instantiation operator can meet.
  • the data security requirements of at least some of the above collaborative participants for the data they maintain can be matched with the found data security requirements corresponding to the at least one instantiation operator; and then based on the matching results, the above at least one instance can be An instantiation operator is further selected from the operators that matches the data security requirements of at least some of the above collaboration participants for the data they maintain.
  • the data collaboration platform can deploy a process planning component in a distributed manner on the server corresponding to the above-mentioned multiple collaboration participants.
  • the process planning component can be used to obtain at least part of the above-mentioned
  • at least one instantiation operator corresponding to the above-mentioned at least one functional operator that meets the above-mentioned data security requirements is selected from the managed instantiation operator library, and based on the above-mentioned
  • At least one instantiation operator generates an instantiation calculation process corresponding to the calculation process.
  • the instantiation operator library managed by the above data collaboration platform can also be delivered to the corresponding server of each collaboration participant, and maintained by each collaboration participant respectively.
  • the server corresponding to the above-mentioned target collaboration participant can call the process planning component to obtain the data security requirements of at least some of the above-mentioned collaboration participants for the data they maintain, From the locally maintained instantiation operator library related to the above-mentioned privacy calculation, select at least one instantiation operator corresponding to the above-mentioned at least one functional operator that meets the above-mentioned data security requirements, and based on the above-mentioned at least one instantiation operator Generate an instantiated query process corresponding to the above calculation process.
  • the above process planning component may include the application execution planning component shown in Figure 1.
  • the above-mentioned instantiation calculation process is a specific data collaboration application for privacy calculation planned based on the user-specified calculation process composed of functional operators.
  • an optimal instantiation calculation process when generating an instantiation calculation process corresponding to the above-mentioned calculation process based on the above-mentioned at least one instantiation operator, specifically multiple instantiation calculation processes may be generated based on the above-mentioned at least one instantiation operator, The multiple instantiated calculation processes are then output and displayed to the user, so that the user can select an optimal query process from the multiple instantiated calculation processes.
  • an optimal instantiation calculation process can be generated by default based on at least one of the above instantiation operators.
  • Step 206 Create a smart contract containing privacy computing logic corresponding to the instantiation calculation process, and deploy the created smart contract to the blockchain network connected to the data collaboration platform for the user Make the call.
  • the server can further compile the instantiation calculation process into the form of a smart contract and deploy it to interface with the data collaboration platform. in the blockchain network.
  • the above-mentioned server can first automatically generate execution code related to the privacy calculation logic corresponding to the above-mentioned instantiation calculation process, and compile the generated execution code into smart contract code; then, in conjunction with the above-mentioned data collaboration platform A smart contract containing the smart contract code is deployed in the connected blockchain network.
  • a smart contract containing the smart contract code is deployed in the connected blockchain network.
  • the specific process of deploying smart contracts will not be described in detail in this manual.
  • a smart contract creation transaction can be packaged based on the smart contract code, and the smart contract creation transaction can be published to the blockchain network.
  • the node device in the blockchain network can perform consensus verification on the smart contract creation transaction, and after the consensus verification passes, execute the smart contract call transaction, create a smart contract account in the blockchain, and transfer the smart contract
  • the smart contract code is anchored to the smart contract account to complete the creation of the smart contract.
  • the data collaboration platform can deploy smart contract management components in a distributed manner on the server corresponding to the above-mentioned multiple collaboration participants.
  • the smart contract management components can be used to generate and
  • the above-mentioned instantiation calculation process corresponds to the execution code related to the privacy calculation logic, compiles the generated execution code into smart contract code, and deploys the smart contract code containing the smart contract code in the blockchain network connected to the data collaboration platform. Smart contracts.
  • the server can call the smart contract management component to further generate the above-mentioned instantiation calculation process.
  • Corresponding privacy calculation logic related execution code compile the generated execution code into smart contract code, and deploy the smart contract containing the smart contract code in the blockchain network connected to the data collaboration platform.
  • the above-mentioned smart contract management component may specifically include the application contract management component shown in Figure 1.
  • the user when the deployment of the above-mentioned smart contract is completed, the user can initiate a contract call for the smart contract through the client to complete the privacy calculation for the data maintained by at least some of the above collaborative participants.
  • the privacy calculation logic corresponding to the above-mentioned instantiation calculation process may specifically be a calculation scheduling logic corresponding to the instantiation calculation process; wherein, the calculation scheduling logic is specifically used to target at least one of the above-mentioned instantiation calculation processes.
  • the instantiation operator performs calculation scheduling to complete privacy calculations for the data maintained by at least some of the above collaborative participants.
  • the above-mentioned smart contract may specifically be a smart contract that performs calculation and scheduling for the above-mentioned privacy calculation logic.
  • this smart contract in addition to maintaining the calculation scheduling sequence corresponding to each instantiation operator in the above-mentioned instantiation calculation process, it also needs to maintain the calculation status corresponding to each above-mentioned instantiation operator. This calculation status is used to represent each Whether the instantiation operator completes the calculation.
  • the smart contract can determine the instantiation operator that needs to be called first according to the calculation scheduling sequence, and then generate a calculation event corresponding to the instantiation operator.
  • the execution scheduling component on the server where the instantiation operator is located after listening to the calculation event, can further call the instantiation operator to perform data privacy calculations, and after the calculation is completed, the calculation results are mentioned to the smart contract. .
  • the smart contract receives the calculation result, it will trigger the calculation status of the instantiated operator to be updated to the completed calculation status.
  • the smart contract will continue to determine the next instantiated operator that needs to be called, and execute the same execution process as mentioned above, and so on. Until each instantiation operator in the above instantiation calculation process, the data privacy calculation is completed in sequence according to the calculation scheduling order.
  • Figure 4 is a flow chart of a privacy calculation method based on multi-party collaboration illustrated in this specification according to an exemplary embodiment.
  • This method can be applied to the data collaboration platform shown in Figure 1; for example, the data collaboration
  • the platform may specifically be a blockchain service platform used to manage the above-mentioned blockchain network; for example, a BaaS (Blockchain as a Service) platform; the method includes steps 402 to 406.
  • a BaaS Blockchain as a Service
  • Step 402 Obtain the user-specified data uploaded by the corresponding server of any target collaboration participant among the multiple collaboration participants and maintained for at least some of the collaboration participants to perform privacy calculations.
  • the calculation process wherein the calculation process includes a calculation process composed of at least one functional operator specified by the user and related to the privacy calculation.
  • the server corresponding to the above-mentioned target collaboration participant after obtaining the user-specified calculation process for performing privacy calculations on the data maintained by at least part of the above-mentioned multiple collaboration participants, can
  • the data query request is uploaded to the above-mentioned data collaboration platform, which performs centralized processing.
  • Step 404 Obtain the data security requirements of at least some of the collaboration participants for the data they maintain, and select from the instantiation operator library related to the privacy calculation the at least one functionality that satisfies the data security requirements. At least one instantiation operator corresponding to the operator, and based on the at least one instantiation operator, an instantiation calculation process corresponding to the calculation process is generated.
  • Step 406 Create a smart contract containing privacy calculation logic corresponding to the instantiation calculation process, and deploy the created smart contract to the blockchain network connected to the data collaboration platform for the user Make the call.
  • the above-mentioned data collaboration platform can execute the execution logic shown in steps 404-406, and perform centralized processing on the instantiation calculation process.
  • steps 404-406 For specific implementation details, please Referring to the description of the embodiment shown in FIG. 2 , no detailed description will be given in this specification.
  • the data maintained by each collaborative participant is virtualized to obtain a virtual data collection.
  • This not only enables full data fusion of multiple data sources, but also allows users to build on the virtual data collection based on the data virtualization processing technology.
  • using data from a global data perspective does not require the data storage status of each collaboration participant, so the complexity of data use can be significantly reduced.
  • the security requirements of each data source for data use can be used to automatically plan for users to meet the security requirements of each collaboration participant for data use. For the required instantiation calculation process, users no longer need to pay attention to the security requirements of each data source for the use of data.
  • the data collaboration platform its adaptability to privacy computing scenarios will also be significantly improved. , so this makes it possible for the data assistance platform to activate more data privacy computing scenarios that can meet the security requirements of different data sources.
  • this specification also provides embodiments of devices, electronic devices, and storage media.
  • FIG. 5 is a schematic structural diagram of an electronic device provided by an exemplary embodiment. Please refer to Figure 5.
  • the device includes a processor 502, an internal bus 504, a network interface 506, a memory 508, and a non-volatile memory 510.
  • the processor 502 reads the corresponding computer program from the non-volatile memory 510 into the memory 508 and then runs it.
  • the execution subject of the following processing flow is not limited to each A logic unit can also be a hardware or logic device.
  • FIG. 6 is a block diagram of a privacy computing device based on multi-party collaboration according to an exemplary embodiment of this specification.
  • the device 600 includes: a first acquisition module 601 that acquires a user-specified calculation process for performing privacy calculations on data maintained by at least some of the multiple collaboration participants; wherein the calculation process includes: The calculation process composed of at least one functional operator specified by the user and related to the privacy calculation; the first generation module 602 obtains the data security requirements of at least some of the collaborative participants for the data they maintain, from the data security requirements related to the privacy calculation.
  • At least one instantiation operator corresponding to the at least one functional operator that meets the data security requirements from a library of instantiation operators related to privacy computing, and generate the corresponding instantiation operator based on the at least one instantiation operator.
  • the instantiation calculation process corresponding to the calculation process; the first deployment module 603 creates a smart contract containing the privacy calculation logic corresponding to the instantiation calculation process, and deploys the created smart contract to the data collaboration platform. in the blockchain network for the user to make calls.
  • FIG 7 is a block diagram of another user service usage device shown in this specification according to an exemplary embodiment. This device can also be applied to the electronic device shown in Figure 5 to implement the instructions of this specification.
  • the device 700 includes: a second acquisition module 701, which acquires the information uploaded by the corresponding server of any target collaboration participant among the multiple collaboration participants and specified by the user for at least part of the multiple collaboration participants.
  • the calculation process of performing privacy calculation on data maintained by collaborative participants wherein the calculation process includes a calculation process composed of at least one functional operator specified by the user and related to the privacy calculation; the second analysis module 702, Obtain the data security requirements of at least some of the collaborative participants for the data they maintain, and select from the instantiation operator library related to the privacy calculation that satisfies the data security requirements and corresponds to the at least one functional operator. At least one instantiation operator, and generate an instantiation calculation process corresponding to the calculation process based on the at least one instantiation operator; the second generation module 703 creates a privacy calculation corresponding to the instantiation calculation process logical smart contract, and deploy the created smart contract to the blockchain network connected to the data collaboration platform for the user to call.
  • this specification also provides an electronic device, which includes a processor; a memory for storing instructions executable by the processor; wherein the processor is configured to implement all the previously described method flows. A step of.
  • this specification also provides a computer-readable storage medium on which executable instructions are stored; wherein, when the instructions are executed by the processor, all the steps in the method flow described previously are implemented.
  • the device embodiment since it basically corresponds to the method embodiment, please refer to the partial description of the method embodiment for relevant details.
  • the device embodiments described above are only illustrative.
  • the modules described as separate components may or may not be physically separated.
  • the components shown as modules may or may not be physical modules, that is, they may be located in One place, or it can be distributed to multiple network modules. Some or all of the modules can be selected according to actual needs to achieve the purpose of the solution in this specification. Persons of ordinary skill in the art can understand and implement the method without any creative effort.
  • a typical implementation device is a computer, which may be in the form of a personal computer, a laptop, a cellular phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email transceiver, or a game controller. desktop, tablet, wearable device, or a combination of any of these devices.
  • a computer includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
  • processors CPUs
  • input/output interfaces network interfaces
  • memory volatile and non-volatile memory
  • Memory may include non-permanent storage in computer-readable media, random access memory (RAM) and/or non-volatile memory in the form of read-only memory (ROM) or flash memory (flash RAM). Memory is an example of computer-readable media.
  • RAM random access memory
  • ROM read-only memory
  • flash RAM flash random access memory
  • Computer-readable media includes both persistent and non-volatile, removable and non-removable media that can be implemented by any method or technology for storage of information.
  • Information may be computer-readable instructions, data structures, modules of programs, or other data.
  • Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), and read-only memory.
  • PRAM phase change memory
  • SRAM static random access memory
  • DRAM dynamic random access memory
  • RAM random access memory
  • read-only memory read-only memory
  • ROM read-only memory
  • EEPROM electrically erasable programmable read-only memory
  • flash memory or other memory technology
  • compact disc read-only memory CD-ROM
  • DVD digital versatile disc
  • Magnetic tape cartridges magnetic disk storage, quantum memory, graphene-based storage media or other magnetic storage devices, or any other non-transmission medium, can be used to store information that can be accessed by computing devices.
  • computer-readable media does not include transitory media, such as modulated data signals and carrier waves.
  • first, second, third, etc. may use the terms first, second, third, etc. to describe various information, the information should not be limited to these terms. These terms are only used to distinguish information of the same type from each other.
  • first information may also be called second information, and similarly, the second information may also be called first information.
  • word “if” as used herein may be interpreted as "when” or “when” or “in response to determining.”

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Business, Economics & Management (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Accounting & Taxation (AREA)
  • Computer Security & Cryptography (AREA)
  • Databases & Information Systems (AREA)
  • Software Systems (AREA)
  • Finance (AREA)
  • Development Economics (AREA)
  • Mathematical Physics (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Strategic Management (AREA)
  • Technology Law (AREA)
  • General Business, Economics & Management (AREA)
  • Computing Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Data Mining & Analysis (AREA)
  • Storage Device Security (AREA)

Abstract

One or more embodiments of the present description provide a multi-party collaboration-based privacy computing method and apparatus. The method comprises: acquiring a computing process, specified by a user, of performing privacy computing on data maintained by at least some collaborative participants among a plurality of collaborative participants, wherein the computing process comprises a computing process specified by the user and composed of at least one functional operator related to privacy computing; acquiring a data security requirement of the at least some collaborative participants on the data maintained by said collaborative participants, selecting, from an instantiated operator library related to privacy computing, at least one instantiated operator satisfying the data security requirement and corresponding to the at least one functional operator, and on the basis of the at least one instantiated operator, generating an instantiated computing process corresponding to the computing process; and creating a smart contract containing a privacy computing logic corresponding to the instantiated computing process, and deploying the created smart contract into a blockchain network connected to a data collaboration platform.

Description

一种基于多方协作的隐私计算方法及装置A privacy computing method and device based on multi-party collaboration 技术领域Technical field
本说明书多个实施例涉及区块链技术领域,尤其涉及一种基于多方协作的隐私计算方法及装置。Multiple embodiments of this specification relate to the field of blockchain technology, and in particular, to a privacy computing method and device based on multi-party collaboration.
背景技术Background technique
隐私计算(Privacy compute),是指在保护数据本身不对外泄露的前提下,实现数据分析计算的技术。例如,目前主流的隐私计算技术通常可以包括,FL(Federated Learning,联邦学习)技术、MPC(Secure Multi-party Computation,多方安全计算)技术,TEE(Trusted Execute Environment,可信执行环境)技术,等等。在实际应用中,参与隐私计算的数据可能来自于多个不同的数据源,因此如何利用多个不同的数据源的数据来进行隐私计算,是业界一直以来关注的重点。Privacy computing refers to the technology that realizes data analysis and calculation on the premise of protecting the data itself from being leaked to the outside world. For example, the current mainstream privacy computing technologies usually include FL (Federated Learning) technology, MPC (Secure Multi-party Computation, multi-party secure computing) technology, TEE (Trusted Execute Environment, Trusted Execution Environment) technology, etc. wait. In practical applications, the data involved in privacy calculations may come from multiple different data sources. Therefore, how to use data from multiple different data sources to perform privacy calculations has been a focus of the industry.
发明内容Contents of the invention
本说明书提出一种基于多方协作的隐私计算方法,基于区块链的数据协作平台对接了多个协作参与方;所述方法应用于与所述多个协作参与方中的任一目标协作参与方对应的服务端;其中,所述多个协作参与方分别维护了用于参与隐私计算的数据;所述方法包括:获取用户指定的针对所述多个协作参与方中的至少部分协作参与方维护的数据进行隐私计算的计算流程;其中,所述计算流程包括由所述用户指定的与所述隐私计算相关的至少一个功能性算子构成的计算流程;获取所述至少部分协作参与方针对其维护的数据的数据安全要求,从与所述隐私计算相关的实例化算子库中选择满足所述数据安全要求的与所述至少一个功能性算子对应的至少一个实例化算子,并基于所述至少一个实例化算子生成与所述计算流程对应的实例化计算流程;创建包含与所述实例化计算流程对应的隐私计算逻辑的智能合约,并将创建的所述智能合约部署到与所述数据协作平台对接的区块链网络中,以供所述用户进行调用。This specification proposes a privacy computing method based on multi-party collaboration. The blockchain-based data collaboration platform connects multiple collaboration participants; the method is applied to any target collaboration participant among the multiple collaboration participants. Corresponding server; wherein, the plurality of collaboration participants respectively maintain data for participating in privacy calculations; the method includes: obtaining the user-specified data maintained by at least some of the collaboration participants among the plurality of collaboration participants. The calculation process of performing privacy calculation on the data; wherein the calculation process includes a calculation process composed of at least one functional operator specified by the user and related to the privacy calculation; obtaining at least part of the collaboration participants for which According to the data security requirements of the maintained data, at least one instantiation operator corresponding to the at least one functional operator that meets the data security requirements is selected from the instantiation operator library related to the privacy calculation, and based on The at least one instantiation operator generates an instantiation calculation process corresponding to the calculation process; creates a smart contract containing privacy calculation logic corresponding to the instantiation calculation process, and deploys the created smart contract to the The data collaboration platform is connected to the blockchain network for the user to call.
本说明书还提出一种基于多方协作的隐私计算方法,所述方法应用于基于区块链的数据协作平台;其中,所述数据协作平台对接了多个协作参与方;所述多个协作参与方分别维护了用于参与隐私计算的数据;所述方法包括:获取所述多个协作参与方中的任一目标协作参与方对应服务端上传的,由用户指定的针对所述多个协作参与方中的至少部分协作参与方维护的数据进行隐私计算的计算流程;其中,所述计算流程包括由所述用户指定的与所述隐私计算相关的至少一个功能性算子构成的计算流程;获取所述至少部分协作参与方针对其维护的数据的数据安全要求,从与所述隐私计算相关的实例化算子库中选择满足所述数据安全要求的与所述至少一个功能性算子对应的至少一个实例化算子,并基于所述至少一个实例化算子生成与所述计算流程对应的实例化计算流程;创建包含与所述实例化计算流程对应的隐私计算逻辑的智能合约,并将创建的所述智能合约部署到与所述数据协作平台对接的区块链网络中,以供所述用户进行调用。This specification also proposes a privacy computing method based on multi-party collaboration, which method is applied to a data collaboration platform based on blockchain; wherein, the data collaboration platform connects multiple collaboration participants; the multiple collaboration participants Data used to participate in privacy calculations are respectively maintained; the method includes: obtaining the user-specified data uploaded by the corresponding server of any target collaboration participant among the multiple collaboration participants. The calculation process of performing privacy calculation on at least part of the data maintained by the collaborative participants; wherein the calculation process includes a calculation process composed of at least one functional operator specified by the user and related to the privacy calculation; obtaining the According to the data security requirements of at least some of the collaboration participants for the data they maintain, at least one corresponding to the at least one functional operator that meets the data security requirements is selected from the instantiation operator library related to the privacy calculation. An instantiation operator, and generate an instantiation calculation process corresponding to the calculation process based on the at least one instantiation operator; create a smart contract containing privacy calculation logic corresponding to the instantiation calculation process, and create The smart contract is deployed into the blockchain network connected to the data collaboration platform for the user to call.
本说明书还提出一种基于多方协作的隐私计算装置,基于区块链的数据协作平台对接了多个协作参与方;所述方法应用于与所述多个协作参与方中的任一目标协作参与方对应的服务端;其中,所述多个协作参与方分别维护了用于参与隐私计算的数据;所述装置包括:第一获取模块,获取用户指定的针对所述多个协作参与方中的至少部分协作参与方维护的数据进行隐私计算的计算流程;其中,所述计算流程包括由所述用户指定的与所述隐私计算相关的至少一个功能性算子构成的计算流程;第一生成模块,获取所述至少部分协作参与方针对其维护的数据的数据安全要求,从与所述隐私计算相关的实例化算子库中选择满足所述数据安全要求的与所述至少一个功能性算子对应的至少一个实例化算子,并基于所述至少一个实例化算子生成与所述计算流程对应的实例化计算流程;第一部署模块,创建包含与所述实例化计算流程对应的隐私计算逻辑的智能合约,并将创建的所述智能合约部署到与所述数据协作平台对接的区块链网络中,以供所述用户进行调用。This specification also proposes a privacy computing device based on multi-party collaboration. The blockchain-based data collaboration platform connects multiple collaboration participants; the method is applied to collaborate with any target among the multiple collaboration participants. The server corresponding to the party; wherein, the multiple collaboration participants respectively maintain data for participating in privacy calculations; the device includes: a first acquisition module, which acquires the user-specified data for the multiple collaboration participants. A calculation process for performing privacy calculation on at least part of the data maintained by the collaborative participants; wherein the calculation process includes a calculation process composed of at least one functional operator specified by the user and related to the privacy calculation; the first generation module , obtain the data security requirements of at least some of the collaborative participants for the data they maintain, and select the at least one functional operator that meets the data security requirements from the instantiation operator library related to the privacy calculation. corresponds to at least one instantiation operator, and generates an instantiation calculation process corresponding to the calculation process based on the at least one instantiation operator; the first deployment module creates a privacy calculation corresponding to the instantiation calculation process logical smart contract, and deploy the created smart contract to the blockchain network connected to the data collaboration platform for the user to call.
本说明书还提出一种基于多方协作的隐私计算装置,所述装置应用于基于区块链的数据协作平台;其中,所述数据协作平台对接了多个协作参与方;所述多个协作参与方分别维护了用于参与隐私计算的数据;所述装置包括:第二获取模块,获取所述多个协作参与方中的任一目标协作参与方对应服务端上传的,由用户指定的针对所述多个协作参与方中的至少部分协作参与方维护的数据进行隐私计算的计算流程;其中,所述计算流程包括由所述用户指定的与所述隐私计算相关的至少一个功能性算子构成的计算流程;第二生成模块,获取所述至少部分协作参与方针对其维护的数据的数据安全要求,从与所述隐私计算相关的实例化算子库中选择满足所述数据安全要求的与所述至少一个功能性算子对应的至少一个实例化算子,并基于所述至少一个实例化算子生成与所述计算流程对应的实例化计算流程;第二部署模块创建包含与所述实例化计算流程对应的隐私计算逻辑的智能合约,并将创建的所述智能合约部署到与所述数据协作平台对接的区块链网络中,以供所述用户进行调用。This specification also proposes a privacy computing device based on multi-party collaboration, which device is applied to a data collaboration platform based on blockchain; wherein, the data collaboration platform connects multiple collaboration participants; the multiple collaboration participants The data used to participate in privacy calculations are respectively maintained; the device includes: a second acquisition module, which acquires the data uploaded by the corresponding server of any target collaboration participant among the multiple collaboration participants and specified by the user. A calculation process for performing privacy calculation on data maintained by at least some of the multiple collaboration participants; wherein the calculation process includes at least one functional operator specified by the user and related to the privacy calculation. Calculation process; the second generation module obtains the data security requirements of at least some of the collaborative participants for the data they maintain, and selects from the instantiation operator library related to the privacy calculation that satisfies the data security requirements. At least one instantiation operator corresponding to the at least one functional operator, and based on the at least one instantiation operator, an instantiation calculation process corresponding to the calculation process is generated; the second deployment module creates the Calculate the smart contract corresponding to the privacy calculation logic of the process, and deploy the created smart contract to the blockchain network connected to the data collaboration platform for the user to call.
在本说明书以上的技术方案中,不仅可以在针对来自多个数据源的数据进行隐私计算时,让隐私计算的计算过程更加透明可信并且便于追溯;而且,还可以在用户不了解各个协作参与方对于数据使用的安全性要求的前提下,基于数据协作平台自身的隐私计算能力,针对用户不同的计算需求,规划出不同的能够满足各个协作参与方对于数据使用的安全性要求的实例化计算流程,从而使得该数据协作平台可以灵活的适配不同的数据隐私场景,可以激活更多的隐私计算场景。In the technical solution above in this specification, not only can the calculation process of privacy calculation be more transparent, credible and easy to trace when performing privacy calculation on data from multiple data sources; moreover, it can also be used when the user does not understand each collaboration participant Based on the data collaboration platform's own privacy computing capabilities and the different computing needs of users, we plan different instantiation calculations that can meet the security requirements of each collaboration participant for data use, based on the security requirements of each party for data use. process, so that the data collaboration platform can flexibly adapt to different data privacy scenarios and activate more private computing scenarios.
附图说明Description of drawings
图1是本说明书一示例性实施例示出的数据协作平台的系统架构图。Figure 1 is a system architecture diagram of a data collaboration platform according to an exemplary embodiment of this specification.
图2是本说明书根据一示例性实施例示出的一种基于多方协作的隐私计算方法的流程图。Figure 2 is a flowchart of a privacy calculation method based on multi-party collaboration illustrated in this specification according to an exemplary embodiment.
图3是本说明书根据一示例性实施例示出的一种对多个协作参与方维护的数据进行虚拟化处理的示意图。FIG. 3 is a schematic diagram illustrating virtualization processing of data maintained by multiple collaboration participants according to an exemplary embodiment of this specification.
图4是本说明书根据一示例性实施例示出的另一种基于多方协作的隐私计算方法的流程图。Figure 4 is a flowchart of another privacy calculation method based on multi-party collaboration illustrated in this specification according to an exemplary embodiment.
图5是一示例性实施例提供的一种电子设备的示意结构图。FIG. 5 is a schematic structural diagram of an electronic device provided by an exemplary embodiment.
图6是本说明书根据一示例性实施例示出的一种基于多方协作的隐私计算装置的框图。Figure 6 is a block diagram of a privacy computing device based on multi-party collaboration according to an exemplary embodiment of this specification.
图7是本说明书根据一示例性实施例示出的另一种基于多方协作的隐私计算装置的框图。FIG. 7 is a block diagram of another privacy computing device based on multi-party collaboration according to an exemplary embodiment of this specification.
具体实施方式Detailed ways
为了使本技术领域的人员更好地理解本说明书中的技术方案,下面将结合本说明书实施例中的附图,对本说明书实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本说明书一部分实施例,而不是全部的实施例。基于本说明书中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都应当属于本说明书保护的范围。In order to enable those skilled in the art to better understand the technical solutions in this specification, the technical solutions in the embodiments of this specification will be clearly and completely described below in conjunction with the accompanying drawings in the embodiments of this specification. Obviously, the described The embodiments are only some of the embodiments of this specification, but not all of the embodiments. Based on the embodiments in this specification, all other embodiments obtained by those of ordinary skill in the art without creative efforts should fall within the scope of protection of this specification.
需要说明的是:在其他实施例中并不一定按照本说明书示出和描述的顺序来执行相应方法的步骤。在一些其他实施例中,其方法所包括的步骤可以比本说明书所描述的更多或更少。此外,本说明书中所描述的单个步骤,在其他实施例中可能被分解为多个步骤进行描述;而本说明书中所描述的多个步骤,在其他实施例中也可能被合并为单个步骤进行描述。It should be noted that in other embodiments, the steps of the corresponding method are not necessarily performed in the order shown and described in this specification. In some other embodiments, methods may include more or fewer steps than described in this specification. In addition, a single step described in this specification may be broken down into multiple steps for description in other embodiments; and multiple steps described in this specification may also be combined into a single step in other embodiments. describe.
在针对来自多个不同的数据源的数据进行隐私计算的场景中,为了打破各个数据源之间的信息孤岛,实现充分的数据融合,通常会搭建一个中心化的数据协作平台。该中心化的数据协作平台,通常负责对各个数据源的数据进行调度管理。在需要针对来自多个不同的数据源的数据进行隐私计算时,可以由该数据协作平台从不同的数据源分别查询数据,并基于自身的隐私计算能力,对查询到的数据进行隐私计算处理。In scenarios where privacy computing is performed on data from multiple different data sources, in order to break the information silos between various data sources and achieve sufficient data integration, a centralized data collaboration platform is usually built. This centralized data collaboration platform is usually responsible for scheduling and managing data from various data sources. When privacy calculations need to be performed on data from multiple different data sources, the data collaboration platform can query data from different data sources separately, and perform privacy calculations on the queried data based on its own privacy computing capabilities.
然而,在实际应用中,不同的数据源对于其维护的数据的使用,通常都具有不同的安全性要求;比如,部分数据源可能会出于隐私保护的目的,禁止将数据导出其所在的数据域进行使用,或者不允许将其维护的数据与其他数据源维护的数据进行汇总后使用,等等。However, in actual applications, different data sources usually have different security requirements for the use of the data they maintain; for example, some data sources may prohibit the export of data where they are located for the purpose of privacy protection. domain, or does not allow the data it maintains to be aggregated with data maintained by other data sources, etc.
而不同的数据源对于数据的安全性要求上存在的这种差异,可能会衍生出大量的数据查询和隐私计算的场景。因此,对于数据协作平台来说,如何灵活的去适配这些数据查询和隐私计算的场景,则具有非常重要的意义。The differences in data security requirements of different data sources may lead to a large number of data query and privacy calculation scenarios. Therefore, it is of great significance for a data collaboration platform to flexibly adapt to these data query and privacy computing scenarios.
基于此,本说明书提出一种在基于多个数据源维护的数据进行隐私计算的场景下,基于数据协作平台自身的隐私计算能力,在用户不了解各个协作参与方对于数据使用的安全性要求的前提下,来灵活的规划与用户定制的计算流程对应的满足各个数据源的安全性要求的实例化计算流程的技术方案。Based on this, this specification proposes a scenario where privacy computing is performed based on data maintained by multiple data sources. Based on the privacy computing capabilities of the data collaboration platform itself, the user does not understand the security requirements of each collaboration participant for data use. Under the premise, we can flexibly plan technical solutions for instantiated computing processes corresponding to user-customized computing processes that meet the security requirements of each data source.
在实现时,可以搭建一个基于区块链的数据协作平台,该数据协作平台可以对接多个协作参与方。其中,每一个协作参与方,都可以维护用于参与隐私计算的数据。During implementation, a data collaboration platform based on blockchain can be built, which can connect multiple collaboration participants. Each collaboration participant can maintain data used to participate in privacy calculations.
对于该多个协作参与方中的任一目标协作参与方来说,接入该目标协作参与方对应的服务端的用户,在具有针对该多个协作参与方中的至少部分协作参与方维护的数据进行隐私计算的计算需求时,可以基于与隐私计算相关的功能性算子库中的功能性算子,指定一个与自身的计算需求对应的计算流程。For any target collaboration participant among the multiple collaboration participants, a user who accesses the server corresponding to the target collaboration participant has data maintained for at least some of the collaboration participants among the multiple collaboration participants. When performing calculation requirements for privacy calculations, you can specify a calculation process corresponding to your own calculation requirements based on the functional operators in the functional operator library related to privacy calculations.
而该目标协方参与方对应的服务端,在获取到用户指定的计算流程之后,可以进一步获取所述至少部分协作参与方针对其维护的数据的数据安全要求,从与隐私计算相关的实例化算子库中选择满足该数据安全要求的与所述至少一个功能性算子对应的至少一个实例化算子,并基于上述至少一个实例化算子生成与上述计算流程对应的实例化计算流程。The server corresponding to the target collaborator, after obtaining the calculation process specified by the user, can further obtain the data security requirements of at least some of the collaboration participants for the data it maintains, from the instantiation related to privacy calculations Select at least one instantiation operator corresponding to the at least one functional operator that meets the data security requirements from the operator library, and generate an instantiation calculation process corresponding to the above calculation process based on the at least one instantiation operator.
然后,可以创建包含与所述实例化计算流程对应的隐私计算逻辑的智能合约,并将创建的所述智能合约部署到与所述数据协作平台对接的区块链网络中,以供所述用户进行调用。Then, a smart contract containing the privacy calculation logic corresponding to the instantiation calculation process can be created, and the created smart contract can be deployed to the blockchain network connected to the data collaboration platform for the user Make the call.
在以上技术方案中,不仅可以在针对来自多个数据源的数据进行隐私计算时,让隐私计算的计算过程更加透明可信并且便于追溯;而且,还可以在用户不了解各个协作参与方对于数据使用的安全性要求的前提下,基于数据协作平台自身的隐私计算能力,针对用户不同的计算需求,规划出不同的能够满足各个协作参与方对于数据使用的安全性要求的实例化计算流程,从而使得该数据协作平台可以灵活的适配不同的数据隐私场景,可以激活更多的隐私计算场景。In the above technical solution, not only can the calculation process of privacy calculation be more transparent, credible and easy to trace when performing privacy calculation on data from multiple data sources; moreover, it can also be used when the user does not understand the data of each collaborative participant. Under the premise of the security requirements of use, based on the privacy computing capabilities of the data collaboration platform itself, according to the different computing needs of users, different instantiation computing processes that can meet the security requirements of each collaboration participant for data use are planned, so as to This allows the data collaboration platform to flexibly adapt to different data privacy scenarios and activate more privacy computing scenarios.
请参见图1,图1是本说明书一示例性实施例示出的数据协作平台的系统架构图。Please refer to Figure 1, which is a system architecture diagram of a data collaboration platform according to an exemplary embodiment of this specification.
如图1所示,上述数据协作平台,具体可以是一个基于区块链的隐私协作平台,可以对接一个区块链网络,以及多个协作参与方(即多个数据源)。该数据协作平台可以对该多个协作参与方维护的数据进行计算调度,从全局的数据视角完成隐私计算。As shown in Figure 1, the above-mentioned data collaboration platform can be a blockchain-based privacy collaboration platform, which can connect to a blockchain network and multiple collaboration participants (that is, multiple data sources). The data collaboration platform can perform calculation and scheduling on the data maintained by multiple collaboration participants, and complete privacy calculations from a global data perspective.
例如,在符合各个协作参与方对数据的安全性要求的前提下,将各个协作参与方维护的数据作为一个整体进行隐私计算。For example, on the premise that the data security requirements of each collaboration participant are met, the data maintained by each collaboration participant is used for privacy calculations as a whole.
对于各个协作参与方来说,可以分别维护数据集合和计算结果集。其中,数据集,用于存储参与隐私计算的数据。上述计算结果集,用于存储针对上述数据集中的数据进行隐私计算得到的计算结果。该计算结果具体可以是中间计算结果,也可以是最终的计算结果。For each collaboration participant, data sets and calculation result sets can be maintained separately. Among them, the data set is used to store data participating in privacy calculations. The above calculation result set is used to store the calculation results obtained by performing privacy calculations on the data in the above data set. The calculation result may specifically be an intermediate calculation result or a final calculation result.
需要说明的是,上述数据集和上述计算结果集,具体都可以是一个数据库。对于不同的协作参与方来说,采用的数据库可以是同构的数据库,也可以是异构的数据库,在本说明书中不进行特别限定。It should be noted that the above data set and the above calculation result set can be a database. For different collaboration participants, the database used may be a homogeneous database or a heterogeneous database, which is not particularly limited in this specification.
除了上述数据集和计算结果集以外,各个协作参与方还可以搭载若干与隐私计算相关的实例化算子和功能组件。In addition to the above-mentioned data sets and calculation result sets, each collaboration participant can also be equipped with several instantiation operators and functional components related to privacy computing.
如图1所示,各个协作参与方搭载的与隐私计算相关的实例化算子,具体可以包括基于MPC的实例化算子、基于TEE的实例化算子、以及基于TL的实例算子,等等。每一种实例化算子,都对应一种基于特定的隐私计算技术实现的一项计算操作或者计算功能。而对于某一项具体的计算操作或者计算功能来说,可以对应基于多种隐私计算技术实现的多种实例化算子。As shown in Figure 1, the instantiation operators related to privacy computing carried by each collaboration participant can specifically include MPC-based instantiation operators, TEE-based instantiation operators, and TL-based instantiation operators, etc. wait. Each instantiation operator corresponds to a computing operation or computing function based on a specific privacy computing technology. For a specific computing operation or computing function, it can correspond to a variety of instantiation operators based on a variety of privacy computing technologies.
例如,以要实现的计算功能为求交集计算为例,那么与该求交集计算功能对应的实例化算子,具体可以包括基于MPC的求交集计算的实例化算子,基于TEE的求交集计算的实例化算子,等等。也即,对于求交集计算功能,可以分别基于MPC技术和TEE技术实现出两种实例化算子。For example, taking the calculation function to be implemented as intersection calculation as an example, the instantiation operator corresponding to the intersection calculation function may specifically include an instantiation operator for intersection calculation based on MPC, and an intersection calculation based on TEE. instantiation operator, etc. That is to say, for the intersection calculation function, two instantiation operators can be implemented based on MPC technology and TEE technology respectively.
如图1所示,各个协作参与方搭载的功能组件,例如可以包括以下几种组件。As shown in Figure 1, the functional components carried by each collaboration participant may include the following components, for example.
应用执行规划组件,用于基于各个协作参与方针对其维护的数据的数据安全要求,从数据协作平台管理的实例化算子库中,选择与用户指定的计算流程中包含的至少一个功能性算子对应的至少一个实例化算子,再基于上述至少一个实例化算子规划出,满足各个协作参与方的上述数据安全要求的,与上述计算流程对应的实例化计算流程。此时该实例化计算流程,即为基于用户指定的计算流程,规划出的一个具体的用于进行隐私计算的数据协作应用。The application execution planning component is used to select at least one functional operator included in the user-specified calculation process from the instantiated operator library managed by the data collaboration platform based on the data security requirements of the data maintained by each collaboration participant. At least one instantiation operator corresponding to the child, and then based on the above at least one instantiation operator, plan an instantiation calculation process corresponding to the above calculation process that meets the above data security requirements of each collaboration participant. At this time, the instantiated computing process is a specific data collaboration application for privacy computing planned based on the user-specified computing process.
应用合约管理组件,用于生成与上述实例化计算流程对应的隐私计算逻辑相关的执行代码,并将生成的执行代码编译成为智能合约代码,并在与数据协作平台对接的区块链网络中部署包含上述智能合约代码的智能合约。The application contract management component is used to generate execution code related to the privacy calculation logic corresponding to the above instantiation calculation process, compile the generated execution code into smart contract code, and deploy it in the blockchain network connected to the data collaboration platform A smart contract containing the above smart contract code.
执行调度组件,用于与上述智能合约进行交互,通过监听区块链上存储的智能合约的调用结果,来进一步调用本地的实例化算子,来完成相关的隐私计算,并将计算结果提交给上述智能合约。The execution scheduling component is used to interact with the above-mentioned smart contracts. By monitoring the call results of the smart contracts stored on the blockchain, it further calls the local instantiation operator to complete the relevant privacy calculations and submits the calculation results to The above smart contract.
其中,需要说明的是,以上示出的各个功能组件,仅为示意性的,在实际应用中,可以基于实际的需求对其中的部分组件的进行整合,也可以对部分组件进行进一步的拆分,在本说明书中不进行特别限定。It should be noted that the functional components shown above are only illustrative. In actual applications, some of the components can be integrated based on actual needs, or some of the components can be further split. , is not particularly limited in this specification.
还需要说明的是,以上示出的各个功能组件中除了执行调度组件以外的其它组件,可以由数据协作平台分布式的部署在各个协作参与方(图1示出的就是这种分布式的部署在各个协作参与方的情况),也可以中心化的部署在数据协作平台上,在本说明书中不进行特别限定。例如,可以中心化的部署在用于对上述区块链网络进行管理的一个区块链服务平台(图1中未示出)上。It should also be noted that, among the functional components shown above, other components except the execution scheduling component can be deployed in a distributed manner on each collaboration participant by the data collaboration platform (Figure 1 shows this distributed deployment In the case of each collaboration participant), it can also be deployed centrally on the data collaboration platform, which is not specifically limited in this specification. For example, it can be deployed centrally on a blockchain service platform (not shown in Figure 1) used to manage the above-mentioned blockchain network.
请继续参见图1,各个协作参与方来说,还可以面向用户提供一个应用执行客户端。Please continue to refer to Figure 1. Each collaboration participant can also provide an application execution client for users.
该应用执行客户端,具体用于面向用户提供数据协作平台的接入服务,用户可以通过该应用执行客户端,基于数据协作平台管理的功能性算子,来指定与自身的隐私计算需求对应的计算流程,还可以通过该执行客户端,发起针对上述智能合约的合约调用,并通过该应用执行客户端,来查询该智能合约的调用结果。The application executes the client and is specifically used to provide users with access services to the data collaboration platform. Users can use the application to execute the client and specify the data corresponding to their own privacy computing needs based on the functional operators managed by the data collaboration platform. In the calculation process, the execution client can also be used to initiate a contract call for the above-mentioned smart contract, and the application execution client can be used to query the call result of the smart contract.
请参见图2,图2是本说明书根据一示例性实施例示出的一种基于多方协作的隐私计算方法的流程图,该方法可以应用于图1所示的多个协作参与方中的任一目标协作参与方对应的服务端;所述方法包括步骤202至步骤206。Please refer to Figure 2. Figure 2 is a flow chart of a privacy calculation method based on multi-party collaboration illustrated in this specification according to an exemplary embodiment. This method can be applied to any of the multiple collaboration participants shown in Figure 1 The server corresponding to the target collaboration participant; the method includes steps 202 to 206.
步骤202,获取用户指定的针对所述多个协作参与方中的至少部分协作参与方维护的数据进行隐私计算的计算流程;其中,所述计算流程包括由所述用户指定的与所述隐私计算相关的至少一个功能性算子构成的计算流程。Step 202: Obtain the user-specified calculation process for performing privacy calculations on data maintained by at least some of the multiple collaboration participants; wherein the calculation process includes the user-specified calculation process and the privacy calculation process. A calculation process composed of at least one related functional operator.
上述协作参与方,具体可以接入数据协作平台的数据提供方。例如,在一个例子中,上述多个协作参与方,具体可以包括分布在不同地域的多个数据中心。The above-mentioned collaboration participants can specifically access data providers of the data collaboration platform. For example, in one example, the above-mentioned multiple collaboration participants may specifically include multiple data centers distributed in different regions.
本说明书中描述的算子,是指针对各个协作参与方维护的数据进行隐私计算的过程中所涉及的各种计算操作/计算功能。也即,针对各个协作参与方维护的数据进行隐私计算的过程中所涉及的任何一项计算操作/计算功能,都可以称之为是一个算子。The operators described in this manual refer to various calculation operations/calculation functions involved in the process of privacy calculation for data maintained by each collaboration participant. That is to say, any computing operation/computing function involved in the process of privacy calculation for data maintained by each collaboration participant can be called an operator.
上述功能性算子,是指一项待实现的计算功能或者计算操作。针对各个协作参与方维护的数据进行隐私计算的过程中所涉及的任何一项待实现的计算操作/计算功能,都可以称之为是一个功能性算子。而上述实例化算子,则是指基于特定的隐私计算技术已经实现的一项计算功能或者计算操作。The above-mentioned functional operator refers to a computing function or computing operation to be implemented. Any computing operation/computing function to be implemented in the process of performing privacy calculations on data maintained by each collaboration participant can be called a functional operator. The above-mentioned instantiation operator refers to a computing function or computing operation that has been implemented based on a specific privacy computing technology.
例如,目前主流的隐私计算技术通常可以包括,FL技术、MPC技术,以及TEE技术等等,因此上述实例化算子库中的实例化算子,可以包括基于FL技术实现的实例化算子、基于MPC技术实现的实例化算子、以及基于TEE技术实现的算子,等等。For example, the current mainstream privacy computing technologies usually include FL technology, MPC technology, and TEE technology, etc. Therefore, the instantiation operators in the above instantiation operator library can include instantiation operators implemented based on FL technology, Instantiation operators implemented based on MPC technology, operators implemented based on TEE technology, etc.
又如,以上述功能性算子为“求交集计算”为例,此时待实现的计算功能为“求交集计算”,那么与该功能性算子对应的实例化算子,具体可以包括基于MPC技术实现的求交集计算的实例化算子,基于TEE技术实现的求交集计算的实例化算子,等等。也即,对于求交集计算功能,可以分别基于MPC技术和TEE技术实现出两种实例化算子。For another example, take the above functional operator as "intersection calculation" as an example, and the calculation function to be implemented at this time is "intersection calculation", then the instantiation operator corresponding to the functional operator can specifically include The instantiation operator for intersection calculation implemented by MPC technology, the instantiation operator for intersection calculation based on TEE technology, etc. That is to say, for the intersection calculation function, two instantiation operators can be implemented based on MPC technology and TEE technology respectively.
在实际应用中,数据协作平台自身的隐私计算能力,通常是由数据协作平台管理的实例化算子库来决定,该实例化算子库中包含的实例化算子的种类越丰富,表明该数据协作平台自身的隐私计算能力越强大。In practical applications, the privacy computing capability of the data collaboration platform itself is usually determined by the instantiation operator library managed by the data collaboration platform. The richer the types of instantiation operators contained in the instantiation operator library, the better. The more powerful the privacy computing capabilities of the data collaboration platform are.
在示出的一种实施方式中,数据协作平台管理的实例化算子库中的实例化算子,具体可以基于数据协作平台支持的隐私计算技术实现的算子,还可以包含基于各个协作参与方支持的隐私计算技术实现的算子。通过这种方式,使得数据协作平台可以涵盖接入的各个协作参与方的隐私计算能力。在本说明书中,各个协作参与方可以分别在其本地维护用于参与隐私计算的数据集合。而为了打破各个协作参与方之间的信息孤岛,数据协作平台可以基于数据虚拟化技术,针对各个协作参与方分别维护的数据集进行数据虚拟化处理。In an embodiment shown, the instantiation operators in the instantiation operator library managed by the data collaboration platform can specifically be implemented based on the privacy computing technology supported by the data collaboration platform, and can also include operators based on each collaboration participation. Operator implemented by privacy computing technology supported by the party. In this way, the data collaboration platform can cover the private computing capabilities of each accessed collaboration participant. In this specification, each collaboration participant can maintain a data collection locally for participating in privacy calculations. In order to break the information silos between various collaboration participants, the data collaboration platform can use data virtualization technology to perform data virtualization processing on the data sets maintained by each collaboration participant.
数据虚拟机化技术,是一种将多个数据源维护的物理数据,在逻辑层面映射成虚拟数据,进而将多个数据源维护的物理数据整合成为一个逻辑上的虚拟数据集合(也称之为逻辑视图),供上层应用使用的技术。通过对各个协作参与方维护的数据集进行数据虚拟化处理,可以将各个协作参与方维护的数据集整合成为一个虚拟数据集合,供用 户使用。Data virtual machine technology is a kind of mapping of physical data maintained by multiple data sources into virtual data at the logical level, and then integrating the physical data maintained by multiple data sources into a logical virtual data collection (also known as is a logical view), a technology used by upper-layer applications. By performing data virtualization on the data sets maintained by each collaboration participant, the data sets maintained by each collaboration participant can be integrated into a virtual data collection for users to use.
其中,在将多个数据源维护的物理数据映射成为虚拟数据时,通常是指将物理数据中包含的物理数据属性,映射成为虚拟数据属性的过程。需要说明的是,将物理数据中包含的物理数据属性映射成为虚拟数据属性时,具体可以采用一对一映射的方式,将物理数据中包含的一个物理数据属性,映射成为一个对应的虚拟数据属性,也可以采用多对一映射的方式,将物理数据中包含的多个物理数据属性,映射成为一个对应的虚拟数据属性。Among them, when mapping physical data maintained by multiple data sources into virtual data, it usually refers to the process of mapping physical data attributes contained in the physical data into virtual data attributes. It should be noted that when mapping the physical data attributes contained in the physical data to virtual data attributes, a one-to-one mapping method can be used to map a physical data attribute contained in the physical data to a corresponding virtual data attribute. , you can also use many-to-one mapping to map multiple physical data attributes contained in physical data into a corresponding virtual data attribute.
例如,请参见图3,图3为本说明书一示例性实施例示出的一种对多个协作参与方维护的数据进行数据虚拟化处理的示意图。For example, please refer to FIG. 3 , which is a schematic diagram of performing data virtualization processing on data maintained by multiple collaborative participants according to an exemplary embodiment of this specification.
如图3所示,假设协作参与方1维护的数据集1中存储的数据包括属性1-3,协作参与方2维护的数据集2中存储的数据包括属性4-7,协作参与方3维护的数据集3中存储的数据包括属性8-11。其中,每一个属性都可以代表数据表中的一个字段。对数据集1-3中存储的数据进行数据虚拟化处理之后得到的虚拟数据表,可以包含属性A-F。As shown in Figure 3, assume that the data stored in data set 1 maintained by collaboration participant 1 includes attributes 1-3, and the data stored in data set 2 maintained by collaboration participant 2 includes attributes 4-7, and that maintained by collaboration participant 3 The data stored in dataset 3 includes attributes 8-11. Among them, each attribute can represent a field in the data table. The virtual data table obtained after performing data virtualization processing on the data stored in data sets 1-3 can contain attributes A-F.
其中,如图3所示出的数据虚拟化处理方式可知,数据集1中的属性1,数据集2中的属性4,以及数据集3中的属性8,采用多对一映射的方式,映射成了虚拟数据表中的属性A;数据集1中的属性2,数据集2中的属性5,以及数据集3中的属性9,采用多对一映射的方式,映射成了虚拟数据表中的属性B;数据集1中的属性3和数据集2中的属性6,采用多对一映射的方式,映射成了虚拟数据表中的属性C。而数据集3中的属性10,采用一对一映射的方式,映射成了虚拟数据表中的属性D;数据集2中的属性7,采用一对一映射的方式,映射成了虚拟数据表中的属性E;数据集3中的属性11,采用一对一映射的方式,映射成了虚拟数据表中的属性F。Among them, the data virtualization processing method shown in Figure 3 shows that attribute 1 in data set 1, attribute 4 in data set 2, and attribute 8 in data set 3 adopt a many-to-one mapping method. Became attribute A in the virtual data table; attribute 2 in data set 1, attribute 5 in data set 2, and attribute 9 in data set 3 were mapped into the virtual data table using many-to-one mapping. Attribute B; attribute 3 in data set 1 and attribute 6 in data set 2 are mapped to attribute C in the virtual data table using many-to-one mapping. Attribute 10 in data set 3 is mapped to attribute D in the virtual data table using one-to-one mapping; attribute 7 in data set 2 is mapped to a virtual data table using one-to-one mapping. Attribute E in Data Set 3; Attribute 11 in Data Set 3 is mapped to attribute F in the virtual data table using one-to-one mapping.
需要强调的是,图3示出的数据映射方式,仅为示例性的,在实际应用中,对多个协作参与方维护的数据进行数据虚拟化时所采用的数据映射方式,通常取决于数据本身的数据语义,在本说明书中不进行特别限定;例如,在进行数据映射时,如果分布在不同的协作参与方的多个数据字段的数据语义相关,则可以采用将该多个数据字段映射成为一个虚拟数据属性的方式。It should be emphasized that the data mapping method shown in Figure 3 is only exemplary. In actual applications, the data mapping method used when performing data virtualization on data maintained by multiple collaborative participants usually depends on the data. The data semantics itself are not particularly limited in this specification; for example, when performing data mapping, if the data semantics of multiple data fields distributed in different collaboration participants are related, then the multiple data fields can be mapped Become a virtual data attribute.
在针对各个协作参与方维护的数据集进行数据虚拟化处理完成后,可以将得到的虚拟数据表在下发至各个协作参与方,由各个协作参与方进一步将该虚拟数据表作为能够全局的反映各协作参与方维护的数据状况的数据视图,向用户进行输出展示。After the data virtualization processing is completed for the data sets maintained by each collaboration participant, the obtained virtual data table can be distributed to each collaboration participant, and each collaboration participant will further use the virtual data table as a global reflection of each collaboration participant. The data view of the data status maintained by the collaboration participants is output and displayed to the user.
而通过客户端接入上述目标协作参与方的用户在具有隐私计算需求时,可以通过该客户端输入针对该虚拟数据表的数据查询请求的方式,以全局的数据视角来发起数据查询。When users who access the above-mentioned target collaboration participants through a client have privacy computing needs, they can input a data query request for the virtual data table through the client to initiate a data query from a global data perspective.
其中,上述数据查询请求,具体用于向数据协作平台来表达用户的数据查询需求,关于该数据查询请求的具体形式,在本说明书中不进行特别限定。例如,在一个例子中,上述数据查询请求具体可以是用户输入的数据查询语句(比如SQL语句)。Among them, the above-mentioned data query request is specifically used to express the user's data query needs to the data collaboration platform. The specific form of the data query request is not particularly limited in this specification. For example, in one example, the above data query request may be a data query statement (such as a SQL statement) input by the user.
当完成数据查询之后,用户可以基于数据协作平台管理的功能性算子,来指定与 自身的隐私计算需求对应的计算流程。After completing the data query, users can specify the calculation process corresponding to their own privacy calculation needs based on the functional operators managed by the data collaboration platform.
其中,需要说明的是,上述计算流程的具体内容,通常取决于用户的隐私计算的需求,在本说明书中不进行特别限定,在实际应用中,用户可以通过对上述功能算子库中的功能算子来进行任意形式的组合,来定制与自身的计算需求对应的计算流程。其中,用户基于数据协作平台管理的功能性算子,来指定与自身的隐私计算需求对应的计算流程的操作,具体可以在客户端上来完成。Among them, it should be noted that the specific content of the above calculation process usually depends on the user's privacy calculation needs, and is not specifically limited in this specification. In practical applications, users can use the functions in the above functional operator library to Operators can be combined in any form to customize the calculation process corresponding to your own calculation needs. Among them, users can specify the calculation process operations corresponding to their own privacy calculation needs based on the functional operators managed by the data collaboration platform, which can be completed on the client.
例如,假设上述虚拟数据集合为存储用户个人信息的用户信息表,该信息表中包括性别字段和年龄字段。在这种场景下,如果用户针对该用户信息表的隐私计算需求是“查询该用户信息表中存储的男性用户的年龄数据的平均值”,那么此时用户可以选择上述功能算子库中的与“针对该用户信息表中的男性用户的用户信息进行查询计算”这一计算功能对应的功能算子,与“针对该用户信息表中的男性用户的用户信息中的年龄数据的筛选计算”这一计算功能对应的功能算子,以及与“针对筛选出的年龄数据的平均值计算子操作”这一计算功能对应的功能算子,然后基于选择的这三个功能性算子,来定制与自身的隐私计算需求对应的计算流程。For example, assume that the above virtual data set is a user information table that stores user personal information. The information table includes gender fields and age fields. In this scenario, if the user's privacy calculation requirement for the user information table is to "query the average age data of male users stored in the user information table", then at this time the user can choose from the above functional operator library The functional operator corresponding to the calculation function "query and calculate the user information of male users in the user information table" and "screening and calculation of age data in the user information of male users in the user information table" The functional operator corresponding to this calculation function, and the functional operator corresponding to the calculation function "average calculation sub-operation for filtered age data" are then customized based on the three selected functional operators. The calculation process corresponding to its own privacy calculation needs.
又如,如果用户针对该用户信息表的隐私计算需求是“基于该用户信息表中的用户数据训练一个机器学习模型”,此时用户可以选择上述功能算子库中的与“机器学习训练”这一计算功能对应的功能算子,来定制与自身的隐私计算需求对应的计算流程。For another example, if the user's privacy calculation requirement for the user information table is to "train a machine learning model based on the user data in the user information table", then the user can select "Machine Learning Training" in the above functional operator library The functional operator corresponding to this computing function can be used to customize the computing process corresponding to its own privacy computing needs.
在示出的一种实施方式中,与上述目标协作参与方对应的服务端,具体可以将数据协作平台管理的与隐私计算相关的功能算子库,通过该客户端向该用户进行输出,并获取用户在输出的功能算子库中选择的至少一个功能性算子,然后再基于上述至少一个功能性算子生成针对上述多个协作参与方中的至少部分协作参与方维护的数据进行隐私计算的计算流程。In an embodiment shown, the server corresponding to the above-mentioned target collaboration participant can specifically output the functional operator library related to privacy calculation managed by the data collaboration platform to the user through the client, and Obtain at least one functional operator selected by the user in the output functional operator library, and then generate privacy calculations based on the at least one functional operator based on the data maintained by at least some of the multiple collaboration participants. calculation process.
在示出的一种实现方式中,与上述目标协作参与方对应的服务端,具体可以通过该客户端向用户输出一个计算流程规划界面;其中,该计算流程规划界面可以包括该功能算子库。用户可以通过该计算流程规划界面与客户端进行交互,来表达自身的隐私计算需求。比如,用户可以在该计算流程规划界面中进行操作,从功能算子库中选择的至少一个功能性算子,并在该计算流程规划界面中为上述至少一个功能性算子指定的逻辑顺序来向客户端表达自身的计算需求。例如,在一个例子中,用户可以通过在计算流程规划界面中为上述至少一个功能性算子指定单向的逻辑顺序,将上述至少一个功能性算子构成一张DAG(Directed Acyclic Graph,有向无环图)图形结构。In an implementation shown, the server corresponding to the above-mentioned target collaboration participant can specifically output a calculation process planning interface to the user through the client; wherein, the calculation process planning interface can include the functional operator library . Users can interact with the client through the computing process planning interface to express their own privacy computing needs. For example, the user can operate in the calculation process planning interface, select at least one functional operator from the functional operator library, and specify the logical sequence for the at least one functional operator in the calculation process planning interface. Express your computing needs to the client. For example, in one example, the user can form a DAG (Directed Acyclic Graph) by specifying a one-way logical sequence for at least one of the above functional operators in the calculation process planning interface. Acyclic graph) graphic structure.
其中,需要说明的是,用户在计算流程规划界面中的操作方式,在本说明书中不进行特别限定。例如,在一个例子中,可以将功能算子库中包含的功能性算子以选项的形式通过上述计算流程规划界面向用户输入,而用户可以从中选中至少一个功能性算子,并在上述计算流程规划界面中为选中的这些功能性算子之间设置单向的连线,来表达功能性算子之间的逻辑顺序,然后基于该单向的逻辑顺序,将上述至少一个功能性算子串接成DAG图形结构,来作为自己指定的计算流程。Among them, it should be noted that the user's operation method in the calculation process planning interface is not particularly limited in this manual. For example, in one example, the functional operators included in the functional operator library can be input to the user in the form of options through the above-mentioned calculation process planning interface, and the user can select at least one functional operator from it, and perform the calculation in the above-mentioned calculation process. In the process planning interface, one-way connections are set between the selected functional operators to express the logical sequence between the functional operators, and then based on the one-way logical sequence, at least one of the above functional operators is Concatenate them into a DAG graphic structure to serve as your own designated calculation process.
步骤204,获取所述至少部分协作参与方针对其维护的数据的数据安全要求,从与所述隐私计算相关的实例化算子库中选择满足所述数据安全要求的与所述至少一个功能性算子对应的至少一个实例化算子,并基于所述至少一个实例化算子生成与所述计算流程对应的实例化计算流程。Step 204: Obtain the data security requirements of at least some of the collaboration participants for the data they maintain, and select the at least one functionality that meets the data security requirements from the instantiation operator library related to the privacy calculation. At least one instantiation operator corresponding to the operator, and based on the at least one instantiation operator, an instantiation calculation process corresponding to the calculation process is generated.
与上述目标协作参与方对应的服务端,在获取到用户指定的针对上述多个协作参与方中的至少部分协作参与方维护的数据进行隐私计算的计算流程之后,可以从管理的上述实例化算子库中,选择与上述至少一个功能性算子对应的至少一个实例化算子,并基于选择出的上述至少一个实例化算子生成与上述计算流程对应的实例化查询流程。The server corresponding to the above-mentioned target collaboration participant, after obtaining the user-specified calculation process for performing privacy calculations on the data maintained by at least some of the above-mentioned multiple collaboration participants, can calculate from the above-mentioned instantiation managed In the sub-library, select at least one instantiation operator corresponding to the above-mentioned at least one functional operator, and generate an instantiation query process corresponding to the above-mentioned calculation process based on the selected at least one instantiation operator.
其中,需要说明的是,在实际应用中,不同的数据源对于其维护的数据的使用,通常都具有不同的安全性要求;比如,部分数据源可能会出于隐私保护的目的,禁止将数据导出其所在的数据域进行使用,或者不允许将其维护的数据与其他数据源维护的数据进行汇总后使用,等等。因此,为了确保选择出的实例化算子能够满足各个协作参与方对于数据使用的安全性要求,可以参考各个协作参与方对于数据使用的安全性要求,从上述实例化算子库中来选择合适的实例化算子。Among them, it should be noted that in actual applications, different data sources usually have different security requirements for the use of the data they maintain; for example, some data sources may prohibit the use of data for the purpose of privacy protection. Export the data domain in which it is located for use, or do not allow the data it maintains to be aggregated with data maintained by other data sources for use, etc. Therefore, in order to ensure that the selected instantiation operator can meet the security requirements of each collaboration participant for data use, you can refer to the security requirements of each collaboration participant for data usage and select the appropriate instantiation operator library from the above instantiation operator.
在这种情况下,与上述目标协作参与方对应的服务端,在获取到用户指定的针对上述多个协作参与方中的至少部分协作参与方维护的数据进行隐私计算的计算流程之后,具体可以先获取各协作参与方针对其维护的数据的数据安全要求,再从上述实例化算子库中选择满足上述数据安全要求的,与上述至少一个功能性算子对应的至少一个实例化算子。In this case, after the server corresponding to the above-mentioned target collaboration participant obtains the user-specified calculation process for performing privacy calculations on the data maintained by at least some of the above-mentioned multiple collaboration participants, it can specifically First, obtain the data security requirements of the data maintained by each collaboration participant, and then select at least one instantiation operator corresponding to at least one of the above functional operators that meets the above data security requirements from the above-mentioned instantiation operator library.
通过这种方式,使得用户在不了解的各个协作参与方对数据使用的安全性要求的前提下,数据协作平台仍然能够基于用户的隐私计算需求,自动化的为用户选择能够满足各个协作参与方对数据使用的安全性要求的实例化算子。In this way, even if the user does not understand the security requirements of the data used by each collaboration participant, the data collaboration platform can still automatically make selections for users based on the user's privacy computing needs that meet the requirements of each collaboration participant. Instantiation operator for security requirements of data usage.
其中,由于各个协作参与方针对其维护的数据配置的数据安全策略,某种程度上可以反映各个协作参与方对数据使用的安全性要求;因此,在获取各协作参与方针对其维护的数据的数据安全要求时,具体可以先获取各个协作参与方针对其维护的数据配置的数据安全策略,当获取到各个协作参与方针对其维护的数据配置的数据安全策略之后,可以基于该数据安全策略,来进一步确定出各个协作参与方对于其维护的数据的数据安全要求。Among them, since the data security policy configured by each collaboration participant for the data maintained by each collaboration participant can, to a certain extent, reflect the security requirements of each collaboration participant for the use of data; therefore, when obtaining the data maintained by each collaboration participant, When meeting data security requirements, you can first obtain the data security policy configured by each collaboration participant for the data it maintains. After obtaining the data security policy configured by each collaboration participant for the data it maintains, you can based on the data security policy, To further determine the data security requirements of each collaboration participant for the data they maintain.
其中,各个协作参与方针对其维护的数据配置的数据安全策略的具体内容,通常取决于各个协作参与方对数据使用的具体的安全性要求,因此在本说明书不再进行具体的限定。Among them, the specific content of the data security policy configured by each collaboration participant for the data maintained by each collaboration participant usually depends on the specific security requirements of each collaboration participant for data use, and therefore will not be specifically limited in this specification.
在示出的一种实施方式中,上述数据安全策略具体可以包括以下示出的一项或者多项的组合:针对所述数据配置的安全级别;针对所述数据配置的安全防护级别;与其它的协作参与方的数据信任关系。与以上数据安全策略相对应的是,各个协作参与方对数据使用的安全性要求,也可以包括以下示出的一项或者多项的组合:基于所述安全级别确定出的、是否允许将数据导出其所在的数据域的安全性要求;基于所述安全防护级 别确定出的、是否允许对数据以及针对数据的隐私计算结果进行数据脱敏处理的安全性要求;基于所述数据信任关系确定出的、是否允许将数据与其它的协作参与方维护的数据进行汇总的安全性要求。In an embodiment shown, the above-mentioned data security policy may specifically include one or a combination of one or more of the following: a security level configured for the data; a security protection level configured for the data; and other The data trust relationship of the collaboration participants. Corresponding to the above data security policy, the security requirements of each collaboration participant for data use may also include one or a combination of the following: determining whether to allow the use of data based on the security level. Derive the security requirements of the data domain in which it is located; the security requirements determined based on the security protection level, whether to allow data desensitization processing on the data and the privacy calculation results of the data; determine based on the data trust relationship Security requirements to allow aggregation of data with data maintained by other collaborative participants.
在示出的一种实施方式中,对于实例化算子库中包含的实例化算子库,也可以为其配置对应的数据安全要求。为实例化算子库配置的数据安全要求,具体用于指示该实例化算子能够满足的数据安全要求。In an embodiment shown, corresponding data security requirements can also be configured for the instantiation operator library included in the instantiation operator library. The data security requirements configured for the instantiation operator library are specifically used to indicate the data security requirements that the instantiation operator can meet.
在这种情况下,具体可以先在实例算子库中查找与上述至少一个功能性算子对应的至少一个实例化算子;此时查找到的这些实例化算子中可能会存在不满足上述安全性要求的实例化算子。In this case, you can first search for at least one instantiation operator corresponding to at least one of the above functional operators in the instance operator library; at this time, there may be some of the instantiation operators found that do not meet the above requirements. Instantiation operator for security requirements.
然后,可以将上述至少部分协作参与方针对其维护的数据的数据安全要求,与查找到的上述至少一个实例化算子对应的数据安全要求进行匹配;然后可以基于匹配结果,从上述至少一个实例化算子中进一步选择与上述至少部分协作参与方针对其维护的数据的数据安全要求匹配的实例化算子。Then, the data security requirements of at least some of the above collaborative participants for the data they maintain can be matched with the found data security requirements corresponding to the at least one instantiation operator; and then based on the matching results, the above at least one instance can be An instantiation operator is further selected from the operators that matches the data security requirements of at least some of the above collaboration participants for the data they maintain.
在示出的一种实施方式中,数据协作平台具体可以在与上述多个协作参与方对应的服务端上,分布式的部署流程规划组件,该流程规划组件,具体可以用于获取上述至少部分协作参与方针对其维护的数据的数据安全要求,从与管理的实例化算子库中选择满足上述数据安全要求的与上述至少一个功能性算子对应的至少一个实例化算子,并基于上述至少一个实例化算子生成与所述计算流程对应的实例化计算流程。上述数据协作平台管理的实例化算子库,具体也可以分别下发至各个协作参与方对应的服务端,由各个协作参与方分别进行维护。In an embodiment shown, the data collaboration platform can deploy a process planning component in a distributed manner on the server corresponding to the above-mentioned multiple collaboration participants. The process planning component can be used to obtain at least part of the above-mentioned According to the data security requirements of the data maintained by the collaboration participants, at least one instantiation operator corresponding to the above-mentioned at least one functional operator that meets the above-mentioned data security requirements is selected from the managed instantiation operator library, and based on the above-mentioned At least one instantiation operator generates an instantiation calculation process corresponding to the calculation process. The instantiation operator library managed by the above data collaboration platform can also be delivered to the corresponding server of each collaboration participant, and maintained by each collaboration participant respectively.
在这种情况下,与上述目标协作参与方对应的服务端在获取到用户指定的计算流程之后,可以调用该流程规划组件,获取上述至少部分协作参与方针对其维护的数据的数据安全要求,从本地维护的与上述隐私计算相关的实例化算子库中,选择满足上述数据安全要求的与上述至少一个功能性算子对应的至少一个实例化算子,并基于上述至少一个实例化算子生成与上述计算流程对应的实例化查询流程。In this case, after obtaining the calculation process specified by the user, the server corresponding to the above-mentioned target collaboration participant can call the process planning component to obtain the data security requirements of at least some of the above-mentioned collaboration participants for the data they maintain, From the locally maintained instantiation operator library related to the above-mentioned privacy calculation, select at least one instantiation operator corresponding to the above-mentioned at least one functional operator that meets the above-mentioned data security requirements, and based on the above-mentioned at least one instantiation operator Generate an instantiated query process corresponding to the above calculation process.
例如,请继续参见图1,上述流程规划组件,可以包括图1示出的应用执行规划组件。此时上述实例化计算流程,即为基于用户指定的由功能性算子构成的计算流程,规划出的一个具体的用于隐私计算的数据协作应用。For example, please continue to refer to Figure 1. The above process planning component may include the application execution planning component shown in Figure 1. At this time, the above-mentioned instantiation calculation process is a specific data collaboration application for privacy calculation planned based on the user-specified calculation process composed of functional operators.
在示出的一种实施方式中,在基于上述至少一个实例化算子生成与上述计算流程对应的实例化计算流程时,具体可以基于上述至少一个实例化算子生成多个实例化计算流程,再将该多个实例化计算流程向用户进行输出展示,以由用户从该多个实例化计算流程中选择一个最优的查询流程。当然,在实际应用中,具体也可以默认基于上述至少一个实例化算子生成一个最优的实例化计算流程。In an embodiment shown, when generating an instantiation calculation process corresponding to the above-mentioned calculation process based on the above-mentioned at least one instantiation operator, specifically multiple instantiation calculation processes may be generated based on the above-mentioned at least one instantiation operator, The multiple instantiated calculation processes are then output and displayed to the user, so that the user can select an optimal query process from the multiple instantiated calculation processes. Of course, in actual applications, an optimal instantiation calculation process can be generated by default based on at least one of the above instantiation operators.
步骤206,创建包含与所述实例化计算流程对应的隐私计算逻辑的智能合约,并将创建的所述智能合约部署到与所述数据协作平台对接的区块链网络中,以供所述用户进行调用。Step 206: Create a smart contract containing privacy computing logic corresponding to the instantiation calculation process, and deploy the created smart contract to the blockchain network connected to the data collaboration platform for the user Make the call.
与上述目标协作参与方对应的服务端在基于上述至少一个实例化算子生成了上述实例化计算流程之后,可以进一步将该实例化计算流程编译成智能合约的形式,部署到与数据协作平台对接的区块链网络中。After the server corresponding to the above-mentioned target collaboration participant generates the above-mentioned instantiation calculation process based on the above-mentioned at least one instantiation operator, the server can further compile the instantiation calculation process into the form of a smart contract and deploy it to interface with the data collaboration platform. in the blockchain network.
例如,在一个例子中,上述服务端可以先自动生成与上述实例化计算流程对应的隐私计算逻辑相关的执行代码,并将生成的执行代码编译成为智能合约代码;然后,在与上述数据协作平台对接的区块链网络中部署包含该智能合约代码的智能合约。其中,部署智能合约的具体过程,在本说明书中不再进行详述。比如,在实际应用中,通过可以基于该智能合约代码打包一笔智能合约创建交易,将该智能合约创建交易发布到区块链网络中。而区块链网络中的节点设备可以对该智能合约创建交易进行共识校验,并在共识校验通过后,执行该智能合约调用交易,在区块链中创建一个智能合约账户,并将该智能合约代码锚定到该智能合约账户中,以完成智能合约的创建。For example, in one example, the above-mentioned server can first automatically generate execution code related to the privacy calculation logic corresponding to the above-mentioned instantiation calculation process, and compile the generated execution code into smart contract code; then, in conjunction with the above-mentioned data collaboration platform A smart contract containing the smart contract code is deployed in the connected blockchain network. Among them, the specific process of deploying smart contracts will not be described in detail in this manual. For example, in practical applications, a smart contract creation transaction can be packaged based on the smart contract code, and the smart contract creation transaction can be published to the blockchain network. The node device in the blockchain network can perform consensus verification on the smart contract creation transaction, and after the consensus verification passes, execute the smart contract call transaction, create a smart contract account in the blockchain, and transfer the smart contract The smart contract code is anchored to the smart contract account to complete the creation of the smart contract.
在示出的一种实施方式中,数据协作平台具体可以在与上述多个协作参与方对应的服务端上,分布式的部署智能合约管理组件,该智能合约管理组件,具体可以用于生成与上述实例化计算流程对应的隐私计算逻辑相关的执行代码,并将生成的执行代码编译成为智能合约代码,并在与所述数据协作平台对接的区块链网络中部署包含所述智能合约代码的智能合约。In an embodiment shown, the data collaboration platform can deploy smart contract management components in a distributed manner on the server corresponding to the above-mentioned multiple collaboration participants. The smart contract management components can be used to generate and The above-mentioned instantiation calculation process corresponds to the execution code related to the privacy calculation logic, compiles the generated execution code into smart contract code, and deploys the smart contract code containing the smart contract code in the blockchain network connected to the data collaboration platform. Smart contracts.
在这种情况下,与上述目标协作参与方对应的服务端在基于上述至少一个实例化算子生成了上述实例化计算流程之后,可以调用该智能合约管理组件,进一步生成与上述实例化计算流程对应的隐私计算逻辑相关的执行代码,并将生成的执行代码编译成为智能合约代码,并在与所述数据协作平台对接的区块链网络中部署包含所述智能合约代码的智能合约。In this case, after the server corresponding to the above-mentioned target collaboration participant generates the above-mentioned instantiation calculation process based on the above-mentioned at least one instantiation operator, the server can call the smart contract management component to further generate the above-mentioned instantiation calculation process. Corresponding privacy calculation logic related execution code, compile the generated execution code into smart contract code, and deploy the smart contract containing the smart contract code in the blockchain network connected to the data collaboration platform.
例如,请继续参见图1,上述智能合约管理组件,具体可以包括图1示出的应用合约管理组件。For example, please continue to refer to Figure 1. The above-mentioned smart contract management component may specifically include the application contract management component shown in Figure 1.
在本说明书中,当上述智能合约部署完成,此时用户可以通过客户端来发起针对该智能合约的合约调用,来完成针对上述至少部分协作参与方维护的数据的隐私计算。In this specification, when the deployment of the above-mentioned smart contract is completed, the user can initiate a contract call for the smart contract through the client to complete the privacy calculation for the data maintained by at least some of the above collaborative participants.
例如,请继续参见图1,当上述智能合约部署完成,用户可以通过图1示出的应用执行客户端,来发起针对该智能合约的合约调用,并通过该应用执行客户端,来查询该智能合约的调用结果。For example, please continue to refer to Figure 1. When the above smart contract is deployed, the user can initiate a contract call for the smart contract through the application execution client shown in Figure 1, and query the smart contract through the application execution client. The call result of the contract.
在示出的一种实施方式中,与上述实例化计算流程对应的隐私计算逻辑,具体可以是一个与实例化计算流程对应的计算调度逻辑;其中,该计算调度逻辑具体用于针对上述至少一个实例化算子进行计算调度,以完成针对上述至少部分协作参与方维护的数据的隐私计算。In an embodiment shown, the privacy calculation logic corresponding to the above-mentioned instantiation calculation process may specifically be a calculation scheduling logic corresponding to the instantiation calculation process; wherein, the calculation scheduling logic is specifically used to target at least one of the above-mentioned instantiation calculation processes. The instantiation operator performs calculation scheduling to complete privacy calculations for the data maintained by at least some of the above collaborative participants.
在这种情况下,上述智能合约具体可以是一个针对上述隐私计算逻辑进行计算调度的智能合约。在该智能合约中除了需要维护与上述实例化计算流程中的各个实例化算子对应的计算调度顺序以外,还需要维护与上述各个实例化算子对应的计算状态,该计算状态用于表示各个实例化算子是否完成计算。In this case, the above-mentioned smart contract may specifically be a smart contract that performs calculation and scheduling for the above-mentioned privacy calculation logic. In this smart contract, in addition to maintaining the calculation scheduling sequence corresponding to each instantiation operator in the above-mentioned instantiation calculation process, it also needs to maintain the calculation status corresponding to each above-mentioned instantiation operator. This calculation status is used to represent each Whether the instantiation operator completes the calculation.
当用户通过上述客户端触发调用了该智能合约之后,该智能合约可以按照计算调度顺序,确定首先需要进行调用的实例化算子,然后生成一个与该实例化算子对应的计算事件。而该实例化算子所在的服务端上的执行调度组件,在监听到该计算事件之后,可以进一步调用该实例化算子执行数据隐私计算,并在计算完成后将计算结果提到给智能合约。而智能合约收到该计算结果后,会触发将该实例化算子的计算状态,更新为已完成计算状态。而该实例化的计算状态,被更新为已完成计算状态后,此时智能合约会继续确定需要进行调用的下一个实例化算子,并执行如上所述的相同的执行流程,以此类推,直到上述实例化计算流程中的各个实例化算子,按照计算调度顺序依次完成数据隐私计算。After the user triggers the call to the smart contract through the above-mentioned client, the smart contract can determine the instantiation operator that needs to be called first according to the calculation scheduling sequence, and then generate a calculation event corresponding to the instantiation operator. The execution scheduling component on the server where the instantiation operator is located, after listening to the calculation event, can further call the instantiation operator to perform data privacy calculations, and after the calculation is completed, the calculation results are mentioned to the smart contract. . After the smart contract receives the calculation result, it will trigger the calculation status of the instantiated operator to be updated to the completed calculation status. After the instantiated calculation status is updated to the completed calculation status, the smart contract will continue to determine the next instantiated operator that needs to be called, and execute the same execution process as mentioned above, and so on. Until each instantiation operator in the above instantiation calculation process, the data privacy calculation is completed in sequence according to the calculation scheduling order.
请参见图4,图4是本说明书根据一示例性实施例示出的一种基于多方协作的隐私计算方法的流程图,该方法可以应用于图1所示的数据协作平台;例如,该数据协作平台具体可以是一个用于对上述区块链网络进行管理的一个区块链服务平台;比如,BaaS(Blockchain as a Service,区块链即服务)平台;所述方法包括步骤402至步骤406。Please refer to Figure 4. Figure 4 is a flow chart of a privacy calculation method based on multi-party collaboration illustrated in this specification according to an exemplary embodiment. This method can be applied to the data collaboration platform shown in Figure 1; for example, the data collaboration The platform may specifically be a blockchain service platform used to manage the above-mentioned blockchain network; for example, a BaaS (Blockchain as a Service) platform; the method includes steps 402 to 406.
步骤402,获取所述多个协作参与方中的任一目标协作参与方对应服务端上传的、由用户指定的针对所述多个协作参与方中的至少部分协作参与方维护的数据进行隐私计算的计算流程;其中,所述计算流程包括由所述用户指定的与所述隐私计算相关的至少一个功能性算子构成的计算流程。Step 402: Obtain the user-specified data uploaded by the corresponding server of any target collaboration participant among the multiple collaboration participants and maintained for at least some of the collaboration participants to perform privacy calculations. The calculation process; wherein the calculation process includes a calculation process composed of at least one functional operator specified by the user and related to the privacy calculation.
在本实施例中,与上述目标协作参与方对应的服务端,在获取到用户指定的针对上述多个协作参与方中的至少部分协作参与方维护的数据进行隐私计算的计算流程之后,可以将该数据查询请求上传至上述数据协作平台,由该数据协作平台进行中心化的处理。In this embodiment, the server corresponding to the above-mentioned target collaboration participant, after obtaining the user-specified calculation process for performing privacy calculations on the data maintained by at least part of the above-mentioned multiple collaboration participants, can The data query request is uploaded to the above-mentioned data collaboration platform, which performs centralized processing.
步骤404,获取所述至少部分协作参与方针对其维护的数据的数据安全要求,从与所述隐私计算相关的实例化算子库中选择满足所述数据安全要求的与所述至少一个功能性算子对应的至少一个实例化算子,并基于所述至少一个实例化算子生成与所述计算流程对应的实例化计算流程。Step 404: Obtain the data security requirements of at least some of the collaboration participants for the data they maintain, and select from the instantiation operator library related to the privacy calculation the at least one functionality that satisfies the data security requirements. At least one instantiation operator corresponding to the operator, and based on the at least one instantiation operator, an instantiation calculation process corresponding to the calculation process is generated.
步骤406,创建包含与所述实例化计算流程对应的隐私计算逻辑的智能合约,并将创建的所述智能合约部署到与所述数据协作平台对接的区块链网络中,以供所述用户进行调用。Step 406: Create a smart contract containing privacy calculation logic corresponding to the instantiation calculation process, and deploy the created smart contract to the blockchain network connected to the data collaboration platform for the user Make the call.
上述数据协作平台在收到上述目标协作参与方上传的上述实例化计算流程之后,可以执行步骤404-406示出的执行逻辑,对该实例化计算流程进行中心化的处理,具体的实施细节请参考图2示出的实施例的描述,在本说明书中不再进行详述。After receiving the above-mentioned instantiation calculation process uploaded by the above-mentioned target collaboration participant, the above-mentioned data collaboration platform can execute the execution logic shown in steps 404-406, and perform centralized processing on the instantiation calculation process. For specific implementation details, please Referring to the description of the embodiment shown in FIG. 2 , no detailed description will be given in this specification.
在以上技术方案中,不仅可以在针对来自多个数据源的数据进行隐私计算时,降低数据的使用复杂度,还可以让数据使用的过程更加透明可信并且便于追溯。In the above technical solution, it can not only reduce the complexity of data usage when performing privacy calculations on data from multiple data sources, but also make the data usage process more transparent, credible and easy to trace.
例如,通过数据虚拟化处理技术,将各个协作参与方维护的数据进行数据虚拟化处理得到一个虚拟数据集合,不仅可以实现多数据源的充分数据融合,还可以让用户在该虚拟数据集合的基础上,从全局的数据视角来使用数据,而不必需要数据在各个协作 参与方的数据存储状况,因此可以显著的降低数据使用的复杂度。而通过将生成的查询流程以智能合约的形式部署在区块链供用户调用,可以充分利用智能合约的特点,让每一次查询都透明可信并且便于追溯。For example, through data virtualization processing technology, the data maintained by each collaborative participant is virtualized to obtain a virtual data collection. This not only enables full data fusion of multiple data sources, but also allows users to build on the virtual data collection based on the data virtualization processing technology. On the other hand, using data from a global data perspective does not require the data storage status of each collaboration participant, so the complexity of data use can be significantly reduced. By deploying the generated query process in the form of a smart contract on the blockchain for users to call, the characteristics of smart contracts can be fully utilized to make every query transparent, credible and easy to trace.
而且,还可以在用户不了解各个协作参与方对于数据使用的安全性要求的前提下,基于数据协作平台自身的隐私计算能力,针对用户不同的计算需求,规划出不同的能够满足各个协作参与方对于数据使用的安全性要求的实例化计算流程,从而使得该数据协作平台可以灵活的适配不同的数据隐私场景,可以激活更多的隐私计算场景。Moreover, on the premise that users do not understand the security requirements of each collaboration participant for data use, based on the privacy computing capabilities of the data collaboration platform itself, different computing needs can be planned to meet the needs of each collaboration participant. The instantiation calculation process for the security requirements of data usage allows the data collaboration platform to flexibly adapt to different data privacy scenarios and activate more privacy computing scenarios.
例如,不同的数据源对于其维护的数据的使用,通常都具有不同的安全性要求。而作为具有数据使用需求的用户一方来说,通常并不了解各个数据源对于数据的使用的安全性要求,这造成了用户很难基于自身的隐私计算需求规划出一套完美满足各个数据源对于数据的使用的安全性要求的计算流程。For example, different data sources often have different security requirements for the use of the data they maintain. As users with data usage needs, they usually do not understand the security requirements of each data source for data use. This makes it difficult for users to plan a set of data that perfectly meets the needs of each data source based on their own privacy computing needs. Calculation procedures for security requirements for the use of data.
而通过以上技术方案,由于可以基于数据协作平台自身的隐私计算能力,将各个数据源对于数据使用的安全性要求作为参考,来自动为用户规划出能够满足各个协作参与方对于数据使用的安全性要求的实例化计算流程,对于用户来说,不再需要关注各个数据源对于数据的使用的安全性要求,对于数据协作平台来说,其对于隐私计算场景的适配能力也会得到明显的提升,因此这就让数据协助平台激活更多的分别能够满足不同的数据源的安全性要求的数据隐私计算场景变为了可能。Through the above technical solutions, because the data collaboration platform's own privacy computing capabilities can be used as a reference, the security requirements of each data source for data use can be used to automatically plan for users to meet the security requirements of each collaboration participant for data use. For the required instantiation calculation process, users no longer need to pay attention to the security requirements of each data source for the use of data. For the data collaboration platform, its adaptability to privacy computing scenarios will also be significantly improved. , so this makes it possible for the data assistance platform to activate more data privacy computing scenarios that can meet the security requirements of different data sources.
与前述方法的实施例相对应,本说明书还提供了装置、电子设备以及存储介质的实施例。Corresponding to the foregoing method embodiments, this specification also provides embodiments of devices, electronic devices, and storage media.
图5是一示例性实施例提供的一种电子设备的示意结构图。请参考图5,在硬件层面,该设备包括处理器502、内部总线504、网络接口506、内存508以及非易失性存储器510,当然还可能包括其他业务所需要的硬件。本说明书一个或多个实施例可以基于软件方式来实现,比如由处理器502从非易失性存储器510中读取对应的计算机程序到内存508中然后运行。当然,除了软件实现方式之外,本说明书一个或多个实施例并不排除其他实现方式,比如逻辑器件抑或软硬件结合的方式等等,也就是说以下处理流程的执行主体并不限定于各个逻辑单元,也可以是硬件或逻辑器件。FIG. 5 is a schematic structural diagram of an electronic device provided by an exemplary embodiment. Please refer to Figure 5. At the hardware level, the device includes a processor 502, an internal bus 504, a network interface 506, a memory 508, and a non-volatile memory 510. Of course, it may also include other hardware required for services. One or more embodiments of this specification may be implemented based on software. For example, the processor 502 reads the corresponding computer program from the non-volatile memory 510 into the memory 508 and then runs it. Of course, in addition to software implementation, one or more embodiments of this specification do not exclude other implementations, such as logic devices or a combination of software and hardware, etc. That is to say, the execution subject of the following processing flow is not limited to each A logic unit can also be a hardware or logic device.
如图6所示,图6是本说明书根据一示例性实施例示出的一种基于多方协作的隐私计算装置的框图,该装置可以应用于如图5所示的电子设备中,以实现本说明书的技术方案。所述装置600包括:第一获取模块601,获取用户指定的针对所述多个协作参与方中的至少部分协作参与方维护的数据进行隐私计算的计算流程;其中,所述计算流程包括由所述用户指定的与所述隐私计算相关的至少一个功能性算子构成的计算流程;第一生成模块602,获取所述至少部分协作参与方针对其维护的数据的数据安全要求,从与所述隐私计算相关的实例化算子库中选择满足所述数据安全要求的与所述至少一个功能性算子对应的至少一个实例化算子,并基于所述至少一个实例化算子生成与所述计算流程对应的实例化计算流程;第一部署模块603,创建包含与所述实例化计算流程对应的隐私计算逻辑的智能合约,并将创建的所述智能合约部署到与所述数据协作平台对接的区块链网络中,以供所述用户进行调用。As shown in Figure 6, Figure 6 is a block diagram of a privacy computing device based on multi-party collaboration according to an exemplary embodiment of this specification. This device can be applied to the electronic device shown in Figure 5 to implement this specification. technical solutions. The device 600 includes: a first acquisition module 601 that acquires a user-specified calculation process for performing privacy calculations on data maintained by at least some of the multiple collaboration participants; wherein the calculation process includes: The calculation process composed of at least one functional operator specified by the user and related to the privacy calculation; the first generation module 602 obtains the data security requirements of at least some of the collaborative participants for the data they maintain, from the data security requirements related to the privacy calculation. Select at least one instantiation operator corresponding to the at least one functional operator that meets the data security requirements from a library of instantiation operators related to privacy computing, and generate the corresponding instantiation operator based on the at least one instantiation operator. The instantiation calculation process corresponding to the calculation process; the first deployment module 603 creates a smart contract containing the privacy calculation logic corresponding to the instantiation calculation process, and deploys the created smart contract to the data collaboration platform. in the blockchain network for the user to make calls.
上述装置600的各个模块的具体细节已经在之前描述的方法流程中进行了详细的描述,因此此处不再赘述。The specific details of each module of the above-mentioned device 600 have been described in detail in the previously described method flow, so they will not be described again here.
如图7所示,图7是本说明书根据一示例性实施例示出的另一种用户服务使用装置的框图,该装置也可以应用于如图5所示的电子设备中,以实现本说明书的技术方案。所述装置700包括:第二获取模块701,获取所述多个协作参与方中的任一目标协作参与方对应服务端上传的,由用户指定的针对所述多个协作参与方中的至少部分协作参与方维护的数据进行隐私计算的计算流程;其中,所述计算流程包括由所述用户指定的与所述隐私计算相关的至少一个功能性算子构成的计算流程;第二解析模块702,获取所述至少部分协作参与方针对其维护的数据的数据安全要求,从与所述隐私计算相关的实例化算子库中选择满足所述数据安全要求的与所述至少一个功能性算子对应的至少一个实例化算子,并基于所述至少一个实例化算子生成与所述计算流程对应的实例化计算流程;第二生成模块703,创建包含与所述实例化计算流程对应的隐私计算逻辑的智能合约,并将创建的所述智能合约部署到与所述数据协作平台对接的区块链网络中,以供所述用户进行调用。As shown in Figure 7, Figure 7 is a block diagram of another user service usage device shown in this specification according to an exemplary embodiment. This device can also be applied to the electronic device shown in Figure 5 to implement the instructions of this specification. Technical solutions. The device 700 includes: a second acquisition module 701, which acquires the information uploaded by the corresponding server of any target collaboration participant among the multiple collaboration participants and specified by the user for at least part of the multiple collaboration participants. The calculation process of performing privacy calculation on data maintained by collaborative participants; wherein the calculation process includes a calculation process composed of at least one functional operator specified by the user and related to the privacy calculation; the second analysis module 702, Obtain the data security requirements of at least some of the collaborative participants for the data they maintain, and select from the instantiation operator library related to the privacy calculation that satisfies the data security requirements and corresponds to the at least one functional operator. At least one instantiation operator, and generate an instantiation calculation process corresponding to the calculation process based on the at least one instantiation operator; the second generation module 703 creates a privacy calculation corresponding to the instantiation calculation process logical smart contract, and deploy the created smart contract to the blockchain network connected to the data collaboration platform for the user to call.
上述装置700的各个模块的具体细节已经在之前描述的方法流程中进行了详细的描述,因此此处不再赘述。The specific details of each module of the above-mentioned device 700 have been described in detail in the previously described method flow, so they will not be described again here.
相应的,本说明书还提供一种电子设备,所述电子设备包括有处理器;用于存储处理器可执行指令的存储器;其中,所述处理器被配置为实现之前描述的全部的方法流程中的步骤。Correspondingly, this specification also provides an electronic device, which includes a processor; a memory for storing instructions executable by the processor; wherein the processor is configured to implement all the previously described method flows. A step of.
相应的,本说明书还提供一种计算机可读存储介质,其上存储有可执行的指令;其中,该指令被处理器执行时,实现之前描述的全部的方法流程中的步骤。Correspondingly, this specification also provides a computer-readable storage medium on which executable instructions are stored; wherein, when the instructions are executed by the processor, all the steps in the method flow described previously are implemented.
对于装置实施例而言,由于其基本对应于方法实施例,所以相关之处参见方法实施例的部分说明即可。以上所描述的装置实施例仅仅是示意性的,其中所述作为分离部件说明的模块可以是或者也可以不是物理上分开的,作为模块显示的部件可以是或者也可以不是物理模块,即可以位于一个地方,或者也可以分布到多个网络模块上。可以根据实际的需要选择其中的部分或者全部模块来实现本说明书方案的目的。本领域普通技术人员在不付出创造性劳动的情况下,即可以理解并实施。As for the device embodiment, since it basically corresponds to the method embodiment, please refer to the partial description of the method embodiment for relevant details. The device embodiments described above are only illustrative. The modules described as separate components may or may not be physically separated. The components shown as modules may or may not be physical modules, that is, they may be located in One place, or it can be distributed to multiple network modules. Some or all of the modules can be selected according to actual needs to achieve the purpose of the solution in this specification. Persons of ordinary skill in the art can understand and implement the method without any creative effort.
上述实施例阐明的系统、装置、模块或单元,具体可以由计算机芯片或实体实现,或者由具有某种功能的产品来实现。一种典型的实现设备为计算机,计算机的具体形式可以是个人计算机、膝上型计算机、蜂窝电话、相机电话、智能电话、个人数字助理、媒体播放器、导航设备、电子邮件收发设备、游戏控制台、平板计算机、可穿戴设备或者这些设备中的任意几种设备的组合。The systems, devices, modules or units described in the above embodiments may be implemented by computer chips or entities, or by products with certain functions. A typical implementation device is a computer, which may be in the form of a personal computer, a laptop, a cellular phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email transceiver, or a game controller. desktop, tablet, wearable device, or a combination of any of these devices.
在一个典型的配置中,计算机包括一个或多个处理器(CPU)、输入/输出接口、网络接口和内存。In a typical configuration, a computer includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
内存可能包括计算机可读介质中的非永久性存储器,随机存取存储器(RAM)和/或非易失性内存等形式,如只读存储器(ROM)或闪存(flash RAM)。内存是计算机 可读介质的示例。Memory may include non-permanent storage in computer-readable media, random access memory (RAM) and/or non-volatile memory in the form of read-only memory (ROM) or flash memory (flash RAM). Memory is an example of computer-readable media.
计算机可读介质包括永久性和非永久性、可移动和非可移动媒体可以由任何方法或技术来实现信息存储。信息可以是计算机可读指令、数据结构、程序的模块或其他数据。计算机的存储介质的例子包括,但不限于相变内存(PRAM)、静态随机存取存储器(SRAM)、动态随机存取存储器(DRAM)、其他类型的随机存取存储器(RAM)、只读存储器(ROM)、电可擦除可编程只读存储器(EEPROM)、快闪记忆体或其他内存技术、只读光盘只读存储器(CD-ROM)、数字多功能光盘(DVD)或其他光学存储、磁盒式磁带、磁盘存储、量子存储器、基于石墨烯的存储介质或其他磁性存储设备或任何其他非传输介质,可用于存储可以被计算设备访问的信息。按照本文中的界定,计算机可读介质不包括暂存电脑可读媒体(transitory media),如调制的数据信号和载波。Computer-readable media includes both persistent and non-volatile, removable and non-removable media that can be implemented by any method or technology for storage of information. Information may be computer-readable instructions, data structures, modules of programs, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), and read-only memory. (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technology, compact disc read-only memory (CD-ROM), digital versatile disc (DVD) or other optical storage, Magnetic tape cartridges, magnetic disk storage, quantum memory, graphene-based storage media or other magnetic storage devices, or any other non-transmission medium, can be used to store information that can be accessed by computing devices. As defined in this article, computer-readable media does not include transitory media, such as modulated data signals and carrier waves.
还需要说明的是,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、商品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、商品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括所述要素的过程、方法、商品或者设备中还存在另外的相同要素。It should also be noted that the terms "comprises," "comprises," or any other variation thereof are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that includes a list of elements not only includes those elements, but also includes Other elements are not expressly listed or are inherent to the process, method, article or equipment. Without further limitation, an element defined by the statement "comprises a..." does not exclude the presence of additional identical elements in a process, method, article, or device that includes the stated element.
上述对本说明书特定实施例进行了描述。其它实施例在所附权利要求书的范围内。在一些情况下,在权利要求书中记载的动作或步骤可以按照不同于实施例中的顺序来执行并且仍然可以实现期望的结果。另外,在附图中描绘的过程不一定要求示出的特定顺序或者连续顺序才能实现期望的结果。在某些实施方式中,多任务处理和并行处理也是可以的或者可能是有利的。The foregoing describes specific embodiments of this specification. Other embodiments are within the scope of the appended claims. In some cases, the actions or steps recited in the claims can be performed in a different order than in the embodiments and still achieve desired results. Additionally, the processes depicted in the figures do not necessarily require the specific order shown, or sequential order, to achieve desirable results. Multitasking and parallel processing are also possible or may be advantageous in certain implementations.
在本说明书一个或多个实施例使用的术语是仅仅出于描述特定实施例的目的,而非旨在限制本说明书一个或多个实施例。在本说明书一个或多个实施例和所附权利要求书中所使用的单数形式的“一种”、“所述”和“该”也旨在包括多数形式,除非上下文清楚地表示其他含义。还应当理解,本文中使用的术语“和/或”是指并包含一个或多个相关联的列出项目的任何或所有可能组合。The terminology used in one or more embodiments of this specification is for the purpose of describing particular embodiments only and is not intended to limit the one or more embodiments of this specification. As used in one or more embodiments of this specification and the appended claims, the singular forms "a," "the" and "the" are intended to include the plural forms as well, unless the context clearly dictates otherwise. It will also be understood that the term "and/or" as used herein refers to and includes any and all possible combinations of one or more of the associated listed items.
应当理解,尽管在本说明书一个或多个实施例可能采用术语第一、第二、第三等来描述各种信息,但这些信息不应限于这些术语。这些术语仅用来将同一类型的信息彼此区分开。例如,在不脱离本说明书一个或多个实施例范围的情况下,第一信息也可以被称为第二信息,类似地,第二信息也可以被称为第一信息。取决于语境,如在此所使用的词语“如果”可以被解释成为“在……时”或“当……时”或“响应于确定”。It should be understood that although one or more embodiments of this specification may use the terms first, second, third, etc. to describe various information, the information should not be limited to these terms. These terms are only used to distinguish information of the same type from each other. For example, without departing from the scope of one or more embodiments of this specification, the first information may also be called second information, and similarly, the second information may also be called first information. Depending on the context, the word "if" as used herein may be interpreted as "when" or "when" or "in response to determining."
以上所述仅为本说明书一个或多个实施例的较佳实施例而已,并不用以限制本说明书一个或多个实施例,凡在本说明书一个或多个实施例的精神和原则之内,所做的任何修改、等同替换、改进等,均应包含在本说明书一个或多个实施例保护的范围之内。The above are only preferred embodiments of one or more embodiments of this specification, and are not intended to limit one or more embodiments of this specification. Within the spirit and principles of one or more embodiments of this specification, Any modifications, equivalent substitutions, improvements, etc. shall be included in the scope of protection of one or more embodiments of this specification.

Claims (20)

  1. 一种基于多方协作的隐私计算方法,基于区块链的数据协作平台对接了多个协作参与方;所述方法应用于与所述多个协作参与方中的任一目标协作参与方对应的服务端;其中,所述多个协作参与方分别维护了用于参与隐私计算的数据;所述方法包括:A privacy computing method based on multi-party collaboration. A blockchain-based data collaboration platform connects multiple collaboration participants; the method is applied to services corresponding to any target collaboration participant among the multiple collaboration participants. end; wherein, the multiple collaboration participants respectively maintain data used to participate in privacy calculations; the method includes:
    获取用户指定的针对所述多个协作参与方中的至少部分协作参与方维护的数据进行隐私计算的计算流程;其中,所述计算流程包括由所述用户指定的与所述隐私计算相关的至少一个功能性算子构成的计算流程;Obtaining a user-specified calculation process for performing privacy calculations on data maintained by at least some of the multiple collaboration participants; wherein the calculation process includes at least a user-specified calculation process related to the privacy calculation. A calculation process composed of functional operators;
    获取所述至少部分协作参与方针对其维护的数据的数据安全要求,从与所述隐私计算相关的实例化算子库中选择满足所述数据安全要求的与所述至少一个功能性算子对应的至少一个实例化算子,并基于所述至少一个实例化算子生成与所述计算流程对应的实例化计算流程;Obtain the data security requirements of at least some of the collaborative participants for the data they maintain, and select from the instantiation operator library related to the privacy calculation that satisfies the data security requirements and corresponds to the at least one functional operator. at least one instantiation operator, and generate an instantiation calculation process corresponding to the calculation process based on the at least one instantiation operator;
    创建包含与所述实例化计算流程对应的隐私计算逻辑的智能合约,并将创建的所述智能合约部署到与所述数据协作平台对接的区块链网络中,以供所述用户进行调用。Create a smart contract containing privacy calculation logic corresponding to the instantiation calculation process, and deploy the created smart contract to the blockchain network connected to the data collaboration platform for the user to call.
  2. 根据权利要求1所述的方法,其中,所述获取用户指定的针对所述多个协作参与方中的至少部分协作参与方维护的数据进行隐私计算的计算流程,包括:The method according to claim 1, wherein the obtaining a user-specified calculation process for performing privacy calculations on data maintained by at least some of the multiple collaboration participants includes:
    将与所述隐私计算相关的功能算子库通过与所述目标协作参与方对应的用户客户端向所述用户进行输出,并获取用户在输出的所述功能算子库中选择的至少一个功能性算子,基于所述至少一个功能性算子生成针对所述多个协作参与方中的至少部分协作参与方维护的数据进行隐私计算的计算流程。Output the function operator library related to the privacy calculation to the user through the user client corresponding to the target collaboration participant, and obtain at least one function selected by the user in the output function operator library A functional operator, based on the at least one functional operator, generates a calculation process for performing privacy calculations on data maintained by at least some of the multiple collaboration participants.
  3. 根据权利要求2所述的方法,其中,将所述功能算子库通过与所述目标协作参与方对应的用户客户端向所述用户进行输出,并获取用户在输出的所述功能算子库中选择的至少一个功能性算子,基于所述至少一个功能性算子生成针对所述多个协作参与方中的至少部分协作参与方维护的数据进行隐私计算的计算流程,包括:The method according to claim 2, wherein the function operator library is output to the user through a user client corresponding to the target collaboration participant, and the function operator library output by the user is obtained. At least one functional operator selected in, based on the at least one functional operator, generates a calculation process for performing privacy calculations on data maintained by at least some of the multiple collaboration participants, including:
    通过与所述目标协作参与方对应的用户客户端向所述用户输出计算流程规划界面;其中,所述计算流程规划界面包括所述功能算子库;A computing process planning interface is output to the user through a user client corresponding to the target collaboration participant; wherein the computing process planning interface includes the functional operator library;
    获取所述用户在所述计算流程规划界面中从所述功能算子库中选择的至少一个功能性算子,以及在所述计算流程规划界面中为所述至少一个功能性算子指定的逻辑顺序;Obtain at least one functional operator selected by the user from the functional operator library in the calculation process planning interface, and the logic specified for the at least one functional operator in the calculation process planning interface order;
    基于所述至少一个功能性算子以及为所述至少一个功能性算子指定的逻辑顺序生成针对所述多个协作参与方中的至少部分协作参与方维护的数据进行隐私计算的计算流程。A calculation process for performing privacy calculations on data maintained by at least part of the collaboration participants among the plurality of collaboration participants is generated based on the at least one functional operator and the logical sequence specified for the at least one functional operator.
  4. 根据权利要求3所述的方法,其中,所述计算流程包括由所述至少一个功能性算子构成的DAG图形结构。The method of claim 3, wherein the calculation process includes a DAG graph structure composed of the at least one functional operator.
  5. 根据权利要求1所述的方法,其中,获取所述至少部分协作参与方针对其维护的数据的数据安全要求,包括:The method of claim 1, wherein obtaining the data security requirements of at least some of the collaboration participants for the data they maintain includes:
    获取所述至少部分协作参与方针对其维护的数据配置的数据安全策略;Obtaining the data security policy configured by at least some of the collaboration participants for data maintained by them;
    基于所述数据安全策略确定所述至少部分协作参与方针对其维护的数据的数据安全要求。Data security requirements for data maintained by the at least some collaboration participants are determined based on the data security policy.
  6. 根据权利要求5所述的方法,其中,The method of claim 5, wherein,
    所述数据安全策略包括以下示出的一项或者多项的组合:The data security policy includes one or a combination of the following:
    针对所述数据配置的安全级别;The security level configured for the data;
    针对所述数据配置的安全防护级别;The security protection level configured for the data;
    与其它的协作参与方的数据信任关系;Data trust relationships with other collaboration participants;
    所述数据安全要求包括以下示出的一项或者多项的组合:The data security requirements include one or a combination of the following:
    基于所述安全级别确定出的,是否允许将所述数据导出其所在的数据域的安全性要求;Determined based on the security level, whether the data is allowed to be exported to the security requirements of the data domain where it is located;
    基于所述安全防护级别确定出的,是否允许对所述数据以及针对所述数据的隐私计算结果进行数据脱敏处理的安全性要求;Determine based on the security protection level, the security requirements of whether to allow data desensitization processing on the data and the privacy calculation results for the data;
    基于所述数据信任关系确定出的,是否允许将所述数据与其它的协作参与方维护的数据进行汇总的安全性要求。Based on the data trust relationship, it is determined whether the security requirements are allowed to aggregate the data with data maintained by other collaboration participants.
  7. 根据权利要求1所述的方法,其中,所述数据协作平台在与所述多个协作参与方对应的服务端上,分布式的部署了流程规划组件;所述多个协作参与方对应的服务端上分别维护了所述实例化算子库;The method according to claim 1, wherein the data collaboration platform distributes process planning components on servers corresponding to the multiple collaboration participants; services corresponding to the multiple collaboration participants The instantiation operator library is maintained separately on the terminal;
    获取所述至少部分协作参与方针对其维护的数据的数据安全要求,从与所述隐私计算相关的实例化算子库中选择满足所述数据安全要求的与所述至少一个功能性算子对应的至少一个实例化算子,并基于所述至少一个实例化算子生成与所述计算流程对应的实例化计算流程,包括:Obtain the data security requirements of at least some of the collaborative participants for the data they maintain, and select from the instantiation operator library related to the privacy calculation that satisfies the data security requirements and corresponds to the at least one functional operator. At least one instantiation operator, and generating an instantiation calculation process corresponding to the calculation process based on the at least one instantiation operator, including:
    调用所述流程规划组件,获取所述至少部分协作参与方针对其维护的数据的数据安全要求,从本地维护的所述实例化算子库中选择满足所述数据安全要求的与所述至少一个功能性算子对应的至少一个实例化算子,并基于所述至少一个实例化算子生成与所述计算流程对应的实例化计算流程。Call the process planning component, obtain the data security requirements of at least some of the collaboration participants for the data they maintain, and select from the locally maintained instantiation operator library that satisfies the data security requirements with the at least one At least one instantiation operator corresponding to the functional operator, and based on the at least one instantiation operator, an instantiation calculation process corresponding to the calculation process is generated.
  8. 根据权利要求7所述的方法,其中,所述实例化算子库包括若干实例化算子和与所述实例化算子对应的数据安全要求;The method according to claim 7, wherein the instantiation operator library includes several instantiation operators and data security requirements corresponding to the instantiation operators;
    从所述实例化算子库中选择满足所述数据安全要求的与所述至少一个功能性算子对应的至少一个实例化算子,包括:Selecting at least one instantiation operator corresponding to the at least one functional operator that meets the data security requirements from the instantiation operator library includes:
    查找所述实例化算子库中与所述至少一个功能性算子对应的至少一个实例化算子;Search for at least one instantiation operator corresponding to the at least one functional operator in the instantiation operator library;
    将所述至少部分协作参与方针对其维护的数据的数据安全要求,与查找到的所述至少一个实例化算子对应的数据安全要求进行匹配;Match the data security requirements of at least some of the collaboration participants for the data they maintain with the data security requirements corresponding to the found at least one instantiation operator;
    基于匹配结果,从所述至少一个实例化算子中选择与所述至少部分协作参与方针对其维护的数据的数据安全要求匹配的实例化算子。Based on the matching result, an instantiation operator is selected from the at least one instantiation operator that matches the data security requirements of the data maintained by the at least part of the collaboration participants.
  9. 根据权利要求8所述的方法,其中,所述实例化算子包括基于所述数据协作平台和所述协作参与方支持的隐私计算技术实现的算子。The method of claim 8, wherein the instantiation operator includes an operator implemented based on privacy computing technology supported by the data collaboration platform and the collaboration participants.
  10. 根据权利要求9所述的方法,其中,所述实例化算子包括以下示出的一项或者多项的组合:The method according to claim 9, wherein the instantiation operator includes one or a combination of multiple items shown below:
    基于TEE实现的实例化算子;Instantiation operator implemented based on TEE;
    基于MPC实现的实例化算子;Instantiation operator implemented based on MPC;
    基于TL实现的实例化算子。Instantiation operator implemented based on TL.
  11. 根据权利要求1所述的方法,其中,基于所述至少一个实例化算子生成与所述 计算流程对应的实例化计算流程,包括:The method according to claim 1, wherein generating an instantiation calculation process corresponding to the calculation process based on the at least one instantiation operator includes:
    基于所述至少一个实例化算子生成多个实例化计算流程;Generate multiple instantiation calculation processes based on the at least one instantiation operator;
    将所述多个实例化计算流程向所述用户进行输出展示,以由所述用户从所述多个实例化计算流程中选择与所述计算流程对应的实例化计算流程。The plurality of instantiated computing processes are output and displayed to the user, so that the user selects an instantiated computing process corresponding to the computing process from the plurality of instantiated computing processes.
  12. 根据权利要求1所述的方法,其中,所述数据协作平台在与所述多个协作参与方对应的服务端上,分布式的部署了智能合约管理组件;The method according to claim 1, wherein the data collaboration platform deploys smart contract management components in a distributed manner on the server corresponding to the multiple collaboration participants;
    创建包含与所述实例化计算流程对应的隐私计算逻辑的智能合约,并将创建的所述智能合约部署到与所述数据协作平台对接的区块链网络中,包括:Create a smart contract containing privacy computing logic corresponding to the instantiation calculation process, and deploy the created smart contract to the blockchain network connected to the data collaboration platform, including:
    调用所述智能合约管理组件,生成与所述实例化计算流程对应的隐私计算逻辑相关的执行代码,并将生成的所述执行代码编译成为智能合约代码;Call the smart contract management component to generate execution code related to the privacy calculation logic corresponding to the instantiation calculation process, and compile the generated execution code into smart contract code;
    在与所述数据协作平台对接的区块链网络中部署包含所述智能合约代码的智能合约。Deploy a smart contract containing the smart contract code in a blockchain network connected to the data collaboration platform.
  13. 根据权利要求12所述的方法,其中,与所述实例化计算流程对应的隐私计算逻辑,包括与所述实例化计算流程对应的计算调度逻辑;其中,所述计算调度逻辑用于针对所述至少一个实例化算子进行计算调度,以完成针对所述至少部分协作参与方维护的数据的隐私计算。The method according to claim 12, wherein the privacy calculation logic corresponding to the instantiation calculation process includes calculation scheduling logic corresponding to the instantiation calculation process; wherein the calculation scheduling logic is used for the At least one instantiation operator performs calculation scheduling to complete privacy calculations for data maintained by at least part of the collaboration participants.
  14. 根据权利要求1所述的方法,其中,所述多个协作参与方包括分布在不同地域的多个数据中心。The method of claim 1, wherein the multiple collaboration participants include multiple data centers distributed in different regions.
  15. 根据权利要求1所述的方法,其中,所述数据协作平台包括与所述区块链网络对应的区块链服务平台。The method according to claim 1, wherein the data collaboration platform includes a blockchain service platform corresponding to the blockchain network.
  16. 一种基于多方协作的隐私计算方法,所述方法应用于基于区块链的数据协作平台;其中,所述数据协作平台对接了多个协作参与方;所述多个协作参与方分别维护了用于参与隐私计算的数据;所述方法包括:A privacy computing method based on multi-party collaboration, the method is applied to a data collaboration platform based on blockchain; wherein, the data collaboration platform connects multiple collaboration participants; the multiple collaboration participants respectively maintain user For data participating in privacy calculations; the methods include:
    获取所述多个协作参与方中的任一目标协作参与方对应服务端上传的,由用户指定的针对所述多个协作参与方中的至少部分协作参与方维护的数据进行隐私计算的计算流程;其中,所述计算流程包括由所述用户指定的与所述隐私计算相关的至少一个功能性算子构成的计算流程;Obtain the calculation process of privacy calculation for the data maintained by at least part of the multiple collaboration participants uploaded by the corresponding server of any target collaboration participant among the multiple collaboration participants and specified by the user ; Wherein, the calculation process includes a calculation process composed of at least one functional operator specified by the user and related to the privacy calculation;
    获取所述至少部分协作参与方针对其维护的数据的数据安全要求,从与所述隐私计算相关的实例化算子库中选择满足所述数据安全要求的与所述至少一个功能性算子对应的至少一个实例化算子,并基于所述至少一个实例化算子生成与所述计算流程对应的实例化计算流程;Obtain the data security requirements of at least some of the collaborative participants for the data they maintain, and select from the instantiation operator library related to the privacy calculation that satisfies the data security requirements and corresponds to the at least one functional operator. at least one instantiation operator, and generate an instantiation calculation process corresponding to the calculation process based on the at least one instantiation operator;
    创建包含与所述实例化计算流程对应的隐私计算逻辑的智能合约,并将创建的所述智能合约部署到与所述数据协作平台对接的区块链网络中,以供所述用户进行调用。Create a smart contract containing privacy calculation logic corresponding to the instantiation calculation process, and deploy the created smart contract to the blockchain network connected to the data collaboration platform for the user to call.
  17. 一种基于多方协作的隐私计算装置,基于区块链的数据协作平台对接了多个协作参与方;所述装置应用于与所述多个协作参与方中的任一目标协作参与方对应的服务端;其中,所述多个协作参与方分别维护了用于参与隐私计算的数据;所述装置包括:A privacy computing device based on multi-party collaboration. A blockchain-based data collaboration platform connects multiple collaboration participants; the device is applied to services corresponding to any target collaboration participant among the multiple collaboration participants. end; wherein, the multiple collaboration participants respectively maintain data used to participate in privacy calculations; the device includes:
    第一获取模块,获取用户指定的针对所述多个协作参与方中的至少部分协作参与方维护的数据进行隐私计算的计算流程;其中,所述计算流程包括由所述用户指定的与所述隐私计算相关的至少一个功能性算子构成的计算流程;The first acquisition module obtains a user-specified calculation process for performing privacy calculations on data maintained by at least some of the multiple collaboration participants; wherein the calculation process includes the calculation process specified by the user and the A calculation process composed of at least one functional operator related to privacy calculations;
    第一生成模块,获取所述至少部分协作参与方针对其维护的数据的数据安全要求,从与所述隐私计算相关的实例化算子库中选择满足所述数据安全要求的与所述至少一个功能性算子对应的至少一个实例化算子,并基于所述至少一个实例化算子生成与所述计算流程对应的实例化计算流程;The first generation module obtains the data security requirements of at least some of the collaborative participants for the data they maintain, and selects the at least one operator that satisfies the data security requirements from the instantiation operator library related to the privacy calculation. At least one instantiation operator corresponding to the functional operator, and generating an instantiation calculation process corresponding to the calculation process based on the at least one instantiation operator;
    第一部署模块,创建包含与所述实例化计算流程对应的隐私计算逻辑的智能合约,并将创建的所述智能合约部署到与所述数据协作平台对接的区块链网络中,以供所述用户进行调用。The first deployment module creates a smart contract containing privacy calculation logic corresponding to the instantiation calculation process, and deploys the created smart contract to the blockchain network connected to the data collaboration platform for all The user makes the call.
  18. 一种基于多方协作的隐私计算装置,所述装置应用于基于区块链的数据协作平台;其中,所述数据协作平台对接了多个协作参与方;所述多个协作参与方分别维护了用于参与隐私计算的数据;所述装置包括:A privacy computing device based on multi-party collaboration, the device is applied to a data collaboration platform based on blockchain; wherein, the data collaboration platform connects multiple collaboration participants; the multiple collaboration participants respectively maintain user For data participating in privacy calculations; the device includes:
    第二获取模块,获取所述多个协作参与方中的任一目标协作参与方对应服务端上传的,由用户指定的针对所述多个协作参与方中的至少部分协作参与方维护的数据进行隐私计算的计算流程;其中,所述计算流程包括由所述用户指定的与所述隐私计算相关的至少一个功能性算子构成的计算流程;The second acquisition module obtains the data uploaded by the corresponding server of any target collaboration participant among the multiple collaboration participants and specified by the user and maintained for at least some of the collaboration participants. The calculation process of privacy calculation; wherein the calculation process includes a calculation process composed of at least one functional operator specified by the user and related to the privacy calculation;
    第二生成模块,获取所述至少部分协作参与方针对其维护的数据的数据安全要求,从与所述隐私计算相关的实例化算子库中选择满足所述数据安全要求的与所述至少一个功能性算子对应的至少一个实例化算子,并基于所述至少一个实例化算子生成与所述计算流程对应的实例化计算流程;The second generation module obtains the data security requirements of at least some of the collaborative participants for the data they maintain, and selects the at least one operator that satisfies the data security requirements from the instantiation operator library related to the privacy calculation. At least one instantiation operator corresponding to the functional operator, and generating an instantiation calculation process corresponding to the calculation process based on the at least one instantiation operator;
    第二部署模块,创建包含与所述实例化计算流程对应的隐私计算逻辑的智能合约,并将创建的所述智能合约部署到与所述数据协作平台对接的区块链网络中,以供所述用户进行调用。The second deployment module creates a smart contract containing privacy calculation logic corresponding to the instantiation calculation process, and deploys the created smart contract to the blockchain network connected to the data collaboration platform for all The user makes the call.
  19. 一种电子设备,包括:An electronic device including:
    处理器;processor;
    用于存储处理器可执行指令的存储器;Memory used to store instructions executable by the processor;
    其中,所述处理器通过运行所述可执行指令以实现如权利要求1-16中任一项所述的方法。Wherein, the processor implements the method according to any one of claims 1-16 by running the executable instructions.
  20. 一种计算机可读存储介质,其上存储有计算机指令,该指令被处理器执行时实现如权利要求1-16中任一项所述方法的步骤。A computer-readable storage medium having computer instructions stored thereon, which when executed by a processor, implements the steps of the method according to any one of claims 1-16.
PCT/CN2022/135217 2022-07-22 2022-11-30 Multi-party collaboration-based privacy computing method and apparatus WO2024016549A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202210872158.2A CN115270202A (en) 2022-07-22 2022-07-22 Privacy calculation method and device based on multi-party cooperation
CN202210872158.2 2022-07-22

Publications (1)

Publication Number Publication Date
WO2024016549A1 true WO2024016549A1 (en) 2024-01-25

Family

ID=83768121

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/135217 WO2024016549A1 (en) 2022-07-22 2022-11-30 Multi-party collaboration-based privacy computing method and apparatus

Country Status (2)

Country Link
CN (1) CN115270202A (en)
WO (1) WO2024016549A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115270202A (en) * 2022-07-22 2022-11-01 蚂蚁区块链科技(上海)有限公司 Privacy calculation method and device based on multi-party cooperation
CN116257303B (en) * 2023-05-04 2023-08-15 支付宝(杭州)信息技术有限公司 Data security processing method and device, storage medium and electronic equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110298190A (en) * 2019-04-19 2019-10-01 矩阵元技术(深圳)有限公司 Decentralization Secure data processing method, device and storage medium
CN110335037A (en) * 2019-04-19 2019-10-15 矩阵元技术(深圳)有限公司 Method of commerce, device and the storage medium calculated based on block chain and Secure
CN110414272A (en) * 2019-08-08 2019-11-05 北京芯际科技有限公司 A kind of block chain method for secret protection calculated based on Secure
US20210058234A1 (en) * 2019-08-22 2021-02-25 Myndshft Technologies, Inc. Blockchain network control system and methods
CN115270202A (en) * 2022-07-22 2022-11-01 蚂蚁区块链科技(上海)有限公司 Privacy calculation method and device based on multi-party cooperation

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110298190A (en) * 2019-04-19 2019-10-01 矩阵元技术(深圳)有限公司 Decentralization Secure data processing method, device and storage medium
CN110335037A (en) * 2019-04-19 2019-10-15 矩阵元技术(深圳)有限公司 Method of commerce, device and the storage medium calculated based on block chain and Secure
CN110414272A (en) * 2019-08-08 2019-11-05 北京芯际科技有限公司 A kind of block chain method for secret protection calculated based on Secure
US20210058234A1 (en) * 2019-08-22 2021-02-25 Myndshft Technologies, Inc. Blockchain network control system and methods
CN115270202A (en) * 2022-07-22 2022-11-01 蚂蚁区块链科技(上海)有限公司 Privacy calculation method and device based on multi-party cooperation

Also Published As

Publication number Publication date
CN115270202A (en) 2022-11-01

Similar Documents

Publication Publication Date Title
WO2024016549A1 (en) Multi-party collaboration-based privacy computing method and apparatus
WO2024016547A1 (en) Data query method and device based on multi-party collaboration
US10152577B2 (en) Cross tenant data access
Fowley et al. A classification and comparison framework for cloud service brokerage architectures
US11652628B2 (en) Deterministic verification of digital identity documents
US11615425B2 (en) Method and apparatus for autonomous services composition
US10515119B2 (en) Sequential recommender system for virtualized network services
US20220103618A1 (en) Data pipeline architecture
US20160274874A1 (en) Method and apparatus for processing request
US10776180B1 (en) Expression-based feature toggle in an application programming interface (API)
Exposito et al. Smart SOA platforms in cloud computing architectures
US10417403B2 (en) Automation authentication and access
US20190005255A1 (en) Protecting restricted information when importing and exporting resources
CN115705256A (en) Request facilitation for agreement on service transactions
Daga et al. Flame: Simplifying Topology Extension in Federated Learning
US10540187B2 (en) User-initiated dynamic data application programming interface creation
US10885135B1 (en) Cloud resources platform incorporating a dynamic offering catalog
Caroprese et al. P2P deductive databases: well founded semantics and distributed computation
US20230418963A1 (en) Edge data processing utilizing per-endpoint subscriber configurable data processing workloads
US11829741B2 (en) Instantiated deployment of microservices
US20230113171A1 (en) Automated orchestration of skills for digital agents
Erbel Declarative Cloud Resource Provisioning Using OCCI Models
Knape Dynamic Automated Selection and Deployment of Software Components within a Heterogeneous Multi-Platform Environment
Vilaça Orchestration and Distribution of Services in Hybrid Cloud/Edge Environments
Fakhfakh Semantic based cloud broker architecture optimizing users satisfaction

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22951808

Country of ref document: EP

Kind code of ref document: A1