CN116011019A - Privacy computing system, method, device, equipment and medium - Google Patents
Privacy computing system, method, device, equipment and medium Download PDFInfo
- Publication number
- CN116011019A CN116011019A CN202310089158.XA CN202310089158A CN116011019A CN 116011019 A CN116011019 A CN 116011019A CN 202310089158 A CN202310089158 A CN 202310089158A CN 116011019 A CN116011019 A CN 116011019A
- Authority
- CN
- China
- Prior art keywords
- target
- computing device
- privacy computing
- credential
- identifier
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
Description
技术领域technical field
本申请涉及数据安全技术领域,尤其涉及一种隐私计算系统、方法、装置、设备及介质。The present application relates to the technical field of data security, and in particular to a privacy computing system, method, device, device and medium.
背景技术Background technique
隐私计算(Privacy compute或Privacy computing)是指在保护数据本身不对外泄露的前提下实现数据分析计算的技术集合,达到对数据“可用、不可见”的目的,在充分保护数据和隐私安全的前提下,实现数据价值的转化和释放。Privacy computing (Privacy computing or Privacy computing) refers to a technology collection that realizes data analysis and calculation on the premise of protecting the data itself from being leaked to the outside world, so as to achieve the purpose of "usable and invisible" data, and on the premise of fully protecting data and privacy security Next, realize the transformation and release of data value.
随着业界数据保护意识的增强以及隐私监管政策的趋严,隐私计算由于其“可用、不可见”的特性受到了业界的广泛关注。众多技术厂商纷纷推出其具有行业特色的隐私计算产品。众多的隐私计算产品在丰富了市场选择的同时,也带来了新的挑战。例如不同技术厂商推出的隐私计算产品通常是基于不同系统平台设计实现的,将不同系统平台的隐私计算产品分别保存在不同的隐私计算设备中时,不同系统平台的隐私计算产品之间通常无法完成信息的交互,将“数据孤岛”变成了“计算孤岛”。With the increasing awareness of data protection in the industry and the tightening of privacy regulatory policies, privacy computing has attracted widespread attention from the industry due to its "available and invisible" characteristics. Many technology manufacturers have launched their privacy computing products with industry characteristics. Numerous privacy computing products have enriched the market choices, but also brought new challenges. For example, privacy computing products launched by different technology manufacturers are usually designed and implemented based on different system platforms. When the privacy computing products of different system platforms are stored in different privacy computing devices, the privacy computing products of different system platforms usually cannot be completed. The interaction of information turns "data islands" into "computing islands".
因此,不同隐私计算设备中保存的隐私算法产品之间的互联互通问题已经成为业界的绝对痛点。其中,一个隐私计算设备如何安全的访问其他隐私计算设备中的资源,即不同隐私计算设备之间如何安全协同的访问资源是目前亟需解决的一个技术问题。Therefore, the interconnection between privacy algorithm products stored in different privacy computing devices has become an absolute pain point in the industry. Among them, how a private computing device securely accesses resources in other private computing devices, that is, how to safely and cooperatively access resources between different private computing devices is a technical problem that needs to be solved urgently.
发明内容Contents of the invention
本申请提供了一种隐私计算系统、方法、装置、设备及介质,用于不同隐私计算设备之间可以安全协同的访问资源。The present application provides a privacy computing system, method, device, device and medium, which are used for accessing resources that can be safely coordinated between different privacy computing devices.
第一方面,本申请提供了一种隐私计算系统,所述系统包括:In a first aspect, the present application provides a privacy computing system, the system comprising:
第一隐私计算设备,用于若确定待访问资源所属的隐私计算设备为非所述第一隐私计算设备的第二隐私计算设备,获取所述第二隐私计算设备的第二设备标识及所述待访问资源所属的目标项目信息;根据预先保存的隐私计算设备标识、项目信息与资源访问的许可凭证的对应关系,确定与所述第二设备标识和目标项目信息对应的目标许可凭证;向所述第二设备标识对应的第二隐私计算设备发送携带所述目标许可凭证、所述目标项目信息和所述第一隐私计算设备的第一设备标识的资源访问请求;The first privacy computing device is configured to obtain the second device identifier of the second privacy computing device and the The target item information to which the resource to be accessed belongs; according to the correspondence between the pre-saved private computing device ID, item information, and resource access license credentials, determine the target license credential corresponding to the second device ID and the target project information; The second private computing device corresponding to the second device identifier sends a resource access request carrying the target permission credential, the target item information, and the first device identifier of the first private computing device;
所述第二隐私计算设备,用于接收所述资源访问请求,根据预先保存的隐私计算设备标识、项目信息与授权凭证的对应关系,确定所述第一设备标识和所述目标项目信息对应的目标授权凭证;若判断所述目标授权凭证与所述目标许可凭证匹配,则向所述第一隐私计算设备发送核验通过通知;The second private computing device is configured to receive the resource access request, and determine the corresponding relationship between the first device identifier and the target project information according to the pre-saved correspondence between the private computing device identifier, project information, and authorization credentials. Target authorization credential; if it is judged that the target authorization credential matches the target permission credential, send a verification pass notification to the first privacy computing device;
所述第一隐私计算设备,还用于接收所述核验通过通知,并访问所述第二隐私计算设备中的待访问资源。The first privacy computing device is further configured to receive the notification of passing the verification, and access resources to be accessed in the second privacy computing device.
在一种可能的实施方式中,所述第二隐私计算设备,具体用于:In a possible implementation manner, the second privacy computing device is specifically configured to:
若所述目标许可凭证中携带的安全访问策略信息与所述目标授权凭证中携带的安全访问策略信息相符合,则确定所述目标授权凭证与所述目标许可凭证匹配。If the security access policy information carried in the target permission credential matches the security access policy information carried in the target authorization credential, it is determined that the target authorization credential matches the target permission credential.
在一种可能的实施方式中,所述第二隐私计算设备,还用于:In a possible implementation manner, the second privacy computing device is also used for:
若所述目标许可凭证中携带的安全访问策略信息与所述目标授权凭证中携带的安全访问策略信息不相符合,则确定所述目标授权凭证与所述目标许可凭证不匹配,向所述第一隐私计算设备发送核验未通过提示信息。If the security access policy information carried in the target permission credential does not match the security access policy information carried in the target authorization credential, then determine that the target authorization credential does not match the target permission credential, and report to the second A privacy computing device sends a prompt message that the verification fails.
在一种可能的实施方式中,所述安全访问策略信息是隐私计算系统对外可访问信息的分级授权策略,包括:能够访问的资源类型的权限分级、访问方式限制信息、访问次数限制信息、访问时间限制信息中的至少一种。通过这种可分级的松耦合的安全访问策略信息,解耦多方节点间安全策略强关联问题,使异构隐私计算系统间的安全策略具有较好的通用性、可维护性和可扩展性。In a possible implementation manner, the security access policy information is a hierarchical authorization policy for externally accessible information of the privacy computing system, including: permission classification of resource types that can be accessed, access mode restriction information, access times restriction information, access At least one of time limit information. Through this hierarchical and loosely coupled security access policy information, the problem of strong association of security policies between multi-party nodes is decoupled, so that the security policies between heterogeneous privacy computing systems have better versatility, maintainability and scalability.
在一种可能的实施方式中,所述第二隐私计算设备,还用于:In a possible implementation manner, the second privacy computing device is also used for:
建立访问会话,并保存所述访问会话的会话标识与所述目标许可凭证中的目标令牌标识的对应关系;Establishing an access session, and saving the correspondence between the session ID of the access session and the target token ID in the target license certificate;
将所述会话标识发送给所述第一隐私计算设备;sending the session identifier to the first private computing device;
所述第一隐私计算设备,还用于:The first privacy computing device is also used for:
接收所述会话标识,在需访问所述待访问资源时,将所述会话标识和所述目标许可凭证中的目标令牌标识发送给所述第二隐私计算设备;receiving the session identifier, and sending the session identifier and the target token identifier in the target permission credential to the second privacy computing device when accessing the resource to be accessed is required;
所述第二隐私计算设备,还用于:The second privacy computing device is also used for:
接收所述会话标识和所述目标令牌标识,并在确定本地保存有所述会话标识与所述目标令牌标识的对应关系时,向所述第一隐私计算设备发送核验通过通知。The session ID and the target token ID are received, and when it is determined that the corresponding relationship between the session ID and the target token ID is stored locally, a verification pass notification is sent to the first privacy computing device.
在一种可能的实施方式中,所述第一隐私计算设备,具体用于:In a possible implementation manner, the first privacy computing device is specifically configured to:
向所述第二隐私计算设备发送携带所述第一设备标识和目标项目信息的授权访问资源申请;sending an authorization access resource application carrying the first device identifier and target item information to the second private computing device;
所述第二隐私计算设备,具体用于在判断所述第一设备标识位于预先保存的已进行身份认证的安全设备标识中时,根据预先保存的设备标识、项目信息与安全访问策略信息的对应关系,确定所述第一设备标识和所述目标项目信息对应的目标安全访问策略信息,并生成所述目标许可凭证和目标授权凭证,其中,所述目标许可凭证和所述目标授权凭证中均携带有所述目标安全访问策略信息;保存所述第一设备标识、所述目标项目信息与所述目标授权凭证的对应关系,并将所述目标许可凭证发送给所述第一隐私计算设备;The second privacy computing device is specifically configured to, when judging that the first device identifier is located in a pre-stored security device identifier that has undergone identity authentication, according to the correspondence between the pre-stored device identifier, item information, and security access policy information relationship, determine the target security access policy information corresponding to the first device identifier and the target item information, and generate the target permission credential and target authorization credential, wherein both the target permission credential and the target authorization credential carrying the target security access policy information; saving the corresponding relationship between the first device identifier, the target item information and the target authorization credential, and sending the target permission credential to the first privacy computing device;
所述第一隐私计算设备,还用于接收所述目标许可凭证,并保存所述第二设备标识、所述目标项目信息与所述目标许可凭证的对应关系。The first privacy computing device is further configured to receive the target permission certificate, and save the correspondence between the second device identifier, the target item information, and the target permission certificate.
第二方面,本申请提供了一种隐私计算方法,所述方法应用于第二隐私计算设备,所述方法包括:In a second aspect, the present application provides a privacy computing method, the method is applied to a second privacy computing device, and the method includes:
接收第一隐私计算设备发送的资源访问请求,其中,所述资源访问请求中携带目标许可凭证、目标项目信息和所述第一隐私计算设备的第一设备标识;receiving a resource access request sent by the first private computing device, wherein the resource access request carries a target permission credential, target item information, and a first device identifier of the first private computing device;
根据预先保存的隐私计算设备标识、项目信息与授权凭证的对应关系,确定所述第一设备标识和所述目标项目信息对应的目标授权凭证;若判断所述目标授权凭证与所述目标许可凭证匹配,则向所述第一隐私计算设备发送核验通过通知,使所述第一隐私计算设备接收所述核验通过通知,并访问所述第二隐私计算设备中归属于所述目标项目信息的待访问资源。Determine the target authorization certificate corresponding to the first device identification and the target item information according to the pre-saved correspondence between the privacy computing device identification, project information, and authorization certificate; match, then send a verification passing notice to the first privacy computing device, so that the first privacy computing device receives the verification passing notification, and accesses the waiting list belonging to the target project information in the second privacy computing device. Access resources.
在一种可能的实施方式中,所述判断所述目标授权凭证与所述目标许可凭证匹配,包括:In a possible implementation manner, the judging that the target authorization credential matches the target permission credential includes:
若所述目标许可凭证中携带的安全访问策略信息与所述目标授权凭证中携带的安全访问策略信息相符合,则确定所述目标授权凭证与所述目标许可凭证匹配。If the security access policy information carried in the target permission credential matches the security access policy information carried in the target authorization credential, it is determined that the target authorization credential matches the target permission credential.
在一种可能的实施方式中,所述方法还包括:In a possible implementation manner, the method also includes:
若所述目标许可凭证中携带的安全访问策略信息与所述目标授权凭证中携带的安全访问策略信息不相符合,则确定所述目标授权凭证与所述目标许可凭证不匹配,向所述第一隐私计算设备发送核验未通过提示信息。If the security access policy information carried in the target permission credential does not match the security access policy information carried in the target authorization credential, then determine that the target authorization credential does not match the target permission credential, and report to the second A privacy computing device sends a prompt message that the verification fails.
在一种可能的实施方式中,所述安全访问策略信息包括:能够访问的资源类型的权限分级、访问方式限制信息、访问次数限制信息、访问时间限制信息中的至少一种。In a possible implementation manner, the security access policy information includes: at least one of permission classification of accessible resource types, access mode restriction information, access times restriction information, and access time restriction information.
在一种可能的实施方式中,判断所述目标授权凭证与所述目标许可凭证匹配之后,所述向所述第一隐私计算设备发送核验通过通知之前,所述方法还包括:In a possible implementation manner, after it is determined that the target authorization credential matches the target permission credential, and before sending the verification pass notification to the first privacy computing device, the method further includes:
建立访问会话,并保存所述访问会话的会话标识与所述目标许可凭证中的目标令牌标识的对应关系;Establishing an access session, and saving the correspondence between the session ID of the access session and the target token ID in the target license certificate;
将所述会话标识发送给所述第一隐私计算设备;sending the session identifier to the first private computing device;
若接收到所述第一隐私计算设备发送的会话标识和目标令牌标识,并在确定本地保存有所述会话标识与所述目标令牌标识的对应关系时,则进行向所述第一隐私计算设备发送核验通过通知的步骤。If the session identifier and the target token identifier sent by the first privacy computing device are received, and it is determined that the corresponding relationship between the session identifier and the target token identifier is stored locally, then the first privacy A step in which the computing device sends a verification pass notification.
在一种可能的实施方式中,预先保存隐私计算设备标识、项目信息与授权凭证的对应关系的过程包括:In a possible implementation manner, the process of pre-storing the correspondence between the privacy computing device identifier, item information, and authorization credentials includes:
接收所述第一隐私计算设备发送的携带所述第一设备标识和目标项目信息的授权访问资源申请;receiving an authorization access resource application carrying the first device identifier and target item information sent by the first privacy computing device;
在判断所述第一设备标识位于预先保存的已进行身份认证的安全设备标识中时,根据预先保存的设备标识、项目信息与安全访问策略信息的对应关系,确定所述第一设备标识和所述目标项目信息对应的目标安全访问策略信息,并生成所述目标许可凭证和目标授权凭证,其中,所述目标许可凭证和所述目标授权凭证中均携带有所述目标安全访问策略信息;将所述目标许可凭证发送给所述第一隐私计算设备;When it is judged that the first device identifier is located in the pre-stored secure device identifiers that have undergone identity authentication, determine the first device identifier and the target security access policy information corresponding to the target item information, and generate the target permission credential and target authorization credential, wherein both the target permission credential and the target authorization credential carry the target security access policy information; sending the target permission credential to the first private computing device;
保存所述第一设备标识、所述目标项目信息与所述目标授权凭证的对应关系。The corresponding relationship between the first device identifier, the target item information and the target authorization credential is saved.
第三方面,本申请提供了一种隐私计算方法,所述方法应用于第一隐私计算设备,所述方法包括:In a third aspect, the present application provides a privacy computing method, the method is applied to a first privacy computing device, and the method includes:
若确定待访问资源所属的隐私计算设备为非所述第一隐私计算设备的第二隐私计算设备,获取所述第二隐私计算设备的第二设备标识及所述待访问资源所属的目标项目信息;根据预先保存的隐私计算设备标识、项目信息与资源访问的许可凭证的对应关系,确定与所述第二设备标识和目标项目信息对应的目标许可凭证;向所述第二设备标识对应的第二隐私计算设备发送携带所述目标许可凭证、所述目标项目信息和所述第一隐私计算设备的第一设备标识的资源访问请求;If it is determined that the private computing device to which the resource to be accessed belongs is a second private computing device other than the first private computing device, obtain the second device identifier of the second private computing device and the target project information to which the resource to be accessed belongs ; According to the correspondence between the pre-saved private computing device identifier, project information and resource access permission certificate, determine the target permission certificate corresponding to the second device identifier and target project information; identify the second device corresponding to the first The second privacy computing device sends a resource access request carrying the target permission credential, the target item information, and the first device identifier of the first privacy computing device;
若接收到所述第二隐私计算设备发送的核验通过通知,访问所述第二隐私计算设备中的待访问资源。If the verification pass notification sent by the second privacy computing device is received, access the resource to be accessed in the second privacy computing device.
在一种可能的实施方式中,所述向所述第二设备标识对应的第二隐私计算设备发送携带所述目标许可凭证、所述目标项目信息和所述第一隐私计算设备的第一设备标识的资源访问请求之后,接收所述第二隐私计算设备发送的核验通过通知之前,所述方法还包括:In a possible implementation manner, the sending the first device carrying the target permission credential, the target item information, and the first private computing device to the second private computing device corresponding to the second device identifier After the resource access request is identified, before receiving the verification notification sent by the second privacy computing device, the method further includes:
若接收到所述第二隐私计算设备发送的会话标识,在需访问所述待访问资源时,将所述会话标识和所述目标许可凭证中的目标令牌标识发送给所述第二隐私计算设备。If the session identifier sent by the second privacy computing device is received, when the resource to be accessed needs to be accessed, send the session identifier and the target token identifier in the target permission certificate to the second privacy computing device equipment.
在一种可能的实施方式中,预先保存隐私计算设备标识、项目信息与资源访问的许可凭证的对应关系的过程包括:In a possible implementation manner, the process of pre-storing the correspondence between the private computing device identifier, project information, and permission credentials for resource access includes:
向所述第二隐私计算设备发送携带所述第一设备标识和目标项目信息的授权访问资源申请;sending an authorization access resource application carrying the first device identifier and target item information to the second private computing device;
若接收到所述第二隐私计算设备发送的目标许可凭证,保存所述第二设备标识、所述目标项目信息与所述目标许可凭证的对应关系。If the target permission certificate sent by the second privacy computing device is received, the corresponding relationship between the second device identifier, the target item information and the target permission certificate is saved.
第四方面,本申请提供了一种隐私计算装置,所述装置应用于第二隐私计算设备,所述装置包括:In a fourth aspect, the present application provides a privacy computing device, the device is applied to a second privacy computing device, and the device includes:
接收模块,用于接收第一隐私计算设备发送的资源访问请求,其中,所述资源访问请求中携带目标许可凭证、目标项目信息和所述第一隐私计算设备的第一设备标识;A receiving module, configured to receive a resource access request sent by the first privacy computing device, wherein the resource access request carries a target license credential, target item information, and a first device identifier of the first privacy computing device;
鉴权模块,用于根据预先保存的隐私计算设备标识、项目信息与授权凭证的对应关系,确定所述第一设备标识和所述目标项目信息对应的目标授权凭证;若判断所述目标授权凭证与所述目标许可凭证匹配,则向所述第一隐私计算设备发送核验通过通知,使所述第一隐私计算设备接收所述核验通过通知,并访问所述第二隐私计算设备中归属于所述目标项目信息的待访问资源。An authentication module, configured to determine the target authorization credential corresponding to the first device identifier and the target item information according to the pre-saved correspondence between the private computing device identifier, item information, and authorization credential; if the target authorization credential is determined If it matches the target permission credential, then send a verification passing notification to the first privacy computing device, so that the first privacy computing device receives the verification passing notification, and accesses the information in the second privacy computing device belonging to the The resource to be accessed describing the target project information.
在一种可能的实施方式中,所述鉴权模块,具体用于若所述目标许可凭证中携带的安全访问策略信息与所述目标授权凭证中携带的安全访问策略信息相符合,则确定所述目标授权凭证与所述目标许可凭证匹配。In a possible implementation manner, the authentication module is specifically configured to, if the security access policy information carried in the target permission certificate is consistent with the security access policy information carried in the target authorization certificate, determine that the The target authorization credentials match the target permission credentials.
在一种可能的实施方式中,所述鉴权模块,还用于若所述目标许可凭证中携带的安全访问策略信息与所述目标授权凭证中携带的安全访问策略信息不相符合,则确定所述目标授权凭证与所述目标许可凭证不匹配,向所述第一隐私计算设备发送核验未通过提示信息。In a possible implementation manner, the authentication module is further configured to determine if the security access policy information carried in the target permission credential does not match the security access policy information carried in the target authorization credential. The target authorization credential does not match the target permission credential, and a verification failure prompt message is sent to the first privacy computing device.
在一种可能的实施方式中,所述鉴权模块,还用于建立访问会话,并保存所述访问会话的会话标识与所述目标许可凭证中的目标令牌标识的对应关系;将所述会话标识发送给所述第一隐私计算设备;In a possible implementation manner, the authentication module is further configured to establish an access session, and save the correspondence between the session identifier of the access session and the target token identifier in the target permission certificate; The session identifier is sent to the first privacy computing device;
若接收到所述第一隐私计算设备发送的会话标识和目标令牌标识,并在确定本地保存有所述会话标识与所述目标令牌标识的对应关系时,向所述第一隐私计算设备发送核验通过通知。If the session identifier and the target token identifier sent by the first privacy computing device are received, and when it is determined that the corresponding relationship between the session identifier and the target token identifier is stored locally, send a message to the first privacy computing device Send verification notification.
在一种可能的实施方式中,所述鉴权模块,具体用于接收所述第一隐私计算设备发送的携带所述第一设备标识和目标项目信息的授权访问资源申请;In a possible implementation manner, the authentication module is specifically configured to receive an authorization access resource application carrying the first device identifier and target item information sent by the first privacy computing device;
在判断所述第一设备标识位于预先保存的已进行身份认证的安全设备标识中时,根据预先保存的设备标识、项目信息与安全访问策略信息的对应关系,确定所述第一设备标识和所述目标项目信息对应的目标安全访问策略信息,并生成所述目标许可凭证和目标授权凭证,其中,所述目标许可凭证和所述目标授权凭证中均携带有所述目标安全访问策略信息;将所述目标许可凭证发送给所述第一隐私计算设备;When it is judged that the first device identifier is located in the pre-stored secure device identifiers that have undergone identity authentication, determine the first device identifier and the target security access policy information corresponding to the target item information, and generate the target permission credential and target authorization credential, wherein both the target permission credential and the target authorization credential carry the target security access policy information; sending the target permission credential to the first private computing device;
保存所述第一设备标识、所述目标项目信息与所述目标授权凭证的对应关系。The corresponding relationship between the first device identifier, the target item information and the target authorization credential is saved.
第五方面,本申请提供了一种隐私计算装置,所述装置应用于第一隐私计算设备,所述装置包括:In a fifth aspect, the present application provides a privacy computing device, the device is applied to a first privacy computing device, and the device includes:
发送模块,用于若确定待访问资源所属的隐私计算设备为非所述第一隐私计算设备的第二隐私计算设备,获取所述第二隐私计算设备的第二设备标识及所述待访问资源所属的目标项目信息;根据预先保存的隐私计算设备标识、项目信息与资源访问的许可凭证的对应关系,确定与所述第二设备标识和目标项目信息对应的目标许可凭证;向所述第二设备标识对应的第二隐私计算设备发送携带所述目标许可凭证、所述目标项目信息和所述第一隐私计算设备的第一设备标识的资源访问请求;A sending module, configured to obtain the second device identifier of the second private computing device and the resource to be accessed if it is determined that the private computing device to which the resource to be accessed belongs is a second private computing device other than the first private computing device The target project information to which it belongs; according to the correspondence between the pre-saved private computing device identifier, project information, and resource access permission credentials, determine the target permission credential corresponding to the second device identifier and target project information; The second privacy computing device corresponding to the device identifier sends a resource access request carrying the target permission credential, the target item information, and the first device identifier of the first privacy computing device;
访问模块,用于若接收到所述第二隐私计算设备发送的核验通过通知,访问所述第二隐私计算设备中的待访问资源。The access module is configured to access the resources to be accessed in the second privacy computing device if the verification passing notification sent by the second privacy computing device is received.
在一种可能的实施方式中,所述发送模块,还用于若接收到所述第二隐私计算设备发送的会话标识,在需访问所述待访问资源时,将所述会话标识和所述目标许可凭证中的目标令牌标识发送给所述第二隐私计算设备。In a possible implementation manner, the sending module is further configured to: if the session identifier sent by the second privacy computing device is received, when the resource to be accessed needs to be accessed, the session identifier and the The target token identifier in the target permission credential is sent to the second private computing device.
在一种可能的实施方式中,所述发送模块,具体用于向所述第二隐私计算设备发送携带所述第一设备标识和目标项目信息的授权访问资源申请;In a possible implementation manner, the sending module is specifically configured to send an authorization access resource application carrying the first device identifier and target item information to the second privacy computing device;
若接收到所述第二隐私计算设备发送的目标许可凭证,保存所述第二设备标识、所述目标项目信息与所述目标许可凭证的对应关系。If the target permission certificate sent by the second privacy computing device is received, the corresponding relationship between the second device identifier, the target item information and the target permission certificate is saved.
第六方面,本申请提供了一种电子设备,其包括处理器和存储器,其中,所述存储器存储有程序代码,当所述程序代码被所述处理器执行时,使得所述处理器执行上述任一项所述隐私计算方法的步骤。In a sixth aspect, the present application provides an electronic device, which includes a processor and a memory, wherein the memory stores program code, and when the program code is executed by the processor, the processor executes the above-mentioned The steps of any one of the privacy computing methods.
第七方面,本申请提供了一种计算机可读存储介质,其包括程序代码,当所述存储介质在电子设备上运行时,所述程序代码用于使所述电子设备执行上述任一项所述隐私计算方法的步骤。In a seventh aspect, the present application provides a computer-readable storage medium, which includes program code, and when the storage medium is run on an electronic device, the program code is used to make the electronic device perform any of the above-mentioned The steps of the privacy calculation method are described.
本申请第一隐私计算设备可以在确定待访问资源所属的隐私计算设备为非自身的第二隐私计算设备时,获取第二隐私计算设备的第二设备标识及待访问资源所属的目标项目信息;根据预先保存的隐私计算设备标识、项目信息与资源访问的许可凭证的对应关系,确定与第二设备标识和目标项目信息对应的目标许可凭证;向第二设备标识对应的第二隐私计算设备发送携带目标许可凭证、目标项目信息和第一隐私计算设备的第一设备标识的资源访问请求;第二隐私计算设备在接收到资源访问请求后,可以根据预先保存的隐私计算设备标识、项目信息与授权凭证的对应关系,确定第一设备标识和目标项目信息对应的目标授权凭证;若判断目标授权凭证与目标许可凭证匹配,则向第一隐私计算设备发送核验通过通知;第一隐私计算设备接收核验通过通知,并访问第二隐私计算设备中的待访问资源。由于本申请中目标许可凭证是与第二设备标识和目标项目信息对应的,目标授权凭证是与第一设备标识和目标项目信息对应的,当在判断目标授权凭证与目标许可凭证匹配才向第一隐私计算设备发送核验通过通知,一方面,可以保证第一隐私计算设备不能随意访问到其他隐私计算设备的资源;另一方面,还可以保证第二隐私计算设备中的资源不能随意被除其他隐私计算设备访问到;第三方面,还可以保证第一隐私计算设备不能随意越权访问到除目标项目之外的其他项目的资源,可以保证资源访问安全性以及灵活性。In this application, the first private computing device may obtain the second device identifier of the second private computing device and the target project information to which the resource to be accessed belongs when determining that the private computing device to which the resource to be accessed belongs is a second private computing device other than its own; According to the correspondence between the pre-saved private computing device ID, project information, and resource access license credential, determine the target license credential corresponding to the second device ID and the target project information; and send to the second private computing device corresponding to the second device ID A resource access request that carries the target permission credential, target project information, and the first device ID of the first private computing device; after receiving the resource access request, the second private computing device can Correspondence between authorization certificates, determine the target authorization certificate corresponding to the first device identifier and the target item information; if it is judged that the target authorization certificate matches the target permission certificate, send a verification pass notification to the first privacy computing device; the first privacy computing device receives The verification passes the notification, and the resource to be accessed in the second privacy computing device is accessed. Since the target license certificate in this application corresponds to the second device identifier and target item information, and the target authorization certificate corresponds to the first device identifier and target item information, only when it is judged that the target authorization certificate matches the target license certificate is it sent to the second A private computing device sends a verification pass notification. On the one hand, it can ensure that the first private computing device cannot freely access the resources of other private computing devices; on the other hand, it can also ensure that the resources in the second private computing device cannot be deleted at will. Access to the private computing device; thirdly, it can also ensure that the first private computing device cannot arbitrarily access the resources of other projects except the target project, which can ensure the security and flexibility of resource access.
附图说明Description of drawings
为了更清楚地说明本申请实施例或相关技术中的实施方式,下面将对实施例或相关技术描述中所需要使用的附图作一简单地介绍,显而易见地,下面描述中的附图是本申请的一些实施例,对于本领域普通技术人员来讲,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the embodiments of the present application or the implementation methods in related technologies, the following will briefly introduce the drawings that need to be used in the descriptions of the embodiments or related technologies. Obviously, the drawings in the following description are the For some embodiments of the application, those skilled in the art can also obtain other drawings according to these drawings.
图1示出了一些实施例提供的一种隐私计算系统示意图;Fig. 1 shows a schematic diagram of a privacy computing system provided by some embodiments;
图2示出了一些实施例提供的一种资源类型示意图;Fig. 2 shows a schematic diagram of a resource type provided by some embodiments;
图3示出了一些实施例提供的一种确定安全访问策略信息过程示意图;Fig. 3 shows a schematic diagram of a process of determining security access policy information provided by some embodiments;
图4示出了一些实施例提供的第一种隐私计算过程示意图;Fig. 4 shows a schematic diagram of the first privacy calculation process provided by some embodiments;
图5示出了一些实施例提供的第二种隐私计算过程示意图;Fig. 5 shows a schematic diagram of the second privacy calculation process provided by some embodiments;
图6示出了一些实施例提供的第三种隐私计算过程示意图;Fig. 6 shows a schematic diagram of the third privacy calculation process provided by some embodiments;
图7示出了一些实施例提供的第四种隐私计算过程示意图;Fig. 7 shows a schematic diagram of the fourth privacy calculation process provided by some embodiments;
图8示出了一些实施例提供的一种隐私计算装置示意图;Fig. 8 shows a schematic diagram of a privacy computing device provided by some embodiments;
图9示出了一些实施例提供的另一种隐私计算装置示意图;Fig. 9 shows a schematic diagram of another privacy computing device provided by some embodiments;
图10示出了一些实施例提供的一种电子设备结构示意图。Fig. 10 shows a schematic structural diagram of an electronic device provided by some embodiments.
具体实施方式Detailed ways
为了使得不同隐私计算设备之间可以安全协同的访问资源,本申请提供了一种隐私计算设备、方法、装置、设备及介质。In order to allow different private computing devices to access resources securely and cooperatively, the present application provides a private computing device, method, device, device and medium.
为使本申请的目的和实施方式更加清楚,下面将结合本申请示例性实施例中的附图,对本申请示例性实施方式进行清楚、完整地描述,显然,描述的示例性实施例仅是本申请一部分实施例,而不是全部的实施例。In order to make the purpose and implementation of the application clearer, the following will clearly and completely describe the exemplary implementation of the application in conjunction with the accompanying drawings in the exemplary embodiment of the application. Obviously, the described exemplary embodiment is only the present application. Claim some of the examples, not all of them.
需要说明的是,本申请中对于术语的简要说明,仅是为了方便理解接下来描述的实施方式,而不是意图限定本申请的实施方式。除非另有说明,这些术语应当按照其普通和通常的含义理解。It should be noted that the brief description of the terms in this application is only for the convenience of understanding the implementations described below, and is not intended to limit the implementations of this application. These terms are to be understood according to their ordinary and usual meaning unless otherwise stated.
本申请中说明书和权利要求书及上述附图中的术语“第一”、“第二”、“第三”等是用于区别类似或同类的对象或实体,而不必然意味着限定特定的顺序或先后次序,除非另外注明。应该理解这样使用的用语在适当情况下可以互换。The terms "first", "second", and "third" in the description and claims of this application and the above drawings are used to distinguish similar or similar objects or entities, and do not necessarily mean limiting specific sequential or sequential unless otherwise noted. It is to be understood that the terms so used are interchangeable under appropriate circumstances.
术语“包括”和“具有”以及他们的任何变形,意图在于覆盖但不排他的包含,例如,包含了一系列组件的产品或设备不必限于清楚地列出的所有组件,而是可包括没有清楚地列出的或对于这些产品或设备固有的其它组件。The terms "comprising" and "having", as well as any variations thereof, are intended to be inclusive but not exclusive, for example, a product or device comprising a series of components is not necessarily limited to all components expressly listed, but may include not expressly listed other components listed or inherent to these products or equipment.
术语“模块”是指任何已知或后来开发的硬件、软件、固件、人工智能、模糊逻辑或硬件或/和软件代码的组合,能够执行与该元件相关的功能。The term "module" refers to any known or later developed hardware, software, firmware, artificial intelligence, fuzzy logic, or combination of hardware or/and software code capable of performing the function associated with that element.
最后应说明的是:以上各实施例仅用以说明本申请的技术方案,而非对其限制;尽管参照前述各实施例对本申请进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分或者全部技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本申请各实施例技术方案的范围。Finally, it should be noted that: the above embodiments are only used to illustrate the technical solutions of the present application, and are not intended to limit it; although the application has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that: It is still possible to modify the technical solutions described in the foregoing embodiments, or perform equivalent replacements for some or all of the technical features; and these modifications or replacements do not make the essence of the corresponding technical solutions deviate from the technical solutions of the various embodiments of the present application. scope.
实施例1:Example 1:
图1示出了一些实施例提供的一种隐私计算系统示意图,该系统包括:第一隐私计算设备11和第二隐私计算设备12,其中:Fig. 1 shows a schematic diagram of a privacy computing system provided by some embodiments, the system includes: a first
第一隐私计算设备11,用于若确定待访问资源所属的隐私计算设备为非所述第一隐私计算设备11的第二隐私计算设备12,获取所述第二隐私计算设备12的第二设备标识及所述待访问资源所属的目标项目信息;根据预先保存的隐私计算设备标识、项目信息与资源访问的许可凭证的对应关系,确定与所述第二设备标识和目标项目信息对应的目标许可凭证;向所述第二设备标识对应的第二隐私计算设备发送携带所述目标许可凭证、所述目标项目信息和所述第一隐私计算设备的第一设备标识的资源访问请求;The first
所述第二隐私计算设备12,用于接收所述资源访问请求,根据预先保存的隐私计算设备标识、项目信息与授权凭证的对应关系,确定所述第一设备标识和所述目标项目信息对应的目标授权凭证;若判断所述目标授权凭证与所述目标许可凭证匹配,则向所述第一隐私计算设备发送核验通过通知;The second
所述第一隐私计算设备11,还用于接收所述核验通过通知,并访问所述第二隐私计算设备中的待访问资源。The first
在一种可能的实施方式中,第一隐私计算设备11和第二隐私计算设备12可以是PC、移动终端等设备,也可以是服务器等设备,本申请对此不作具体限定。第一隐私计算设备11与第二隐私计算设备12可以是两台不同的设备。第一隐私计算设备11和第二隐私计算设备12中均分别保存有任意隐私算法的子算法,为方便描述,将第一隐私计算设备11中保存的子算法称为第一子算法,将第二隐私计算设备12中保存的子算法称为第二子算法。在一种可能的实施方式中,第一子算法和第二子算法可以分别为同一技术厂商推出的同一隐私计算产品中包含的部分子算法,第一子算法和第二子算法也可以分别为不同技术厂商基于不同系统平台推出的不同隐私计算产品等,可以根据需求灵活设置,本申请对此不作具体限定,在此不再赘述。In a possible implementation manner, the first
在一种可能的实施方式中,第一隐私计算设备11可以为资源使用方的设备,第二隐私计算设备12可以为资源持有方的设备。第一隐私计算设备11和第二隐私计算设备12的数量均可以为一个也可以为多个,本申请对第一隐私计算设备11和第二隐私计算设备12的数量不作具体限定,可以根据需求灵活设置,其中,无论第一隐私计算设备11或者第二隐私计算设备12的数量是一个还是多个,针对每个第一隐私计算设备,该第一隐私计算设备访问任一第二隐私计算设备中资源的过程均可以采用本申请实施例提供的资源访问过程,在此不再赘述。为方便理解,如无特别说明,下面以第一隐私计算设备11和第二隐私计算设备12的数量分别为一个为例,对本申请提供的资源访问过程(隐私计算过程)进行解释说明。In a possible implementation manner, the first
在一种可能的实施方式中,第一隐私计算设备11与第二隐私计算设备12在进行互联互通之前,可以先进行网络连接和身份认证的过程。可选的,隐私算法开发人员等可以预先线下将第一隐私计算设备11的网际互连协议(Internet Protocol,IP)地址、唯一编码(Identity document,ID)等标识信息(为方便描述,后续将第一隐私计算设备11的标识信息称为第一设备标识)发送给第二隐私计算设备12。也就是说,第一隐私计算设备11与第二隐私计算设备12均可以作为一个节点,可以线下将第一隐私计算设备11的节点的IP、节点所属机构的ID等标识信息发送给第二隐私计算设备12。第二隐私计算设备12可以将第一设备标识对应的第一隐私计算设备11作为安全的合规设备,将第一设备标识保存在自身的已进行身份认证的安全设备标识中。另外,也可以采用其他身份认证方式对隐私计算设备进行身份认证,本申请对此不作具体限定。In a possible implementation manner, before the first
在一种可能的实施方式中,第二隐私计算设备12作为资源持有方的设备,第二隐私计算设备中可以包含有若干个资源,第二隐私计算设备12可以基于每个资源的类型标签等,将自身的资源划分为若干种类型。可选的,参阅图2,图2示出了一些实施例提供的一种资源类型示意图,可以将资源划分为节点(Node)、节点所参与的项目(Project)、项目所需的数据集(Dataset)、项目涉及的流程(Flow)、流程中包含的作业(Job)、作业中包含的任务(Task)、任务中涉及的组件(Component)、流程中涉及的模型(Model)、模型能够提供的服务(Service)等九种类型的资源。In a possible implementation, the second
在一种可能的实施方式中,考虑到资源持有方和资源使用方可能会合作不同的项目,为了提高资源访问的安全性和灵活性,针对每个项目,资源持有方可以按照该项目涉及的资源类型,对第二隐私计算设备12中的资源进行分级。其中,不同的资源持有方对资源的分级方式可以不同,每个资源持有方可以灵活独立的对其第二隐私计算设备12中的资源进行分级,本申请对此不作具体限定。参阅表1,表1示出了一些实施例提供的一种资源分级示例表。In a possible implementation, considering that the resource holder and the resource user may cooperate in different projects, in order to improve the security and flexibility of resource access, for each project, the resource holder can follow the project The type of resources involved is to classify the resources in the second
表1Table 1
如表1所示,资源级别可以分为1级、2级、3级、4级、5级、6级这六个级别,其中级别数值越高,认为可以查看到的资源信息越多。例如,需要查看6级资源级别的资源时,通常还需要查看1级-5级的资源,而查看1级资源级别的资源时,通常无需查看2级-6级的资源。后续在为每个资源使用方设置安全访问策略信息时,如果哪个资源使用方的安全访问策略信息中包含的能够访问的资源类型的权限分级(级别)越高,该资源使用方能够查看到的资源信息越多。如果哪个资源使用方的安全访问策略信息中包含的能够访问的资源类型的权限分级(级别)越低,该资源使用方能够查看到的资源信息越少。下面对为各资源使用方配置安全访问策略信息进行介绍。可以理解的,可以用三个字段来描述任一资源,这三个字段可以分别为:资源类型(Resource Type)、资源标识(资源ID,Resource ID)、资源级别(Resource Level)。其中,资源类型可以基于业内统一的分类规则来确定,资源ID可以由各节点独立设置,例如可以由各资源持有方基于对应的隐私计算设备来独立设置。资源级别可以由各节点独立分级,在此不再赘述。As shown in Table 1, resource levels can be divided into six levels: Level 1, Level 2, Level 3, Level 4, Level 5, and Level 6. The higher the value of the level, the more resource information can be viewed. For example, when you need to view resources at resource level 6, you usually also need to view resources at level 1-5, and when you view resources at resource level 1, you usually do not need to view resources at level 2-6. Later, when setting security access policy information for each resource user, if the resource user's security access policy information contains a higher permission classification (level) for resource types that can be accessed, the resource user can view More resource information. If the resource user's security access policy information contains a lower permission classification (level) for the type of resources that can be accessed, the resource user can view less resource information. The following is an introduction to configuring security access policy information for each resource user. Understandably, three fields can be used to describe any resource, and these three fields can be respectively: resource type (Resource Type), resource identifier (resource ID, Resource ID), and resource level (Resource Level). Among them, the resource type can be determined based on the unified classification rules in the industry, and the resource ID can be independently set by each node, for example, can be independently set by each resource holder based on the corresponding privacy computing device. The resource level can be graded independently by each node, which will not be repeated here.
参阅图3,图3示出了一些实施例提供的一种确定安全访问策略信息过程示意图。各资源持有方可以独立、灵活的配置安全访问策略信息,也就是说,针对每个资源持有方,该资源持有方可以独立、灵活的为每个资源使用方设置对应的安全访问策略信息。安全访问策略信息可以是隐私计算系统(隐私计算设备)对外可访问信息的分级授权策略,示例性的,针对每个资源使用方,为该资源使用方设置的安全访问策略信息中可以包含该资源使用方能够访问的资源类型的权限分级、访问方式限制信息、访问次数限制信息、访问时间限制信息中的至少一种。其中,安全访问策略信息可以根据需求灵活设置,本申请对此不作具体限定。通过这种可分级的松耦合的安全访问策略信息,解耦多方节点间安全策略强关联问题,使异构隐私计算系统(不同隐私计算设备)间的安全策略具有较好的通用性、可维护性和可扩展性。Referring to FIG. 3 , FIG. 3 shows a schematic diagram of a process of determining security access policy information provided by some embodiments. Each resource holder can independently and flexibly configure security access policy information, that is, for each resource holder, the resource holder can independently and flexibly set corresponding security access policies for each resource user information. The security access policy information may be a hierarchical authorization policy for externally accessible information of the privacy computing system (privacy computing device). Exemplarily, for each resource user, the security access policy information set for the resource user may include the resource At least one of the permission classification of resource types that the user can access, access mode restriction information, access times restriction information, and access time restriction information. Wherein, the security access policy information can be flexibly set according to requirements, which is not specifically limited in this application. Through this hierarchical and loosely coupled security access policy information, the problem of strong association of security policies between multi-party nodes is decoupled, so that the security policies between heterogeneous privacy computing systems (different privacy computing devices) have better versatility and maintainability and scalability.
在一种可能的实施方式中,为资源使用方设置能够访问的资源类型的权限分级时可以根据需求灵活设置。可选的,如果资源使用方的权限较高,可以查看资源持有方的全部资源时,可以直接将资源使用方能够访问的资源类型的权限分级设置为全局安全策略,该资源使用方即可以查看到资源持有方的全部资源。另外,还可以对各资源使用方进行分组,不同组中的资源使用方的权限等级可以不同,也可将该种设置权限等级的方式称为分组安全策略,例如可以基于资源级别的划分情况来为每个组中的资源使用方设置能够访问的资源类型的权限分级。仍以上述将资源级别分为1级、2级、3级、4级、5级、6级这六个级别为例,可以将各资源使用方划分为若干个组,每个组中资源使用方的权限等级可以为1级、2级、3级、4级、5级、6级等,其中当权限等级为6级时,可以认为相应的资源使用方的权限等级较高,相应的资源使用方可以查看资源持有方中1级-6级的资源;权限等级为1级时,可以认为相应的资源使用方的权限等级较低,相应的资源使用方的可以查看资源持有方中1级的资源,在此不再赘述。另外,还可以针对某个或某些资源使用方单独设置能够访问的资源类型的权限分级,例如,资源使用方的权限等级可以为1级、2级、3级、4级、5级或6级等,在此不再赘述。可以理解的,后续资源使用方的目标许可凭证中携带的能够访问的资源类型的权限分级可以为资源使用方能够访问到资源的最高级别,例如,如果针对某个项目,资源使用方最多能查看到资源级别为6级的资源,则其能够访问的资源类型的权限分级即可以为6级;如果资源使用方最多只能查看到资源级别为3级的资源,则其能够访问的资源类型的权限分级可以为3级。后续资源持有方的目标授权凭证中携带的能够访问的资源类型的权限分级也可以为资源使用方能够访问到资源的最高级别,在此不再赘述。In a possible implementation manner, when setting the permission classification of resource types that can be accessed by resource users, it can be flexibly set according to requirements. Optionally, if the resource user has high permissions and can view all resources of the resource holder, you can directly set the permission classification of resource types that the resource user can access as a global security policy, and the resource user can View all resources of the resource holder. In addition, resource users can also be grouped. Resource users in different groups can have different permission levels. This method of setting permission levels can also be called a group security policy. For example, it can be based on the division of resource levels. Set the permission levels for resource types that can be accessed by resource consumers in each group. Still taking the above-mentioned division of resource levels into six levels: 1, 2, 3, 4, 5, and 6 as an example, each resource user can be divided into several groups, and the resources used in each group The authority level of the party can be level 1, level 2, level 3, level 4, level 5, level 6, etc. When the level of authority is level 6, it can be considered that the authority level of the corresponding resource user is higher, and the corresponding resource The user can view the resources of level 1-6 in the resource holder; when the permission level is 1, it can be considered that the corresponding resource user has a lower permission level, and the corresponding resource user can view the resources in the resource holder Level 1 resources will not be repeated here. In addition, it is also possible to separately set the permission level of resource types that can be accessed by one or some resource users. For example, the permission level of resource users can be level 1, level 2, level 3, level 4, level 5 or level 6 levels, etc., and will not be repeated here. It is understandable that the permission classification of the resource types that can be accessed carried in the target permission certificate of the subsequent resource user can be the highest level that the resource user can access to the resource. For example, for a certain project, the resource user can view at most For resources with a resource level of level 6, the permission level of the resource types that they can access can be level 6; if the resource user can only view resources with a resource level of level Permissions can be classified into 3 levels. The permission classification of the resource type that can be accessed carried in the target authorization certificate of the subsequent resource holder can also be the highest level that the resource user can access to the resource, and will not be repeated here.
安全访问策略信息中还可以包含资源使用方访问资源的访问方式限制信息,例如访问方式限制信息可以包括基于网页方式进行访问等,可以根据需求灵活设置。另外,安全访问策略信息中还可以包含资源使用方的访问次数限制信息、访问时间限制信息等。例如,访问次数限制信息可以包括一星期内访问次数不超过5次、10次等,访问时间限制信息可以包括在8:00-18:00之间可以访问等。The security access policy information may also include access mode restriction information for resource users to access resources. For example, the access mode restriction information may include access based on web pages, etc., which can be flexibly set according to requirements. In addition, the security access policy information may also include access times limit information, access time limit information, etc. of the resource user. For example, the access times limit information may include that the number of visits within a week does not exceed 5 times, 10 times, etc., and the access time limit information may include access between 8:00-18:00, etc.
设置好资源使用方的隐私计算设备针对某个项目的安全访问策略信息之后,第二隐私计算设备可以保存资源使用方的隐私计算设备的设备标识、项目信息与安全访问策略信息的对应关系。After setting the security access policy information of the privacy computing device of the resource user for a certain project, the second privacy computing device can save the device identification of the privacy computing device of the resource user, the corresponding relationship between project information and security access policy information.
在一种可能的实施方式中,资源使用方的第一隐私计算设备11在想要访问资源持有方的第二隐私计算设备12中的资源时,可以先向第二隐私计算设备12发送授权访问资源申请,其中为了使得第二隐私计算设备12可以辨识第一隐私计算设备及第一隐私计算设备需要查看哪个项目的资源,该授权访问资源申请中可以携带第一隐私计算设备11的第一设备标识以及想要查看项目的目标项目信息。In a possible implementation, when the first
第二隐私计算设备12接收到授权访问资源请求时,可以判断第一设备标识是否位于预先保存的已进行身份认证的安全设备标识中时,如果第一设备标识位于预先保存的已进行身份认证的安全设备标识中时,第二隐私计算设备12可以根据预先保存的设备标识、项目信息与安全访问策略信息的对应关系,确定第一设备标识和目标项目信息对应的目标安全访问策略信息。确定了目标安全访问策略信息之后,仍参阅图3,第二隐私计算设备12可以基于自身中的授权处理器等生成一组成对的凭证:即目标许可凭证和目标授权凭证,其中,目标许可凭证和目标授权凭证中均携带有该目标安全访问策略信息。第二隐私计算设备12可以将目标授权凭证留存在本地,并保存第一设备标识、目标项目信息与该目标授权凭证的对应关系,以供后期鉴权时使用,针对如何鉴权在后续进行详细介绍,在此先不赘述。另外,第二隐私计算设备12可以将目标许可凭证发送给资源使用方的隐私计算设备,即第一隐私计算设备11,第一隐私计算设备11可以接收该目标许可凭证,并保存第二隐私计算设备12的第二设备标识、目标项目信息与目标许可凭证的对应关系。后续第一隐私计算设备可以凭借该目标许可凭证,获得访问第二隐私计算设备12中该目标项目信息中的资源的访问权限。基于同样的方式,第一隐私计算设备11可以获得多个资源持有方的隐私计算设备标识、项目信息与资源访问的许可凭证的对应关系,在此不再赘述。When the second
在一种可能的实施方式中,目标许可凭证和目标授权凭证中均可以包含以下信息:令牌(Token)、能够访问的资源类型(Resource Type)、能够访问的资源类型的权限分级(资源级别,Resource Level)、能够访问的资源ID(Resource Id)、资源持有方的第二隐私计算设备的节点ID(Resourse Node Id)、资源持有方的机构名称等ID(Resourse InstId)、资源使用方的第一隐私计算设备的节点ID(Reques tNode Id)、资源使用方的机构名称等ID(Request Inst Id)。其中,可以将Resourse Node Id和Resourse Inst Id作为第二设备标识,将Reques tNode Id和Request Inst Id作为第一设备标识。可选的,目标许可凭证和目标授权凭证中均还可以包含访问时间限制信息(Time Limit)、访问次数限制信息(Times Limit)等。其中,令牌可以为资源持有方颁发给资源使用方的唯一授权凭证,令牌与资源持有方、资源使用方、可访问的资源等具有绑定对应关系。In a possible implementation manner, both the target permission credential and the target authorization credential may include the following information: token (Token), resource type that can be accessed (Resource Type), permission classification (resource level) of resource type that can be accessed , Resource Level), the accessible resource ID (Resource Id), the node ID (Resourse Node Id) of the resource holder’s second privacy computing device, the resource holder’s organization name and other IDs (Resourse InstId), resource usage The node ID (RequestNode Id) of the party's first privacy computing device, the resource user's organization name and other IDs (Request Inst Id). Wherein, Resource Node Id and Resource Inst Id can be used as the second device identifier, and RequestNode Id and Request Inst Id can be used as the first device identifier. Optionally, both the target permission credential and the target authorization credential may also include access time limit information (Time Limit), access times limit information (Times Limit), etc. Among them, the token can be the only authorization credential issued by the resource holder to the resource user, and the token has a binding corresponding relationship with the resource holder, the resource user, and accessible resources.
下面对第一隐私计算设备11如何访问第二隐私计算12的资源的过程进行详细介绍。The process of how the first
在一种可能的实施方式中,第一隐私计算设备11若确定待访问资源所属的隐私计算设备为其他隐私计算设备,即为非第一隐私计算设备的第二隐私计算设备,第一隐私计算设备11可以获取第二隐私计算设备的第二设备标识,另外,还可以根据保存的资源与资源所属的项目信息的对应关系,确定待访问资源所属的目标项目信息。第一隐私计算设备11可以根据预先保存的隐私计算设备标识、项目信息与资源访问的许可凭证的对应关系,确定与第二设备标识和目标项目信息对应的目标许可凭证。确定了目标许可凭证之后,第一隐私计算设备11可以向第二设备标识对应的第二隐私计算设备12发送资源访问请求,该资源访问请求中可以携带目标许可凭证、目标项目信息和第一隐私计算设备的第一设备标识。In a possible implementation, if the first
第二隐私计算设备12接收到该资源访问请求后,可以根据预先保存的隐私计算设备标识、项目信息与授权凭证的对应关系,确定第一设备标识和目标项目信息对应的目标授权凭证。确定了目标授权凭证之后,第二隐私计算设备可以基于该目标授权凭证对第一隐私计算设备是否有权限访问待访问资源进行鉴权。具体的,第二隐私计算设备12可以判断目标授权凭证和目标许可凭证是否匹配,如果目标授权凭证和目标许可凭证匹配,则可以认为第一隐私计算设备11有权限访问待访问资源,如果目标授权凭证和目标许可凭证不匹配,则可以认为第一隐私计算设备11没有权限访问带访问资源。After receiving the resource access request, the second
可选的,第二隐私计算设备12在判断目标授权凭证与目标许可凭证是否匹配时,可以判断目标许可凭证中携带的安全访问策略信息与目标授权凭证中携带的安全访问策略信息是否相符合,如果判断目标许可凭证中携带的安全访问策略信息与目标授权凭证中携带的安全访问策略信息相符合,可以认为目标授权凭证与目标许可凭证匹配。而如果目标许可凭证中携带的安全访问策略信息与所述目标授权凭证中携带的安全访问策略信息不相符合,则可以认为目标授权凭证与目标许可凭证不匹配,可选的,在目标授权凭证和目标许可凭证不匹配时,第二隐私计算设备12可以向第一隐私计算设备11发送核验未通过提示信息。Optionally, when judging whether the target authorization credential matches the target permission credential, the second
在一种可能的实施方式中,在判断目标许可凭证中携带的安全访问策略信息与目标授权凭证中携带的安全访问策略信息(为方便描述,后续将目标许可凭证中携带的安全访问策略信息及目标授权凭证中携带的安全访问策略信息称为双方安全访问策略信息)是否相符合时,可以判断双方安全访问策略信息中包含的能够访问的资源类型的权限分级、访问方式限制信息、访问次数限制信息、访问时间限制信息等每个子策略信息是否均相符合,当每个子策略信息均相符合时,可以确定双方安全访问策略信息相符合;若任一子策略信息不相符合,则可以确定双方安全访问策略信息不相符合。In a possible implementation manner, the security access policy information carried in the target permission certificate and the security access policy information carried in the target authorization certificate are determined (for the convenience of description, the security access policy information carried in the target permission certificate and When the security access policy information carried in the target authorization credential is called the security access policy information of both parties), it can be judged whether the permission classification, access mode restriction information, and access times limit of the resource types that can be accessed contained in the security access policy information of both parties Whether each sub-policy information, such as access time limit information, is consistent. When each sub-policy information is consistent, it can be determined that the security access policy information of both parties is consistent; if any sub-policy information is not consistent, it can be determined that both parties Security access policy information does not match.
其中,当双方安全访问策略信息包括能够访问的资源类型的权限分级这个子策略信息时,判断双方安全访问策略信息中的该子策略信息是否相符合时,可以判断目标许可凭证中携带的能够访问的资源类型的权限分级与目标授权凭证中的能够访问的资源类型的权限分级是否相同,如果目标许可凭证中携带的能够访问的资源类型的权限分级与目标授权凭证中的能够访问的资源类型的权限分级不相同,例如目标许可凭证中携带的能够访问的资源类型的权限分级为6级,而目标授权凭证汇总的能够访问的资源类型的权限分级为3级时,则可以认为双方安全访问策略信息中权限等级这个子策略信息不相符合,可以确定目标授权凭证与目标许可凭证不匹配,可以向第一隐私计算设备发送核验未通过提示信息。如果目标许可凭证中携带的能够访问的资源类型的权限分级与目标授权凭证中的能够访问的资源类型的权限分级相同,可以认为双方安全访问策略信息中的能够访问的资源类型的权限分级相符合。Among them, when the security access policy information of both parties includes the sub-policy information of the permission classification of the resource type that can be accessed, when judging whether the sub-policy information in the security access policy information of both parties is consistent, it can be judged that the access-capable resources carried in the target permission certificate Whether the permission classification of the resource type in the target authorization certificate is the same as that of the resource type that can be accessed in the target authorization certificate, if the permission classification of the resource type that can be accessed in the target authorization certificate is the same as that of the resource type that can be accessed in the target authorization certificate The permission classification is different. For example, if the permission classification of the accessible resource type carried in the target license certificate is level 6, and the permission classification of the accessible resource type summarized in the target authorization certificate is level 3, it can be considered that the security access policy of both parties If the sub-policy information of the permission level in the information does not match, it can be determined that the target authorization credential does not match the target permission credential, and a prompt message that the verification fails can be sent to the first privacy computing device. If the permission classification of the accessible resource type carried in the target permission certificate is the same as the permission classification of the accessible resource type in the target authorization certificate, it can be considered that the permission classification of the accessible resource type in the security access policy information of both parties matches .
其中,当双方安全访问策略信息包括访问方式限制信息这个子策略信息时,资源使用方的第一隐私计算设备11向第二隐私计算设备12发送资源访问请求时,该资源访问请求中还可以携带有访问方式,该访问方式可以与目标许可凭证中携带的访问方式限制信息中允许的访问方式相同,在判断双方安全访问策略信息中的该子策略信息是否相符合时,可以判断目标许可凭证中携带的访问方式限制信息与目标授权凭证中的访问方式限制信息是否相同,如果目标许可凭证中携带的访问方式限制信息与目标授权凭证中的访问方式限制信息不相同,则可以认为双方安全访问策略信息中访问方式限制信息这个子策略信息不相符合,可以确定目标授权凭证与目标许可凭证不匹配,可以向第一隐私计算设备发送核验未通过提示信息。如果目标许可凭证中携带的访问方式限制信息与目标授权凭证中的访问方式限制信息相同,可以认为双方安全访问策略信息中的访问方式限制信息相符合。Wherein, when the security access policy information of both parties includes the sub-policy information of access mode restriction information, when the first
在一种可能的实施方式中,当双方安全访问策略信息包括访问次数限制信息这个子策略信息时,资源使用方的第一隐私计算设备11向第二隐私计算设备12发送资源访问请求时,该资源访问请求中还可以携带当前累计访问次数,该当前累计访问次数应该满足安全访问策略信息中的访问次数限制信息的要求,在判断双方安全访问策略信息中的该子策略信息是否相符合时,可以判断目标许可凭证中携带的访问次数限制信息与目标授权凭证中的访问次数限制信息是否相同,如果目标许可凭证中携带的访问次数限制信息与目标授权凭证中的访问次数限制信息不相同,则可以认为双方安全访问策略信息中访问次数限制信息这个子策略信息不相符合,可以确定目标授权凭证与目标许可凭证不匹配,可以向第一隐私计算设备发送核验未通过提示信息。如果目标许可凭证中携带的访问次数限制信息与目标授权凭证中的访问次数限制信息相同,可以认为双方安全访问策略信息中的访问次数限制信息相符合。In a possible implementation manner, when the security access policy information of both parties includes the sub-policy information of access times limit information, when the first
在一种可能的实施方式中,当双方安全访问策略信息包括访问次数限制信息这个子策略信息时,资源持有方的第二隐私计算设备12可以记录有第一隐私计算设备11的当前累计访问次数,资源使用方的第一隐私计算设备11向第二隐私计算设备12发送资源访问请求时,在判断双方安全访问策略信息中的该子策略信息是否相符合时,可以判断目标许可凭证中携带的访问次数限制信息与目标授权凭证中的访问次数限制信息是否相同,以及第一隐私计算设备11的当前累计访问次数是否满足目标授权凭证中的访问次数限制信息中的访问次数限制信息的要求,如果目标许可凭证中携带的访问次数限制信息与目标授权凭证中的访问次数限制信息不相同,或者第一隐私计算设备11的当前累计访问次数不满足目标授权凭证中的访问次数限制信息中的访问次数限制信息的要求,则可以认为双方安全访问策略信息中访问次数限制信息这个子策略信息不相符合,可以确定目标授权凭证与目标许可凭证不匹配,可以向第一隐私计算设备发送核验未通过提示信息。如果目标许可凭证中携带的访问次数限制信息与目标授权凭证中的访问次数限制信息相同,第一隐私计算设备11的当前累计访问次数也满足目标授权凭证中的访问次数限制信息的要求,可以认为双方安全访问策略信息中的访问次数限制信息相符合。In a possible implementation manner, when the security access policy information of both parties includes the sub-policy information of access limit information, the second
在一种可能的实施方式中,当双方安全访问策略信息包括访问时间限制信息这个子策略信息时,资源使用方的第一隐私计算设备11向第二隐私计算设备12发送资源访问请求时,资源持有方的第二隐私计算设备12可以记录第一隐私计算设备11当前访问时间,在判断双方安全访问策略信息中的该子策略信息是否相符合时,可以判断目标许可凭证中携带的访问时间限制信息与目标授权凭证中的访问时间限制信息是否相同,以及第一隐私计算设备11的当前访问时间是否满足目标授权凭证中的访问时间限制信息中的访问时间限制信息的要求,如果目标许可凭证中携带的访问时间限制信息与目标授权凭证中的访问时间限制信息不相同,或者第一隐私计算设备11的当前访问时间不满足目标授权凭证中的访问时间限制信息中的访问时间限制信息的要求,则可以认为双方安全访问策略信息中访问时间限制信息这个子策略信息不相符合,可以确定目标授权凭证与目标许可凭证不匹配,可以向第一隐私计算设备发送核验未通过提示信息。如果目标许可凭证中携带的访问时间限制信息与目标授权凭证中的访问时间限制信息相同,第一隐私计算设备11的当前访问时间也满足目标授权凭证中的访问时间限制信息的要求,可以认为双方安全访问策略信息中的访问时间限制信息相符合。In a possible implementation manner, when the security access policy information of both parties includes the sub-policy information of access time limit information, when the first privacy computing device 11 of the resource user sends a resource access request to the second privacy computing device 12, the resource The holder's second privacy computing device 12 can record the current access time of the first privacy computing device 11, and when judging whether the sub-policy information in the security access policy information of both parties is consistent, it can judge the access time carried in the target permission certificate Whether the restriction information is the same as the access time restriction information in the target authorization certificate, and whether the current access time of the first privacy computing device 11 meets the requirements of the access time restriction information in the access time restriction information in the target authorization certificate, if the target authorization certificate The access time limit information carried in the target authorization certificate is different from the access time limit information in the target authorization certificate, or the current access time of the first privacy computing device 11 does not meet the requirements of the access time limit information in the access time limit information in the target authorization certificate , then it can be considered that the sub-policy information of the access time limit information in the security access policy information of both parties does not match, it can be determined that the target authorization credential does not match the target permission credential, and a verification failure prompt message can be sent to the first privacy computing device. If the access time limit information carried in the target permission certificate is the same as the access time limit information in the target authorization certificate, and the current access time of the first
在一种可能的实施方式中,当第二隐私计算设备12在判断目标授权凭证与目标许可凭证匹配时,可以向第一隐私计算设备11发送核验通过通知。第一隐私计算设备11在接收到核验通过通知后,可以开始访问第二隐私计算设备中的待访问资源。In a possible implementation manner, when the second
本申请第一隐私计算设备可以在确定待访问资源所属的隐私计算设备为非自身的第二隐私计算设备时,获取第二隐私计算设备的第二设备标识及待访问资源所属的目标项目信息;根据预先保存的隐私计算设备标识、项目信息与资源访问的许可凭证的对应关系,确定与第二设备标识和目标项目信息对应的目标许可凭证;向第二设备标识对应的第二隐私计算设备发送携带目标许可凭证、目标项目信息和第一隐私计算设备的第一设备标识的资源访问请求;第二隐私计算设备在接收到资源访问请求后,可以根据预先保存的隐私计算设备标识、项目信息与授权凭证的对应关系,确定第一设备标识和目标项目信息对应的目标授权凭证;若判断目标授权凭证与目标许可凭证匹配,则向第一隐私计算设备发送核验通过通知;第一隐私计算设备接收核验通过通知,并访问第二隐私计算设备中的待访问资源。由于本申请中目标许可凭证是与第二设备标识和目标项目信息对应的,目标授权凭证是与第一设备标识和目标项目信息对应的,当在判断目标授权凭证与目标许可凭证匹配才向第一隐私计算设备发送核验通过通知,一方面,可以保证第一隐私计算设备不能随意访问到其他隐私计算设备的资源;另一方面,还可以保证第二隐私计算设备中的资源不能随意被除其他隐私计算设备访问到;第三方面,还可以保证第一隐私计算设备不能随意越权访问到除目标项目之外的其他项目的资源,可以保证资源访问安全性以及灵活性。In this application, the first private computing device may obtain the second device identifier of the second private computing device and the target project information to which the resource to be accessed belongs when determining that the private computing device to which the resource to be accessed belongs is a second private computing device other than its own; According to the correspondence between the pre-saved private computing device ID, project information, and resource access license credential, determine the target license credential corresponding to the second device ID and the target project information; and send to the second private computing device corresponding to the second device ID A resource access request that carries the target permission credential, target project information, and the first device ID of the first private computing device; after receiving the resource access request, the second private computing device can Correspondence between authorization certificates, determine the target authorization certificate corresponding to the first device identifier and the target item information; if it is judged that the target authorization certificate matches the target permission certificate, send a verification pass notification to the first privacy computing device; the first privacy computing device receives The verification passes the notification, and the resource to be accessed in the second privacy computing device is accessed. Since the target license certificate in this application corresponds to the second device identifier and target item information, and the target authorization certificate corresponds to the first device identifier and target item information, only when it is judged that the target authorization certificate matches the target license certificate is it sent to the second A private computing device sends a verification pass notification. On the one hand, it can ensure that the first private computing device cannot freely access the resources of other private computing devices; on the other hand, it can also ensure that the resources in the second private computing device cannot be deleted at will. Access to the private computing device; thirdly, it can also ensure that the first private computing device cannot arbitrarily access the resources of other projects except the target project, which can ensure the security and flexibility of resource access.
另外,当安全访问策略信息中包括能够访问的资源类型的权限分级时,在通过判断双方安全访问策略信息中的权限等级匹配,判断目标授权凭证与目标许可凭证匹配时才向第一隐私计算设备发送核验通过通知的方式可以保证资源使用方纵向上不能越权访问到自身权限之外的其他级别的资源,可以保证资源访问的安全性。In addition, when the security access policy information includes the permission classification of the types of resources that can be accessed, the first privacy computing device will only send the data to the first privacy computing device when it is judged that the permission levels in the security access policy information of both parties match and the target authorization credential matches the target permission credential. The method of sending verification pass notification can ensure that resource users cannot access resources of other levels beyond their own authority vertically, and can ensure the security of resource access.
另外,各资源持有方可以独立灵活地为每个资源使用方设置或者维护更新对应的安全访问策略信息,可以保证安全访问策略信息的灵活性、多样性、可维护性、可扩展性以及松耦合性。即通过这种可分级的松耦合的安全访问策略信息,解耦多方节点间安全策略强关联问题,使异构隐私计算系统间的安全策略具有较好的通用性、可维护性和可扩展性。当资源使用方的第一隐私计算设备在想要访问待访问资源时,由资源持有方独立灵活的对资源使用方能够访问资源进行授权、鉴权等,资源使用方可以无需关注具体的安全访问策略信息,只需要在需要访问待访问资源时,向资源持有方的隐私计算设备传递标准的许可凭证即可,可以在保证资源安全访问的基础上,提高资源访问时的灵活性和便捷性等。In addition, each resource holder can independently and flexibly set or maintain and update the corresponding security access policy information for each resource user, which can ensure the flexibility, diversity, maintainability, scalability and looseness of security access policy information. Coupling. That is, through this hierarchical and loosely coupled security access policy information, the problem of strong association of security policies between multi-party nodes is decoupled, so that the security policies between heterogeneous privacy computing systems have better versatility, maintainability and scalability . When the first privacy computing device of the resource user wants to access the resource to be accessed, the resource holder independently and flexibly authorizes and authenticates the resource user’s ability to access the resource, and the resource user does not need to pay attention to specific security To access policy information, you only need to pass the standard license certificate to the private computing device of the resource holder when you need to access the resource to be accessed, which can improve the flexibility and convenience of resource access on the basis of ensuring safe resource access sex etc.
另外,本申请提供的隐私计算方式可以适用于不同系统平台的隐私计算产品(也可称为异构隐私计算平台、异构隐私计算系统)之间的互联互通,适用于点对点网络、中心化网络等多种网络结构,也适用于两方以及两方以上的异构隐私计算平台之间的互联互通,具有通用性。In addition, the privacy computing method provided by this application can be applied to the interconnection between privacy computing products of different system platforms (also called heterogeneous privacy computing platforms, heterogeneous privacy computing systems), and is suitable for point-to-point networks and centralized networks. It is also applicable to the interconnection and intercommunication between heterogeneous privacy computing platforms of two parties or more than two parties, and has versatility.
另外,本申请提供的隐私计算方式对相关技术中的隐私计算平台具有较低的功能侵入性,在规范化资源访问机制的过程中,可通过灵活的设置安全访问策略信息,确保实施过程中的兼容性问题,具有良好的可实施性。In addition, the privacy computing method provided by this application has low functional intrusion to the privacy computing platform in the related technology. In the process of standardizing the resource access mechanism, the security access policy information can be flexibly set to ensure compatibility in the implementation process. Sexual issues, with good implementability.
在一种可能的实施方式中,为了进一步保证资源访问的安全性,在确定目标授权凭证与目标许可凭证匹配之后,在向第一隐私计算设备发送核验通过通知之前,第二隐私计算设备12还可以建立访问会话,并保存该访问会话的会话标识(Session ID)与目标许可凭证中的目标令牌标识(Token)的对应关系。第二隐私计算设备12可以将该会话标识发送给第一隐私计算设备11,在计算执行阶段,第一隐私计算设备11在需要访问待访问资源时,可以将会话标识和目标许可凭证中的目标令牌标识发送给第二隐私计算设备12,第二隐私计算设备12对该目标令牌标识的有效性进行校验,具体的,对目标令牌标识的有效性进行验证时,第二隐私计算设备12可以判断本地是否保存有该会话标识与目标令牌标识的对应关系,若本地保存有该会话标识与目标令牌标识的对应关系,可以认为该目标令牌标识是有效的,可以授权资源使用方的第一隐私计算设备11访问待访问资源,第二隐私计算设备12可以向第一隐私计算设备11发送核验通过通知。第一隐私计算设备11接收核验通过通知,在执行某个隐私计算任务时,可以访问第二隐私计算设备12中的待访问资源。可选的,第二隐私计算设备可以记录保存隐私计算任务、会话标识、目标令牌标识的对应关系。In a possible implementation manner, in order to further ensure the security of resource access, after determining that the target authorization credential matches the target permission credential, before sending the verification pass notification to the first privacy computing device, the second
在一种可能的实施方式中,若第二隐私计算设备12判断本地没有保存有上述会话标识与目标令牌标识的对应关系,则可以认为该目标令牌标识是无效的,第二隐私计算设备12可以向第一隐私计算设备11发送核验未通过提示信息等,本申请对此不作具体限定。In a possible implementation manner, if the second
为方便理解,下面通过一个具体实施例对本申请提供的隐私计算过程进行说明。参阅图4,图4示出了一些实施例提供的第一种隐私计算过程示意图,该过程包括以下步骤:For the convenience of understanding, the following describes the privacy calculation process provided by this application through a specific embodiment. Referring to Figure 4, Figure 4 shows a schematic diagram of the first privacy calculation process provided by some embodiments, the process includes the following steps:
S401:第一隐私计算设备若确定待访问资源所属的隐私计算设备为非第一隐私计算设备的第二隐私计算设备,获取第二隐私计算设备的第二设备标识及待访问资源所属的目标项目信息;根据预先保存的隐私计算设备标识、项目信息与资源访问的许可凭证的对应关系,确定与第二设备标识和目标项目信息对应的目标许可凭证。第一隐私计算设备向第二设备标识对应的第二隐私计算设备发送携带目标许可凭证、目标项目信息和第一隐私计算设备的第一设备标识的资源访问请求。S401: If the first privacy computing device determines that the privacy computing device to which the resource to be accessed belongs is a second privacy computing device other than the first privacy computing device, obtain the second device identifier of the second privacy computing device and the target project to which the resource to be accessed belongs Information; according to the pre-saved correspondence between the private computing device identifier, item information, and resource access permission credentials, determine the target permission credential corresponding to the second device identifier and the target project information. The first privacy computing device sends a resource access request carrying the target permission credential, target item information, and the first device ID of the first privacy computing device to the second privacy computing device corresponding to the second device ID.
S402:第二隐私计算设备接收资源访问请求,根据预先保存的隐私计算设备标识、项目信息与授权凭证的对应关系,确定第一设备标识和目标项目信息对应的目标授权凭证;第二隐私计算设备判断目标许可凭证中安全访问策略信息中的能够访问的资源类型的权限分级、访问方式限制信息、访问次数限制信息、访问时间限制信息等每个子策略信息与目标授权凭证中相应的子策略信息是否匹配,若任一子策略信息不匹配,则进行S403;若每个子策略信息均匹配,则进行S404。S402: The second privacy computing device receives the resource access request, and determines the target authorization certificate corresponding to the first device identification and the target project information according to the pre-saved correspondence between the privacy computing device identification, project information, and authorization certificate; the second privacy computing device Determine whether each sub-policy information in the security access policy information of the target permission certificate, such as the permission classification of the resource types that can be accessed, access mode restriction information, access times restriction information, and access time restriction information, is consistent with the corresponding sub-policy information in the target authorization certificate. Matching, if any sub-strategy information does not match, go to S403; if every sub-policy information matches, go to S404.
S403:第二隐私计算设备确定目标授权凭证与目标许可凭证不匹配,向第一隐私计算设备发送核验未通过提示信息。S403: The second privacy computing device determines that the target authorization credential does not match the target permission credential, and sends a verification failure prompt message to the first privacy computing device.
S404:第二隐私计算设备若判断目标授权凭证与目标许可凭证匹配,建立访问会话,保存访问会话的会话标识与目标许可凭证中的目标令牌标识的对应关系,并将会话标识发送给第一隐私计算设备。S404: If the second privacy computing device determines that the target authorization credential matches the target permission credential, establish an access session, save the correspondence between the session identifier of the access session and the target token identifier in the target permission credential, and send the session identifier to the first Privacy Computing Devices.
S405:第一隐私计算设备接收会话标识,在需访问待访问资源时,将会话标识和目标许可凭证中的目标令牌标识发送给第二隐私计算设备。S405: The first privacy computing device receives the session ID, and sends the session ID and the target token ID in the target permission certificate to the second privacy computing device when it needs to access the resource to be accessed.
S406:第二隐私计算设备接收会话标识和目标令牌标识,并在确定本地保存有该会话标识与目标令牌标识的对应关系时,向第一隐私计算设备发送核验通过通知。S406: The second privacy computing device receives the session ID and the target token ID, and sends a verification pass notification to the first privacy computing device when it is determined that the corresponding relationship between the session ID and the target token ID is stored locally.
S407:第一隐私计算设备接收核验通过通知,并访问第二隐私计算设备中的待访问资源。S407: The first privacy computing device receives the verification passing notification, and accesses the resource to be accessed in the second privacy computing device.
在一种可能的实施方式中,可以依托相关技术中隐私计算互联互通框架,将本申请资源访问过程(也即隐私计算过程)与互联互通框架融合,来实施本申请的资源访问过程。参阅图5,图5示出了一些实施例提供的第二种隐私计算过程示意图,在异构隐私计算互联互通技术研究中,业内对互联互通架构提出了一个满足行业互联互通标准的分层框架方案,从上往下,分别为管理层、控制层和传输层。其中,可以基于管理层对各实体进行定义、对实体应具备的通用属性形成共识,并定义各类资源实体的信息的交互和授权接口,以标准化的方式,来满足当前隐私计算子资源信息层面互联互通的标注流程。可以基于控制层在互联互通过程中,标准化定义不同隐私计算设备(多方)在作业、任务层面的协调机制和标准化接口,实现作业、任务在不同隐私计算平台之间的协调。可以基于传输层将用于开展隐私计算平台间东西向数据传输工作,主要通过通信传输方面的标准接口和模块化设计来实现计算层面的互联互通。In a possible implementation, the resource access process of this application (that is, the private computing process) can be integrated with the interconnection framework by relying on the privacy computing interconnection framework in related technologies to implement the resource access process of this application. Referring to Figure 5, Figure 5 shows a schematic diagram of the second privacy computing process provided by some embodiments. In the research of heterogeneous privacy computing interconnection technology, the industry proposes a layered framework for interconnection architecture that meets industry interconnection standards The solution, from top to bottom, is the management layer, the control layer and the transport layer. Among them, it is possible to define each entity based on the management layer, form a consensus on the general attributes that the entity should have, and define the information interaction and authorization interfaces of various resource entities, in a standardized way to meet the current privacy computing sub-resource information level An interconnected labeling process. Based on the control layer in the process of interconnection and intercommunication, the coordination mechanism and standardized interface of different privacy computing devices (multiple parties) at the job and task levels can be standardized to realize the coordination of jobs and tasks between different privacy computing platforms. Based on the transport layer, it can be used to carry out east-west data transmission between privacy computing platforms, mainly through the standard interface and modular design of communication transmission to realize the interconnection and intercommunication at the computing level.
在本申请实施例中,不同隐私计算设备之间进行资源访问时,需要管理层、控制层、传输层三层一起实施,协调实现。再次参阅图5,本申请实施例提供的资源访问过程主要包括建立授权与许可、鉴权与建立会话、访问等三个主要步骤。In the embodiment of the present application, when resources are accessed between different privacy computing devices, the management layer, the control layer, and the transport layer need to be implemented together and coordinated. Referring to FIG. 5 again, the resource access process provided by the embodiment of the present application mainly includes three main steps of establishing authorization and permission, authenticating and establishing a session, and accessing.
其中,(1)建立授权与许可的过程主要为:Among them, (1) The process of establishing authorization and permission is mainly:
第一隐私计算设备11基于第一隐私计算设备中的管理层,向第二隐私计算设备12发送携带第一设备标识和目标项目信息的授权访问资源申请。第二隐私计算设备12基于第二隐私计算设备中的管理层接收该授权访问资源申请,并在判断第一设备标识位于预先保存的已进行身份认证的安全设备标识中时,根据预先保存的设备标识、项目信息与安全访问策略信息的对应关系,确定第一设备标识和目标项目信息对应的目标安全访问策略信息,并生成目标许可凭证和目标授权凭证,其中,目标许可凭证和目标授权凭证中均携带有目标安全访问策略信息。第二隐私计算设备12保存第一设备标识、目标项目信息与目标授权凭证的对应关系,并将目标许可凭证发送给第一隐私计算设备11。同时,第二隐私计算设备的管理层将目标授权凭证中的令牌(Token)发送给第二隐私计算设备自身中的控制层。Based on the management layer in the first privacy computing device, the first
第一隐私计算设备基于第一隐私计算设备中的管理层接收目标许可凭证,并保存第二设备标识、目标项目信息与目标许可凭证的对应关系。同时,第一隐私计算设备中的管理层将目标许可凭证中的令牌(Token)发送给第一隐私计算设备自身中的控制层。The first privacy computing device receives the target permission certificate based on the management layer in the first privacy computing device, and saves the corresponding relationship between the second device identifier, target item information and the target permission certificate. At the same time, the management layer in the first privacy computing device sends the token (Token) in the target permission certificate to the control layer in the first privacy computing device itself.
(2)鉴权与建立会话的过程主要为:(2) The process of authentication and session establishment is mainly as follows:
第一隐私计算设备11在想要访问第二隐私计算设备12中的待访问资源时,第一隐私计算设备11可以基于第一隐私计算设备11中的控制层,获取第二隐私计算设备的第二设备标识及待访问资源所属的目标项目信息,根据预先保存的隐私计算设备标识、项目信息与资源访问的许可凭证的对应关系,确定与第二设备标识和目标项目信息对应的目标许可凭证;向第二设备标识对应的第二隐私计算设备发送携带目标许可凭证、目标项目信息和第一隐私计算设备的第一设备标识的资源访问请求。When the first
第二隐私计算设备12可以基于第二隐私计算设备中的控制层,接收资源访问请求,并进行相应的鉴权事宜,具体的,可以根据预先保存的隐私计算设备标识、项目信息与授权凭证的对应关系,确定第一设备标识和目标项目信息对应的目标授权凭证;若判断目标授权凭证与目标许可凭证匹配,则可以基于第二隐私计算设备中的控制层,建立访问会话,保存访问会话的会话标识(session Id)与目标许可凭证中的目标令牌标识的对应关系,并将会话标识发送给第一隐私计算设备11。同时,第二隐私计算设备可以基于控制层,将访问会话的会话标识(session Id)与目标许可凭证中的目标令牌标识(Token)的对应关系发送给第二隐私计算设备中的传输层。可以基于会话标识(sessionId)区分不同的会话,各会话任务的执行以独立的容器化进行,确保多个会话任务同时正确的执行。The second
第一隐私计算设备11可以基于第一隐私计算设备中的控制层,接收会话标识,同时,可以将会话标识和目标许可凭证中的目标令牌标识发送给第一隐私计算设备中的传输层。The first
(3)访问的过程主要为:(3) The access process is mainly as follows:
第一隐私计算设备11在需访问待访问资源,执行隐私计算过程时,可以基于第一隐私计算设备中的传输层将会话标识和目标许可凭证中的目标令牌标识发送给第二隐私计算设备。When the first
第二隐私计算设备可以基于第二隐私计算设备中的传输层,接收会话标识和目标令牌标识,并在确定本地保存有会话标识与目标令牌标识的对应关系时,向第一隐私计算设备发送核验通过通知。第一隐私计算设备可以基于相应传输层,访问到第二隐私计算设备中的待访问资源。The second privacy computing device may receive the session ID and the target token ID based on the transport layer in the second privacy computing device, and when it is determined that the corresponding relationship between the session ID and the target token ID is stored locally, send a message to the first privacy computing device Send verification notification. The first privacy computing device may access the resource to be accessed in the second privacy computing device based on a corresponding transport layer.
实施例2:Example 2:
基于相同的技术构思,本申请还提供了一种隐私计算方法,所述方法应用于第二隐私计算设备,图6示出了一些实施例提供的第三种隐私计算过程示意图,该过程包括以下步骤:Based on the same technical idea, this application also provides a privacy computing method, which is applied to a second privacy computing device. FIG. 6 shows a schematic diagram of a third privacy computing process provided by some embodiments. The process includes the following step:
S601:接收第一隐私计算设备发送的资源访问请求,其中,所述资源访问请求中携带目标许可凭证、目标项目信息和所述第一隐私计算设备的第一设备标识。S601: Receive a resource access request sent by a first private computing device, where the resource access request carries a target permission credential, target item information, and a first device identifier of the first private computing device.
S602:根据预先保存的隐私计算设备标识、项目信息与授权凭证的对应关系,确定所述第一设备标识和所述目标项目信息对应的目标授权凭证;若判断所述目标授权凭证与所述目标许可凭证匹配,则向所述第一隐私计算设备发送核验通过通知,使所述第一隐私计算设备接收所述核验通过通知,并访问所述第二隐私计算设备中归属于所述目标项目信息的待访问资源。S602: Determine the target authorization credential corresponding to the first device identifier and the target item information according to the pre-stored correspondence between the private computing device identifier, project information, and authorization credential; If the license credentials match, then send a verification passing notification to the first privacy computing device, so that the first privacy computing device receives the verification passing notification, and accesses the information belonging to the target project in the second privacy computing device resources to be accessed.
在一种可能的实施方式中,所述判断所述目标授权凭证与所述目标许可凭证匹配,包括:In a possible implementation manner, the judging that the target authorization credential matches the target permission credential includes:
若所述目标许可凭证中携带的安全访问策略信息与所述目标授权凭证中携带的安全访问策略信息相符合,则确定所述目标授权凭证与所述目标许可凭证匹配。If the security access policy information carried in the target permission credential matches the security access policy information carried in the target authorization credential, it is determined that the target authorization credential matches the target permission credential.
在一种可能的实施方式中,所述方法还包括:In a possible implementation manner, the method also includes:
若所述目标许可凭证中携带的安全访问策略信息与所述目标授权凭证中携带的安全访问策略信息不相符合,则确定所述目标授权凭证与所述目标许可凭证不匹配,向所述第一隐私计算设备发送核验未通过提示信息。If the security access policy information carried in the target permission credential does not match the security access policy information carried in the target authorization credential, then determine that the target authorization credential does not match the target permission credential, and report to the second A privacy computing device sends a prompt message that the verification fails.
在一种可能的实施方式中,所述安全访问策略信息包括:能够访问的资源类型的权限分级、访问方式限制信息、访问次数限制信息、访问时间限制信息中的至少一种。In a possible implementation manner, the security access policy information includes: at least one of permission classification of accessible resource types, access mode restriction information, access times restriction information, and access time restriction information.
在一种可能的实施方式中,判断所述目标授权凭证与所述目标许可凭证匹配之后,所述向所述第一隐私计算设备发送核验通过通知之前,所述方法还包括:In a possible implementation manner, after it is determined that the target authorization credential matches the target permission credential, and before sending the verification pass notification to the first privacy computing device, the method further includes:
建立访问会话,并保存所述访问会话的会话标识与所述目标许可凭证中的目标令牌标识的对应关系;Establishing an access session, and saving the correspondence between the session ID of the access session and the target token ID in the target license certificate;
将所述会话标识发送给所述第一隐私计算设备;sending the session identifier to the first private computing device;
若接收到所述第一隐私计算设备发送的会话标识和目标令牌标识,并在确定本地保存有所述会话标识与所述目标令牌标识的对应关系时,则进行向所述第一隐私计算设备发送核验通过通知的步骤。If the session identifier and the target token identifier sent by the first privacy computing device are received, and it is determined that the corresponding relationship between the session identifier and the target token identifier is stored locally, then the first privacy A step in which the computing device sends a verification pass notification.
在一种可能的实施方式中,预先保存隐私计算设备标识、项目信息与授权凭证的对应关系的过程包括:In a possible implementation manner, the process of pre-storing the correspondence between the privacy computing device identifier, item information, and authorization credentials includes:
接收所述第一隐私计算设备发送的携带所述第一设备标识和目标项目信息的授权访问资源申请;receiving an authorization access resource application carrying the first device identifier and target item information sent by the first privacy computing device;
在判断所述第一设备标识位于预先保存的已进行身份认证的安全设备标识中时,根据预先保存的设备标识、项目信息与安全访问策略信息的对应关系,确定所述第一设备标识和所述目标项目信息对应的目标安全访问策略信息,并生成所述目标许可凭证和目标授权凭证,其中,所述目标许可凭证和所述目标授权凭证中均携带有所述目标安全访问策略信息;将所述目标许可凭证发送给所述第一隐私计算设备;When it is judged that the first device identifier is located in the pre-stored secure device identifiers that have undergone identity authentication, determine the first device identifier and the target security access policy information corresponding to the target item information, and generate the target permission credential and target authorization credential, wherein both the target permission credential and the target authorization credential carry the target security access policy information; sending the target permission credential to the first private computing device;
保存所述第一设备标识、所述目标项目信息与所述目标授权凭证的对应关系。The corresponding relationship between the first device identifier, the target item information and the target authorization credential is saved.
基于相同的技术构思,本申请还提供了一种隐私计算方法,所述方法应用于第一隐私计算设备,图7示出了一些实施例提供的第四种隐私计算过程示意图,该过程包括以下步骤:Based on the same technical idea, this application also provides a privacy computing method, which is applied to the first privacy computing device. Figure 7 shows a schematic diagram of the fourth privacy computing process provided by some embodiments, and the process includes the following step:
S701:若确定待访问资源所属的隐私计算设备为非所述第一隐私计算设备的第二隐私计算设备,获取所述第二隐私计算设备的第二设备标识及所述待访问资源所属的目标项目信息;根据预先保存的隐私计算设备标识、项目信息与资源访问的许可凭证的对应关系,确定与所述第二设备标识和目标项目信息对应的目标许可凭证;向所述第二设备标识对应的第二隐私计算设备发送携带所述目标许可凭证、所述目标项目信息和所述第一隐私计算设备的第一设备标识的资源访问请求。S701: If it is determined that the private computing device to which the resource to be accessed belongs is a second private computing device other than the first private computing device, obtain the second device identifier of the second private computing device and the target to which the resource to be accessed belongs Project information; according to the correspondence between the pre-saved private computing device identifier, project information, and resource access permission certificate, determine the target permission certificate corresponding to the second device identifier and target project information; correspond to the second device identifier The second privacy computing device sends a resource access request carrying the target permission credential, the target item information, and the first device identifier of the first privacy computing device.
S702:若接收到所述第二隐私计算设备发送的核验通过通知,访问所述第二隐私计算设备中的待访问资源。S702: If the verification pass notification sent by the second privacy computing device is received, access resources to be accessed in the second privacy computing device.
在一种可能的实施方式中,所述向所述第二设备标识对应的第二隐私计算设备发送携带所述目标许可凭证、所述目标项目信息和所述第一隐私计算设备的第一设备标识的资源访问请求之后,接收所述第二隐私计算设备发送的核验通过通知之前,所述方法还包括:In a possible implementation manner, the sending the first device carrying the target permission credential, the target item information, and the first private computing device to the second private computing device corresponding to the second device identifier After the resource access request is identified, before receiving the verification notification sent by the second privacy computing device, the method further includes:
若接收到所述第二隐私计算设备发送的会话标识,在需访问所述待访问资源时,将所述会话标识和所述目标许可凭证中的目标令牌标识发送给所述第二隐私计算设备。If the session identifier sent by the second privacy computing device is received, when the resource to be accessed needs to be accessed, send the session identifier and the target token identifier in the target permission certificate to the second privacy computing device equipment.
在一种可能的实施方式中,预先保存隐私计算设备标识、项目信息与资源访问的许可凭证的对应关系的过程包括:In a possible implementation manner, the process of pre-storing the correspondence between the private computing device identifier, project information, and permission credentials for resource access includes:
向所述第二隐私计算设备发送携带所述第一设备标识和目标项目信息的授权访问资源申请;sending an authorization access resource application carrying the first device identifier and target item information to the second private computing device;
若接收到所述第二隐私计算设备发送的目标许可凭证,保存所述第二设备标识、所述目标项目信息与所述目标许可凭证的对应关系。If the target permission certificate sent by the second privacy computing device is received, the corresponding relationship between the second device identifier, the target item information and the target permission certificate is saved.
实施例3:Example 3:
基于相同的技术构思,本申请还提供了一种隐私计算装置,所述装置应用于第二隐私计算设备,参阅图8,图8示出了一些实施例提供的一种隐私计算装置示意图,该装置包括:Based on the same technical concept, the present application also provides a privacy computing device, which is applied to a second privacy computing device. Refer to FIG. 8, which shows a schematic diagram of a privacy computing device provided by some embodiments. Devices include:
接收模块81,用于接收第一隐私计算设备发送的资源访问请求,其中,所述资源访问请求中携带目标许可凭证、目标项目信息和所述第一隐私计算设备的第一设备标识。The receiving
鉴权模块82,用于根据预先保存的隐私计算设备标识、项目信息与授权凭证的对应关系,确定所述第一设备标识和所述目标项目信息对应的目标授权凭证;若判断所述目标授权凭证与所述目标许可凭证匹配,则向所述第一隐私计算设备发送核验通过通知,使所述第一隐私计算设备接收所述核验通过通知,并访问所述第二隐私计算设备中归属于所述目标项目信息的待访问资源。The
在一种可能的实施方式中,所述鉴权模块82,具体用于若所述目标许可凭证中携带的安全访问策略信息与所述目标授权凭证中携带的安全访问策略信息相符合,则确定所述目标授权凭证与所述目标许可凭证匹配。In a possible implementation manner, the
在一种可能的实施方式中,所述鉴权模块82,还用于若所述目标许可凭证中携带的安全访问策略信息与所述目标授权凭证中携带的安全访问策略信息不相符合,则确定所述目标授权凭证与所述目标许可凭证不匹配,向所述第一隐私计算设备发送核验未通过提示信息。In a possible implementation manner, the
在一种可能的实施方式中,所述鉴权模块82,还用于建立访问会话,并保存所述访问会话的会话标识与所述目标许可凭证中的目标令牌标识的对应关系;将所述会话标识发送给所述第一隐私计算设备;In a possible implementation manner, the
若接收到所述第一隐私计算设备发送的会话标识和目标令牌标识,并在确定本地保存有所述会话标识与所述目标令牌标识的对应关系时,向所述第一隐私计算设备发送核验通过通知。If the session identifier and the target token identifier sent by the first privacy computing device are received, and when it is determined that the corresponding relationship between the session identifier and the target token identifier is stored locally, send a message to the first privacy computing device Send verification notification.
在一种可能的实施方式中,所述鉴权模块82,具体用于接收所述第一隐私计算设备发送的携带所述第一设备标识和目标项目信息的授权访问资源申请;In a possible implementation manner, the
在判断所述第一设备标识位于预先保存的已进行身份认证的安全设备标识中时,根据预先保存的设备标识、项目信息与安全访问策略信息的对应关系,确定所述第一设备标识和所述目标项目信息对应的目标安全访问策略信息,并生成所述目标许可凭证和目标授权凭证,其中,所述目标许可凭证和所述目标授权凭证中均携带有所述目标安全访问策略信息;将所述目标许可凭证发送给所述第一隐私计算设备;When it is judged that the first device identifier is located in the pre-stored secure device identifiers that have undergone identity authentication, determine the first device identifier and the target security access policy information corresponding to the target item information, and generate the target permission credential and target authorization credential, wherein both the target permission credential and the target authorization credential carry the target security access policy information; sending the target permission credential to the first private computing device;
保存所述第一设备标识、所述目标项目信息与所述目标授权凭证的对应关系。The corresponding relationship between the first device identifier, the target item information and the target authorization credential is saved.
基于相同的技术构思,本申请还提供了一种隐私计算装置,所述装置应用于第一隐私计算设备,参阅图9,图9示出了一些实施例提供的另一种隐私计算装置示意图,该装置包括:Based on the same technical idea, the present application also provides a privacy computing device, which is applied to the first privacy computing device. Refer to FIG. 9, which shows a schematic diagram of another privacy computing device provided by some embodiments. The unit includes:
发送模块91,用于若确定待访问资源所属的隐私计算设备为非所述第一隐私计算设备的第二隐私计算设备,获取所述第二隐私计算设备的第二设备标识及所述待访问资源所属的目标项目信息;根据预先保存的隐私计算设备标识、项目信息与资源访问的许可凭证的对应关系,确定与所述第二设备标识和目标项目信息对应的目标许可凭证;向所述第二设备标识对应的第二隐私计算设备发送携带所述目标许可凭证、所述目标项目信息和所述第一隐私计算设备的第一设备标识的资源访问请求。The sending
访问模块92,用于若接收到所述第二隐私计算设备发送的核验通过通知,访问所述第二隐私计算设备中的待访问资源。The
在一种可能的实施方式中,所述发送模块91,还用于若接收到所述第二隐私计算设备发送的会话标识,在需访问所述待访问资源时,将所述会话标识和所述目标许可凭证中的目标令牌标识发送给所述第二隐私计算设备。In a possible implementation manner, the sending
在一种可能的实施方式中,所述发送模块91,具体用于向所述第二隐私计算设备发送携带所述第一设备标识和目标项目信息的授权访问资源申请;In a possible implementation manner, the sending
若接收到所述第二隐私计算设备发送的目标许可凭证,保存所述第二设备标识、所述目标项目信息与所述目标许可凭证的对应关系。If the target permission certificate sent by the second privacy computing device is received, the corresponding relationship between the second device identifier, the target item information and the target permission certificate is saved.
实施例4:Example 4:
基于相同的技术构思,本申请还提供了一种电子设备,图10示出了一些实施例提供的一种电子设备结构示意图,如图10所示,包括:处理器101、通信接口102、存储器103和通信总线104,其中,处理器101,通信接口102,存储器103通过通信总线104完成相互间的通信;Based on the same technical concept, the present application also provides an electronic device. FIG. 10 shows a schematic structural diagram of an electronic device provided by some embodiments. As shown in FIG. 10 , it includes: a
所述存储器103中存储有计算机程序,当所述程序被所述处理器101执行时,使得所述处理器101执行上述任一项所述隐私计算方法的步骤。A computer program is stored in the
由于上述电子设备解决问题的原理与隐私计算方法相似,因此上述电子设备的实施可以参见方法的实施,重复之处不再赘述。Since the problem-solving principle of the above-mentioned electronic device is similar to the privacy calculation method, the implementation of the above-mentioned electronic device can refer to the implementation of the method, and the repetition will not be repeated.
上述电子设备提到的通信总线可以是外设部件互连标准(Peripheral ComponentInterconnect,PCI)总线或扩展工业标准结构(Extended Industry StandardArchitecture,EISA)总线等。该通信总线可以分为地址总线、数据总线、控制总线等。为便于表示,图中仅用一条粗线表示,但并不表示仅有一根总线或一种类型的总线。The communication bus mentioned above for the electronic device may be a Peripheral Component Interconnect (PCI) bus or an Extended Industry Standard Architecture (EISA) bus or the like. The communication bus can be divided into an address bus, a data bus, a control bus, and the like. For ease of representation, only one thick line is used in the figure, but it does not mean that there is only one bus or one type of bus.
通信接口102用于上述电子设备与其他设备之间的通信。The
存储器可以包括随机存取存储器(Random Access Memory,RAM),也可以包括非易失性存储器(Non-Volatile Memory,NVM),例如至少一个磁盘存储器。可选地,存储器还可以是至少一个位于远离前述处理器的存储装置。The memory may include a random access memory (Random Access Memory, RAM), and may also include a non-volatile memory (Non-Volatile Memory, NVM), such as at least one disk memory. Optionally, the memory may also be at least one storage device located away from the aforementioned processor.
上述处理器可以是通用处理器,包括中央处理器、网络处理器(NetworkProcessor,NP)等;还可以是数字指令处理器(Digital Signal Processing,DSP)、专用集成电路、现场可编程门陈列或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等。The above-mentioned processor can be a general-purpose processor, including a central processing unit, a network processor (NetworkProcessor, NP), etc.; it can also be a digital instruction processor (Digital Signal Processing, DSP), an application-specific integrated circuit, a field programmable gate display or other Programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc.
基于相同的技术构思,本申请实施例提供了一种计算机可读存储介质,所述计算机可读存储介质内存储有可由电子设备执行的计算机程序,当所述程序在所述电子设备上运行时,使得所述电子设备执行时实现上述任一隐私计算方法的步骤。Based on the same technical idea, an embodiment of the present application provides a computer-readable storage medium, in which a computer program executable by an electronic device is stored, and when the program is run on the electronic device , so that the electronic device implements the steps of any one of the above privacy computing methods when executed.
由于上述计算机可读存储介质解决问题的原理与隐私计算方法相似,因此上述计算机可读存储介质的实施可以参见方法的实施,重复之处不再赘述。Since the problem-solving principle of the above-mentioned computer-readable storage medium is similar to that of the privacy calculation method, the implementation of the above-mentioned computer-readable storage medium can refer to the implementation of the method, and the repetition will not be repeated.
上述计算机可读存储介质可以是电子设备中的处理器能够存取的任何可用介质或数据存储设备,包括但不限于磁性存储器如软盘、硬盘、磁带、磁光盘(MO)等、光学存储器如CD、DVD、BD、HVD等、以及半导体存储器如ROM、EPROM、EEPROM、非易失性存储器(NANDFLASH)、固态硬盘(SSD)等。The above-mentioned computer-readable storage medium may be any available medium or data storage device that can be accessed by a processor in an electronic device, including but not limited to magnetic storage such as floppy disk, hard disk, magnetic tape, magneto-optical disk (MO), etc., optical storage such as CD, etc. , DVD, BD, HVD, etc., and semiconductor memory such as ROM, EPROM, EEPROM, non-volatile memory (NANDFLASH), solid-state hard disk (SSD), etc.
基于相同的技术构思,在上述各实施例的基础上,本申请提供了一种计算机程序产品,所述计算机程序产品包括:计算机程序代码,当所述计算机程序代码在计算机上运行时,使得计算机执行如上述任一所述隐私计算方法的步骤。Based on the same technical idea, on the basis of the above-mentioned embodiments, the present application provides a computer program product, the computer program product comprising: computer program code, when the computer program code runs on the computer, the computer program Execute the steps of any one of the privacy computing methods described above.
本领域内的技术人员应明白,本申请的实施例可提供为方法、系统、或计算机程序产品。因此,本申请可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本申请可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art should understand that the embodiments of the present application may be provided as methods, systems, or computer program products. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
本申请是参照根据本申请的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to the present application. It should be understood that each procedure and/or block in the flowchart and/or block diagram, and a combination of procedures and/or blocks in the flowchart and/or block diagram can be realized by computer program instructions. These computer program instructions may be provided to a general purpose computer, special purpose computer, embedded processor, or processor of other programmable data processing equipment to produce a machine such that the instructions executed by the processor of the computer or other programmable data processing equipment produce a An apparatus for realizing the functions specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing apparatus to operate in a specific manner, such that the instructions stored in the computer-readable memory produce an article of manufacture comprising instruction means, the instructions The device realizes the function specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded onto a computer or other programmable data processing device, causing a series of operational steps to be performed on the computer or other programmable device to produce a computer-implemented process, thereby The instructions provide steps for implementing the functions specified in the flow chart or blocks of the flowchart and/or the block or blocks of the block diagrams.
显然,本领域的技术人员可以对本申请进行各种改动和变型而不脱离本申请的精神和范围。这样,倘若本申请的这些修改和变型属于本申请权利要求及其等同技术的范围之内,则本申请也意图包含这些改动和变型在内。Obviously, those skilled in the art can make various changes and modifications to the application without departing from the spirit and scope of the application. In this way, if these modifications and variations of the present application fall within the scope of the claims of the present application and their equivalent technologies, the present application is also intended to include these modifications and variations.
Claims (19)
Priority Applications (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310089158.XA CN116011019A (en) | 2023-01-29 | 2023-01-29 | Privacy computing system, method, device, equipment and medium |
| PCT/CN2023/125671 WO2024156197A1 (en) | 2023-01-29 | 2023-10-20 | Privacy computing system, method and apparatus, device, and medium |
| TW112144888A TWI890204B (en) | 2023-01-29 | 2023-11-21 | A privacy computing system, method, device, equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310089158.XA CN116011019A (en) | 2023-01-29 | 2023-01-29 | Privacy computing system, method, device, equipment and medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116011019A true CN116011019A (en) | 2023-04-25 |
Family
ID=86037295
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310089158.XA Pending CN116011019A (en) | 2023-01-29 | 2023-01-29 | Privacy computing system, method, device, equipment and medium |
Country Status (3)
| Country | Link |
|---|---|
| CN (1) | CN116011019A (en) |
| TW (1) | TWI890204B (en) |
| WO (1) | WO2024156197A1 (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117113416A (en) * | 2023-10-17 | 2023-11-24 | 北京数牍科技有限公司 | Task execution method, device, equipment and storage medium based on privacy calculation |
| WO2024156197A1 (en) * | 2023-01-29 | 2024-08-02 | 中国银联股份有限公司 | Privacy computing system, method and apparatus, device, and medium |
Family Cites Families (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| AU2017201850B2 (en) * | 2016-03-21 | 2020-10-29 | Vireshwar K. ADHAR | Method and system for digital privacy management |
| US10523675B2 (en) * | 2017-11-08 | 2019-12-31 | Ca, Inc. | Remote direct memory access authorization |
| CN109033774B (en) * | 2018-08-31 | 2020-08-07 | 阿里巴巴集团控股有限公司 | Method and device for acquiring and feeding back user resources and electronic equipment |
| CN110266657A (en) * | 2019-05-30 | 2019-09-20 | 浙江大华技术股份有限公司 | Authentication method and device, resource access method and device, storage medium |
| CN111143793B (en) * | 2019-12-13 | 2021-05-28 | 支付宝(杭州)信息技术有限公司 | Access control method and access control device |
| CN113328971B (en) * | 2020-02-28 | 2023-07-11 | 中国移动通信集团福建有限公司 | Access resource authentication method and device and electronic equipment |
| CN113472807B (en) * | 2021-02-22 | 2023-03-21 | 支付宝(杭州)信息技术有限公司 | Private communication method and device between users |
| CN115203731A (en) * | 2021-04-12 | 2022-10-18 | 华为技术有限公司 | Access control method based on security sensitivity, related device and system |
| CN116011019A (en) * | 2023-01-29 | 2023-04-25 | 中国银联股份有限公司 | Privacy computing system, method, device, equipment and medium |
-
2023
- 2023-01-29 CN CN202310089158.XA patent/CN116011019A/en active Pending
- 2023-10-20 WO PCT/CN2023/125671 patent/WO2024156197A1/en not_active Ceased
- 2023-11-21 TW TW112144888A patent/TWI890204B/en active
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2024156197A1 (en) * | 2023-01-29 | 2024-08-02 | 中国银联股份有限公司 | Privacy computing system, method and apparatus, device, and medium |
| CN117113416A (en) * | 2023-10-17 | 2023-11-24 | 北京数牍科技有限公司 | Task execution method, device, equipment and storage medium based on privacy calculation |
| CN117113416B (en) * | 2023-10-17 | 2024-01-23 | 北京数牍科技有限公司 | Task execution method, device, equipment and storage medium based on privacy calculation |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2024156197A1 (en) | 2024-08-02 |
| TWI890204B (en) | 2025-07-11 |
| TW202431129A (en) | 2024-08-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11838841B2 (en) | System, apparatus and method for scalable internet of things (IOT) device on-boarding with quarantine capabilities | |
| CN111541656B (en) | Identity authentication method and system based on converged media cloud platform | |
| WO2022095244A1 (en) | Cross-chain transaction method, system and apparatus, device, and storage medium | |
| CN108768988A (en) | Block chain access control method, equipment and computer readable storage medium | |
| KR20170013305A (en) | Secure Wireless Charging | |
| WO2013056674A1 (en) | Centralized security management method and system for third party application and corresponding communication system | |
| CN102916946B (en) | Connection control method and system | |
| WO2013104143A1 (en) | Authentication method and system oriented to heterogeneous network | |
| CN115021958B (en) | A smart home identity authentication method and system integrating fog computing and blockchain | |
| CN102223420A (en) | Digital content distribution method for multimedia social network | |
| CN113901432B (en) | Blockchain identity authentication method, device, storage medium and computer program product | |
| WO2022042417A1 (en) | Authentication method, apparatus and system | |
| CN114679274A (en) | Permission control method and device for cross-subnet interaction, electronic device, and storage medium | |
| CN116011019A (en) | Privacy computing system, method, device, equipment and medium | |
| WO2019056971A1 (en) | Authentication method and device | |
| CN115310145A (en) | A privacy computing system, method, apparatus, device and medium | |
| CN116707849A (en) | Method for setting cloud service access rights and cloud management platform for enclave instances | |
| CN114579951B (en) | Service access method, electronic device and storage medium | |
| US8145917B2 (en) | Security bootstrapping for distributed architecture devices | |
| CN114553440B (en) | Cross-data center identity authentication method and system based on blockchain and attribute signature | |
| CN114448694B (en) | Service calling method and device based on block chain | |
| CN113055886B (en) | Terminal authentication method, system, server and medium in edge computing network | |
| CN118174866B (en) | Resource Certificate Management System | |
| CN117082504A (en) | Key generation method and device and network equipment | |
| CN114024692A (en) | Signing method, device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 40092180 Country of ref document: HK |