[go: up one dir, main page]

CN118585991B - Data processing method, device, equipment and storage medium - Google Patents

Data processing method, device, equipment and storage medium Download PDF

Info

Publication number
CN118585991B
CN118585991B CN202411063834.7A CN202411063834A CN118585991B CN 118585991 B CN118585991 B CN 118585991B CN 202411063834 A CN202411063834 A CN 202411063834A CN 118585991 B CN118585991 B CN 118585991B
Authority
CN
China
Prior art keywords
business
data
party
encrypted
result
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202411063834.7A
Other languages
Chinese (zh)
Other versions
CN118585991A (en
Inventor
饶华铭
蒋杰
刘煜宏
陈鹏
张凡
林清泉
杨晓峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN202411063834.7A priority Critical patent/CN118585991B/en
Publication of CN118585991A publication Critical patent/CN118585991A/en
Application granted granted Critical
Publication of CN118585991B publication Critical patent/CN118585991B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the application discloses a data processing method, a device, equipment and a storage medium, which are applied to the technical field of cloud security, wherein the method comprises the following steps: receiving a calculation task request sent by first service equipment corresponding to a first service party through a security agent component in a security sandbox; and acquiring the encrypted service data of the second service party from second service equipment corresponding to the second service party according to the first data identifier through the security agent component, and decrypting the encrypted service data of the second service party to obtain the service data of the second service party. Executing calculation operation on the service data of the second service party according to the execution file through the calculation task component to obtain an execution result; and aggregating and encrypting the execution result through the security agent component to obtain an encryption execution result, and sending the encryption execution result to the first service equipment and the second service equipment. The application can improve the convenience of the circulation process of the business data and the circulation efficiency of the business data.

Description

数据处理方法、装置、设备及存储介质Data processing method, device, equipment and storage medium

技术领域Technical Field

本申请涉及互联网技术等领域,尤其涉及一种数据处理方法、装置、设备及存储介质。The present application relates to fields such as Internet technologies, and in particular to a data processing method, device, equipment and storage medium.

背景技术Background Art

随着业务数据作为新的生产要素和资源得到全球广泛认可,各国均在加速推进业务数据流通方面的顶层设计、法律法规、跨境流动和平台建设。在顶层设计方面,全球持续进行布局和政策制定。另一方面,在市场层面上,数据价值的释放亟需构建安全可信的业务数据流通平台,业务数据流通平台是指在确保业务数据的安全情况下,协助多个业务方实现业务数据的流通(如调用)。As business data is widely recognized as a new production factor and resource, countries are accelerating the top-level design, laws and regulations, cross-border flow and platform construction for business data circulation. In terms of top-level design, the world continues to make layouts and formulate policies. On the other hand, at the market level, the release of data value urgently requires the construction of a secure and reliable business data circulation platform. The business data circulation platform refers to assisting multiple business parties to realize the circulation of business data (such as calling) while ensuring the security of business data.

目前,业务数据流通平台通过封闭域方式,来确保业务数据的安全性,具体的,需要为每个业务方创建一个独立的集群,集群用于执行该业务方的业务数据,并存储业务数据以及业务数据的执行结果。并且当一个业务方需要调用另一业务方的集群中的数据时,需要通过人工审批流程,由专业人员操作指定权限的跳板机(一种网络安全设备或计算机设备)才能实现。可见,在封闭域方式中,业务数据的流通过程比较繁琐,导致业务数据的流通效率比较低。At present, the business data circulation platform ensures the security of business data through a closed domain approach. Specifically, an independent cluster needs to be created for each business party. The cluster is used to execute the business data of the business party and store the business data and the results of the business data execution. And when a business party needs to call the data in the cluster of another business party, it needs to go through a manual approval process and be operated by professionals with specified permissions. Jump machines (a network security device or computer device) can be realized. It can be seen that in the closed domain approach, the circulation process of business data is relatively cumbersome, resulting in low efficiency in the circulation of business data.

发明内容Summary of the invention

本申请实施例提供一种数据处理方法、装置、设备及存储介质,提高业务数据的流通过程的便捷性,以及提高业务数据的流通效率。The embodiments of the present application provide a data processing method, apparatus, device and storage medium to improve the convenience of the business data circulation process and improve the business data circulation efficiency.

本申请实施例一方面提供一种数据处理方法,包括:An embodiment of the present application provides a data processing method, including:

通过运行在可信第三方的安全沙箱中的安全代理组件,接收第一业务方对应的第一业务设备所发送的计算任务请求;上述计算任务请求包括用于对第二业务方的业务数据执行计算操作的执行文件,和上述业务数据对应的加密业务数据的第一数据标识;A computing task request sent by a first business device corresponding to a first business party is received through a security proxy component running in a security sandbox of a trusted third party; the computing task request includes an execution file for performing a computing operation on business data of a second business party, and a first data identifier of encrypted business data corresponding to the business data;

通过上述安全代理组件,根据上述第一数据标识,从上述第二业务方对应的第二业务设备中获取上述第二业务方的加密业务数据,对上述第二业务方的加密业务数据进行解密,得到上述第二业务方的业务数据;Obtaining, through the security proxy component, the encrypted business data of the second business party from the second business device corresponding to the second business party according to the first data identifier, decrypting the encrypted business data of the second business party to obtain the business data of the second business party;

通过运行在上述安全沙箱中的计算任务组件,根据上述执行文件,对上述第二业务方的业务数据执行计算操作,得到执行结果;By running the computing task component in the security sandbox, according to the execution file, a computing operation is performed on the business data of the second business party to obtain an execution result;

通过上述安全代理组件,根据上述第一业务方的第一公钥和上述第二业务方的第二公钥,对上述执行结果进行聚合加密,得到加密执行结果,将上述加密执行结果发送至上述第一业务设备和上述第二业务设备;Through the security proxy component, the execution result is aggregated and encrypted according to the first public key of the first business party and the second public key of the second business party to obtain an encrypted execution result, and the encrypted execution result is sent to the first business device and the second business device;

其中,上述第一业务设备用于根据第一部分解密结果和第二部分解密结果,对上述加密执行结果进行聚合解密,得到上述执行结果,上述第一部分解密结果是由上述第一业务设备基于上述第一公钥对应的第一私钥对上述加密执行结果进行解密得到的,上述第二部分解密结果是上述第二业务设备在确定基于上述执行文件不能还原出上述第二业务方的业务数据时,发送至上述第一业务设备的,且上述第二部分解密结果是基于上述第二公钥对应的第二私钥,对上述加密执行结果进行解密得到的,上述第二业务设备中的执行文件是由上述第一业务设备或上述安全代理组件发送至上述第二业务设备的。Among them, the above-mentioned first business device is used to aggregately decrypt the above-mentioned encrypted execution result according to the first part of the decryption result and the second part of the decryption result to obtain the above-mentioned execution result. The above-mentioned first part of the decryption result is obtained by the above-mentioned first business device decrypting the above-mentioned encrypted execution result based on the first private key corresponding to the above-mentioned first public key. The above-mentioned second part of the decryption result is sent to the above-mentioned first business device when the above-mentioned second business device determines that the business data of the above-mentioned second business party cannot be restored based on the above-mentioned execution file, and the above-mentioned second part of the decryption result is obtained by decrypting the above-mentioned encrypted execution result based on the second private key corresponding to the above-mentioned second public key. The execution file in the above-mentioned second business device is sent to the above-mentioned second business device by the above-mentioned first business device or the above-mentioned security agent component.

本申请实施例一方面提供一种数据处理方法,包括:An embodiment of the present application provides a data processing method, including:

向运行在可信第三方的安全沙箱中的安全代理组件,发送计算任务请求;上述计算任务请求包括用于对第二业务方的业务数据执行计算操作的执行文件,和上述业务数据对应的加密业务数据的第一数据标识,上述安全代理组件用于根据上述第一数据标识,从上述第二业务方对应的第二业务设备中获取上述第二业务方的加密业务数据,对上述第二业务方的加密业务数据进行解密,得到上述第二业务方的业务数据;Sending a computing task request to a security proxy component running in a security sandbox of a trusted third party; the computing task request includes an execution file for performing a computing operation on the business data of the second business party, and a first data identifier of encrypted business data corresponding to the business data, the security proxy component is used to obtain the encrypted business data of the second business party from a second business device corresponding to the second business party according to the first data identifier, decrypt the encrypted business data of the second business party, and obtain the business data of the second business party;

接收上述安全代理组件所发送的加密执行结果;上述加密执行结果是由上述安全代理组件根据第一业务方的第一公钥和上述第二业务方的第二公钥,对执行结果进行聚合加密得到的,上述执行结果是运行在上述安全沙箱中的计算任务组件,根据上述执行文件对上述第二业务方的业务数据执行计算操作所得到的;Receive the encrypted execution result sent by the security proxy component; the encrypted execution result is obtained by the security proxy component performing aggregate encryption on the execution result according to the first public key of the first business party and the second public key of the second business party, and the execution result is obtained by the computing task component running in the security sandbox performing a computing operation on the business data of the second business party according to the execution file;

根据上述第一公钥对应的第一私钥,对上述加密执行结果进行解密,得到第一部分解密结果,接收由第二业务方对应的第二业务设备所发送的第二部分解密结果;上述第二部分解密结果是上述第二业务设备在确定基于上述执行文件不能还原出上述第二业务方的业务数据时,发送至上述第一业务方对应的第一业务设备的,且上述第二部分解密结果是基于上述第二公钥对应的第二私钥,对上述加密执行结果进行解密得到的,上述加密执行结果是由上述安全代理组件发送至上述第二业务设备的,上述第二业务设备中的执行文件是由上述第一业务设备或上述安全代理组件发送至上述第二业务设备的;The encrypted execution result is decrypted according to the first private key corresponding to the first public key to obtain a first part of the decrypted result, and the second part of the decrypted result sent by the second business device corresponding to the second business party is received; the second part of the decrypted result is sent to the first business device corresponding to the first business party when the second business device determines that the business data of the second business party cannot be restored based on the execution file, and the second part of the decrypted result is obtained by decrypting the encrypted execution result based on the second private key corresponding to the second public key, the encrypted execution result is sent to the second business device by the security proxy component, and the execution file in the second business device is sent to the second business device by the first business device or the security proxy component;

根据上述第一部分解密结果和上述第二部分解密结果,对上述加密执行结果进行聚合解密,得到上述执行结果。According to the above-mentioned first part of decryption results and the above-mentioned second part of decryption results, the above-mentioned encrypted execution results are aggregated and decrypted to obtain the above-mentioned execution results.

本申请实施例一方面提供一种数据处理方法,包括:An embodiment of the present application provides a data processing method, including:

根据计算任务请求中所携带的第一数据标识,向运行在可信第三方的安全沙箱中的安全代理组件,发送第二业务方的加密业务数据;上述计算任务请求是由第一业务方对应的第一业务设备发送至上述安全代理组件的,上述计算任务请求包括用于对第二业务方的业务数据执行计算操作的执行文件,和上述业务数据对应的加密业务数据的第一数据标识,上述安全代理组件用于对上述第二业务方的加密业务数据进行解密,得到上述第二业务方的业务数据;According to the first data identifier carried in the computing task request, the encrypted business data of the second business party is sent to the security proxy component running in the security sandbox of the trusted third party; the computing task request is sent to the security proxy component by the first business device corresponding to the first business party, and the computing task request includes an execution file for performing a computing operation on the business data of the second business party, and the first data identifier of the encrypted business data corresponding to the business data, and the security proxy component is used to decrypt the encrypted business data of the second business party to obtain the business data of the second business party;

接收上述安全代理组件所发送的加密执行结果;上述加密执行结果是由上述安全代理组件根据上述第一业务方的第一公钥和上述第二业务方的第二公钥,对执行结果进行聚合加密得到的,上述执行结果是由运行在上述安全沙箱中的计算任务组件,根据上述执行文件,对上述第二业务方的业务数据执行计算操作得到的;receiving the encrypted execution result sent by the security proxy component; the encrypted execution result is obtained by the security proxy component performing aggregate encryption on the execution result according to the first public key of the first business party and the second public key of the second business party, and the execution result is obtained by the computing task component running in the security sandbox performing a computing operation on the business data of the second business party according to the execution file;

在确定基于上述执行文件不能还原出上述第二业务方的业务数据时,根据上述第二公钥对应的第二私钥,对上述加密执行结果进行解密,得到第二部分解密结果;上述第二业务方对应的第二业务设备中的执行文件是由上述第一业务设备或上述安全代理组件发送至上述第二业务设备的;When it is determined that the business data of the second business party cannot be restored based on the execution file, the encrypted execution result is decrypted according to the second private key corresponding to the second public key to obtain a second partial decryption result; the execution file in the second business device corresponding to the second business party is sent to the second business device by the first business device or the security proxy component;

将上述第二部分解密结果发送至上述第一业务方对应的第一业务设备;上述第一业务设备用于根据第一部分解密结果和第二部分解密结果,对上述加密执行结果进行聚合解密,得到上述执行结果,上述第一部分解密结果是由上述第一业务设备基于上述第一公钥对应的第一私钥对上述加密执行结果进行解密得到的。The second part of the decryption result is sent to the first business device corresponding to the first business party; the first business device is used to aggregate and decrypt the encrypted execution result according to the first part of the decryption result and the second part of the decryption result to obtain the execution result. The first part of the decryption result is obtained by the first business device decrypting the encrypted execution result based on the first private key corresponding to the first public key.

本申请实施例一方面提供一种数据处理装置,包括:An embodiment of the present application provides a data processing device, including:

接收模块,用于通过运行在可信第三方的安全沙箱中的安全代理组件,接收第一业务方对应的第一业务设备所发送的计算任务请求;上述计算任务请求包括用于对第二业务方的业务数据执行计算操作的执行文件,和上述业务数据对应的加密业务数据的第一数据标识;A receiving module, configured to receive a computing task request sent by a first business device corresponding to a first business party through a security proxy component running in a security sandbox of a trusted third party; the computing task request includes an execution file for performing a computing operation on business data of a second business party, and a first data identifier of encrypted business data corresponding to the business data;

解密模块,用于通过上述安全代理组件,根据上述第一数据标识,从上述第二业务方对应的第二业务设备中获取上述第二业务方的加密业务数据,对上述第二业务方的加密业务数据进行解密,得到上述第二业务方的业务数据;a decryption module, configured to obtain, through the security proxy component and according to the first data identifier, the encrypted business data of the second business party from the second business device corresponding to the second business party, and decrypt the encrypted business data of the second business party to obtain the business data of the second business party;

执行模块,用于通过运行在上述安全沙箱中的计算任务组件,根据上述执行文件,对上述第二业务方的业务数据执行计算操作,得到执行结果;An execution module, configured to execute a computing operation on the business data of the second business party according to the execution file by running a computing task component in the security sandbox to obtain an execution result;

加密模块,用于通过上述安全代理组件,根据上述第一业务方的第一公钥和上述第二业务方的第二公钥,对上述执行结果进行聚合加密,得到加密执行结果,将上述加密执行结果发送至上述第一业务设备和上述第二业务设备;An encryption module, used to perform aggregate encryption on the execution result through the security proxy component according to the first public key of the first business party and the second public key of the second business party to obtain an encrypted execution result, and send the encrypted execution result to the first business device and the second business device;

其中,上述第一业务设备用于根据第一部分解密结果和第二部分解密结果,对上述加密执行结果进行聚合解密,得到上述执行结果,上述第一部分解密结果是由上述第一业务设备基于上述第一公钥对应的第一私钥对上述加密执行结果进行解密得到的,上述第二部分解密结果是上述第二业务设备在确定基于上述执行文件不能还原出上述第二业务方的业务数据时,发送至上述第一业务设备的,且上述第二部分解密结果是基于上述第二公钥对应的第二私钥,对上述加密执行结果进行解密得到的,上述第二业务设备中的执行文件是由上述第一业务设备或上述安全代理组件发送至上述第二业务设备的。Among them, the above-mentioned first business device is used to aggregately decrypt the above-mentioned encrypted execution result according to the first part of the decryption result and the second part of the decryption result to obtain the above-mentioned execution result. The above-mentioned first part of the decryption result is obtained by the above-mentioned first business device decrypting the above-mentioned encrypted execution result based on the first private key corresponding to the above-mentioned first public key. The above-mentioned second part of the decryption result is sent to the above-mentioned first business device when the above-mentioned second business device determines that the business data of the above-mentioned second business party cannot be restored based on the above-mentioned execution file, and the above-mentioned second part of the decryption result is obtained by decrypting the above-mentioned encrypted execution result based on the second private key corresponding to the above-mentioned second public key. The execution file in the above-mentioned second business device is sent to the above-mentioned second business device by the above-mentioned first business device or the above-mentioned security agent component.

本申请实施例一方面提供一种数据处理装置,包括:An embodiment of the present application provides a data processing device, including:

发送模块,用于向运行在可信第三方的安全沙箱中的安全代理组件,发送计算任务请求;上述计算任务请求包括用于对第二业务方的业务数据执行计算操作的执行文件,和上述业务数据对应的加密业务数据的第一数据标识,上述安全代理组件用于根据上述第一数据标识,从上述第二业务方对应的第二业务设备中获取上述第二业务方的加密业务数据,对上述第二业务方的加密业务数据进行解密,得到上述第二业务方的业务数据;A sending module, used to send a computing task request to a security proxy component running in a security sandbox of a trusted third party; the computing task request includes an execution file for performing a computing operation on the business data of the second business party, and a first data identifier of encrypted business data corresponding to the business data; the security proxy component is used to obtain the encrypted business data of the second business party from a second business device corresponding to the second business party according to the first data identifier, decrypt the encrypted business data of the second business party, and obtain the business data of the second business party;

接收模块,用于接收上述安全代理组件所发送的加密执行结果;上述加密执行结果是由上述安全代理组件根据第一业务方的第一公钥和上述第二业务方的第二公钥,对执行结果进行聚合加密得到的,上述执行结果是运行在上述安全沙箱中的计算任务组件,根据上述执行文件对上述第二业务方的业务数据执行计算操作所得到的;a receiving module, configured to receive an encrypted execution result sent by the security proxy component; the encrypted execution result is obtained by the security proxy component performing aggregate encryption on the execution result according to the first public key of the first business party and the second public key of the second business party, and the execution result is obtained by the computing task component running in the security sandbox performing a computing operation on the business data of the second business party according to the execution file;

解密模块,用于根据上述第一公钥对应的第一私钥,对上述加密执行结果进行解密,得到第一部分解密结果,接收由第二业务方对应的第二业务设备所发送的第二部分解密结果;上述第二部分解密结果是上述第二业务设备在确定基于上述执行文件不能还原出上述第二业务方的业务数据时,发送至上述第一业务方对应的第一业务设备的,且上述第二部分解密结果是基于上述第二公钥对应的第二私钥,对上述加密执行结果进行解密得到的,上述加密执行结果是由上述安全代理组件发送至上述第二业务设备的,上述第二业务设备中的执行文件是由上述第一业务设备或上述安全代理组件发送至上述第二业务设备的;A decryption module, used to decrypt the above-mentioned encrypted execution result according to the first private key corresponding to the above-mentioned first public key to obtain a first part of the decryption result, and receive a second part of the decryption result sent by the second business device corresponding to the second business party; the above-mentioned second part of the decryption result is sent to the first business device corresponding to the above-mentioned first business party when the above-mentioned second business device determines that the business data of the above-mentioned second business party cannot be restored based on the above-mentioned execution file, and the above-mentioned second part of the decryption result is obtained by decrypting the above-mentioned encrypted execution result based on the second private key corresponding to the above-mentioned second public key, the above-mentioned encrypted execution result is sent to the above-mentioned second business device by the above-mentioned security proxy component, and the execution file in the above-mentioned second business device is sent to the above-mentioned second business device by the above-mentioned first business device or the above-mentioned security proxy component;

上述解密模块,还用于根据上述第一部分解密结果和上述第二部分解密结果,对上述加密执行结果进行聚合解密,得到上述执行结果。The above-mentioned decryption module is also used to aggregate and decrypt the above-mentioned encrypted execution result according to the above-mentioned first part of decryption results and the above-mentioned second part of decryption results to obtain the above-mentioned execution result.

本申请实施例一方面提供一种数据处理装置,包括:An embodiment of the present application provides a data processing device, including:

发送模块,用于根据计算任务请求中所携带的第一数据标识,向运行在可信第三方的安全沙箱中的安全代理组件,发送第二业务方的加密业务数据;上述计算任务请求是由第一业务方对应的第一业务设备发送至上述安全代理组件的,上述计算任务请求包括用于对第二业务方的业务数据执行计算操作的执行文件,和上述业务数据对应的加密业务数据的第一数据标识,上述安全代理组件用于对上述第二业务方的加密业务数据进行解密,得到上述第二业务方的业务数据;A sending module, used to send the encrypted business data of the second business party to the security proxy component running in the security sandbox of the trusted third party according to the first data identifier carried in the computing task request; the computing task request is sent to the security proxy component by the first business device corresponding to the first business party, the computing task request includes an execution file for performing a computing operation on the business data of the second business party, and the first data identifier of the encrypted business data corresponding to the business data, and the security proxy component is used to decrypt the encrypted business data of the second business party to obtain the business data of the second business party;

接收模块,用于接收上述安全代理组件所发送的加密执行结果;上述加密执行结果是由上述安全代理组件根据上述第一业务方的第一公钥和上述第二业务方的第二公钥,对执行结果进行聚合加密得到的,上述执行结果是由运行在上述安全沙箱中的计算任务组件,根据上述执行文件,对上述第二业务方的业务数据执行计算操作得到的;a receiving module, configured to receive the encrypted execution result sent by the security proxy component; the encrypted execution result is obtained by the security proxy component performing aggregate encryption on the execution result according to the first public key of the first business party and the second public key of the second business party, and the execution result is obtained by the computing task component running in the security sandbox performing a computing operation on the business data of the second business party according to the execution file;

解密模块,用于在确定基于上述执行文件不能还原出上述第二业务方的业务数据时,根据上述第二公钥对应的第二私钥,对上述加密执行结果进行解密,得到第二部分解密结果;上述第二业务方对应的第二业务设备中的执行文件是由上述第一业务设备或上述安全代理组件发送至上述第二业务设备的;a decryption module, for decrypting the encrypted execution result according to the second private key corresponding to the second public key to obtain a second partial decryption result when it is determined that the business data of the second business party cannot be restored based on the execution file; the execution file in the second business device corresponding to the second business party is sent to the second business device by the first business device or the security proxy component;

上述发送模块,还用于将上述第二部分解密结果发送至上述第一业务方对应的第一业务设备;上述第一业务设备用于根据第一部分解密结果和第二部分解密结果,对上述加密执行结果进行聚合解密,得到上述执行结果,上述第一部分解密结果是由上述第一业务设备基于上述第一公钥对应的第一私钥对上述加密执行结果进行解密得到的。The above-mentioned sending module is also used to send the above-mentioned second part of the decryption result to the first business device corresponding to the above-mentioned first business party; the above-mentioned first business device is used to aggregate and decrypt the above-mentioned encrypted execution result according to the first part of the decryption result and the second part of the decryption result to obtain the above-mentioned execution result. The above-mentioned first part of the decryption result is obtained by the above-mentioned first business device decrypting the above-mentioned encrypted execution result based on the first private key corresponding to the above-mentioned first public key.

本申请实施例一方面提供了一种计算机设备,包括存储器和处理器,上述存储器存储有计算机程序,上述处理器执行上述计算机程序时实现上述的方法的步骤。On one hand, an embodiment of the present application provides a computer device, including a memory and a processor, wherein the memory stores a computer program, and the processor implements the steps of the above method when executing the computer program.

本申请实施例一方面提供了一种计算机可读存储介质,其上存储有计算机程序,上述计算机程序被处理器执行时实现上述的方法的步骤。On one hand, an embodiment of the present application provides a computer-readable storage medium on which a computer program is stored. When the computer program is executed by a processor, the steps of the above method are implemented.

本申请实施例一方面提供了一种计算机程序产品,包括计算机程序,该计算机程序被处理器执行时实现上述的方法的步骤。On the one hand, an embodiment of the present application provides a computer program product, including a computer program, which implements the steps of the above method when executed by a processor.

本申请中至少具有如下有益效果:(1)在各个业务方对应的可信第三方的安全沙箱中部署安全代理组件和计算任务组件,第二业务方的加密业务数据的解密和计算过程,均是通过安全沙箱中的安全代理组件和计算任务组件实现,即通过安全沙箱实现各个业务方的业务数据流通,不需要为各个业务方创建独立的集群,也不需要依赖于专用硬件,降低业务数据的流通成本,提高业务数据的流通过程的便捷性,且流通过过程不需要人工参与,提高业务数据的流通效率。(2)通过对执行结果进行聚合加密,以使第二业务方确定执行文件不能还原出原始数据(即业务数据)时,才将自身得到的第二部分解密结果发送至第一业务方,这样第一业务方才能基于自身得到的第一部分解密结果和所接收到的第二部分解密结果,对加密执行结果进行聚合解密,得到执行结果,可确保第一业务方、第二业务方针对执行结果的共有所有权,实现执行结果的安全可控,提高执行结果的安全性。此处的业务数据的流通可以是指第二业务方的业务数据的执行结果被传输至第一业务方,即第一业务方通过可信第三方调用了第二业务方的业务数据,实现业务数据的流通。The present application has at least the following beneficial effects: (1) Deploy security proxy components and computing task components in the security sandbox of the trusted third party corresponding to each business party, and the decryption and computing process of the encrypted business data of the second business party are all realized through the security proxy components and computing task components in the security sandbox, that is, the business data of each business party is circulated through the security sandbox, and there is no need to create independent clusters for each business party, nor to rely on dedicated hardware, thereby reducing the circulation cost of business data and improving the convenience of the business data circulation process. In addition, the circulation process does not require manual participation, thereby improving the circulation efficiency of business data. (2) By aggregate encryption of the execution results, the second business party will send the second part of the decryption result obtained by itself to the first business party only when it determines that the execution file cannot restore the original data (that is, the business data). In this way, the first business party can aggregate and decrypt the encrypted execution results based on the first part of the decryption result obtained by itself and the second part of the decryption result received to obtain the execution result, which can ensure the shared ownership of the execution results by the first and second business parties, realize the security and controllability of the execution results, and improve the security of the execution results. The circulation of business data here may refer to the execution result of the business data of the second business party being transmitted to the first business party, that is, the first business party calls the business data of the second business party through a trusted third party to realize the circulation of business data.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

为了更清楚地说明本申请实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings required for use in the embodiments or the description of the prior art will be briefly introduced below. Obviously, the drawings described below are only some embodiments of the present application. For ordinary technicians in this field, other drawings can be obtained based on these drawings without paying creative work.

图1是本申请提供的一种数据处理系统示意图;FIG1 is a schematic diagram of a data processing system provided by the present application;

图2是本申请提供的另一种数据处理系统示意图;FIG2 is a schematic diagram of another data processing system provided by the present application;

图3是本申请提供的一种数据处理方法的流程示意图;FIG3 is a flow chart of a data processing method provided by the present application;

图4是本申请提供的一种公钥交换过程和业务数据的加密过程的流程示意图;FIG4 is a flowchart of a public key exchange process and a service data encryption process provided by the present application;

图5是本申请提供的一种启动计算任务的流程示意图;FIG5 is a schematic diagram of a process of starting a computing task provided by the present application;

图6是本申请提供的一种计算任务的执行过程的流程示意图;FIG6 is a flowchart of an execution process of a computing task provided by the present application;

图7是本申请提供的另一种数据处理方法的流程示意图;FIG7 is a flow chart of another data processing method provided by the present application;

图8是本申请提供的一种加密执行结果的解密过程的流程示意图;FIG8 is a flowchart of a decryption process of an encryption execution result provided by the present application;

图9是本申请提供的又一种数据处理方法的流程示意图;FIG9 is a flow chart of another data processing method provided by the present application;

图10是本申请实施例提供的一种数据处理装置的结构示意图;FIG10 is a schematic diagram of the structure of a data processing device provided in an embodiment of the present application;

图11是本申请实施例提供的另一种数据处理装置的结构示意图;FIG11 is a schematic diagram of the structure of another data processing device provided in an embodiment of the present application;

图12是本申请实施例提供的又一种数据处理装置的结构示意图;FIG12 is a schematic diagram of the structure of another data processing device provided in an embodiment of the present application;

图13是本申请实施例提供的一种计算机设备的结构示意图。FIG. 13 is a schematic diagram of the structure of a computer device provided in an embodiment of the present application.

具体实施方式DETAILED DESCRIPTION

下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。The following will be combined with the drawings in the embodiments of the present application to clearly and completely describe the technical solutions in the embodiments of the present application. Obviously, the described embodiments are only part of the embodiments of the present application, not all of the embodiments. Based on the embodiments in the present application, all other embodiments obtained by ordinary technicians in this field without creative work are within the scope of protection of this application.

为了便于更清楚理解本申请,首先介绍实现本申请的数据处理系统,如图1所示,该数据处理系统中包括服务器和终端集群,终端集群可以包括一个或者多个终端,这里将不对终端的数量进行限制。如图1所示,以终端集群中包括4个终端为例进行说明,终端集群具体可以包括第一终端、第二终端、第三终端、第四终端;可以理解的是,第一终端、第二终端、第三终端、第四终端均可以与服务器进行网络连接,以便于每个终端均可以通过网络连接与服务器之间进行数据交互。In order to facilitate a clearer understanding of the present application, the data processing system for implementing the present application is first introduced. As shown in Figure 1, the data processing system includes a server and a terminal cluster. The terminal cluster may include one or more terminals, and the number of terminals will not be limited here. As shown in Figure 1, the terminal cluster includes 4 terminals as an example. The terminal cluster may specifically include a first terminal, a second terminal, a third terminal, and a fourth terminal; it can be understood that the first terminal, the second terminal, the third terminal, and the fourth terminal can all be connected to the server through a network connection, so that each terminal can exchange data with the server through a network connection.

可理解的是,服务器可以是独立的一个物理服务器,也可以是至少两个物理服务器构成的服务器集群或者分布式系统,还可以是提供云服务、云知识库、云计算、云函数、云存储、网络服务、云通信、中间件服务、域名服务、安全服务、中容分发网络(ContentDelivery NetworK,CDN)、以及大数据和人工智能平台等基础云计算服务的云服务器。终端具体可以是指车载终端、智能手机、平板电脑、笔记本电脑、桌上型电脑、智能音箱、有屏音箱、智能电视、智能手表等等,但并不局限于此。各个终端以及服务器可以通过有线或无线通信方式进行直接或间接地连接,同时,终端以及服务器的数量可以为一个或至少两个,本申请在此不做限制。It is understandable that the server can be an independent physical server, or a server cluster or distributed system composed of at least two physical servers, or a cloud server that provides cloud services, cloud knowledge bases, cloud computing, cloud functions, cloud storage, network services, cloud communications, middleware services, domain name services, security services, Content Delivery Network (CDN), and basic cloud computing services such as big data and artificial intelligence platforms. The terminal can specifically refer to a vehicle-mounted terminal, a smart phone, a tablet computer, a laptop computer, a desktop computer, a smart speaker, a screen speaker, a smart TV, a smart watch, etc., but is not limited to this. Each terminal and server can be directly or indirectly connected via wired or wireless communication. At the same time, the number of terminals and servers can be one or at least two, and this application does not limit this.

其中,任一终端可以是指业务方对应的业务设备,每个业务设备中可以包括其自身的业务数据,以及一种或多种执行文件,任一业务设备可以通过服务器调用其他业务方的业务数据。执行文件可以是指用于对业务数据执行计算操作的代码文件或代码文件的镜像文件,计算操作可以是指统计计算、训练模型、运算处理等。Among them, any terminal can refer to the business device corresponding to the business party, each business device can include its own business data and one or more execution files, and any business device can call the business data of other business parties through the server. The execution file can refer to a code file or a mirror file of a code file used to perform calculation operations on the business data, and the calculation operation can refer to statistical calculation, training model, operation processing, etc.

需要说明的是,本申请中的第一业务方可以是指发起计算任务请求的业务方,即第一业务方可以是指使用业务数据的业务方,同时,第一业务方也可以提供业务数据,第一业务方对应的终端可以称为第一业务设备。第二业务方可以是指提供业务数据的业务方,第二业务方对应的终端可以称为第二业务设备。It should be noted that the first business party in this application may refer to the business party that initiates the computing task request, that is, the first business party may refer to the business party that uses the business data, and at the same time, the first business party may also provide business data, and the terminal corresponding to the first business party may be called the first business device. The second business party may refer to the business party that provides business data, and the terminal corresponding to the second business party may be called the second business device.

其中,在针对业务数据的一次计算操作过程中,可以包括至少一个业务数据的使用方,以及至少一个业务数据的提供方;当仅包括一个业务数据的提供方和一个业务数据的使用方时,业务数据的提供方与业务数据的使用方不相同。Among them, in a computing operation process for business data, at least one business data user and at least one business data provider may be included; when only one business data provider and one business data user are included, the business data provider is different from the business data user.

其中,服务器可以是指可信第三方对应的设备,服务器中包括安全沙箱,安全沙箱中运行有安全代理组件和计算任务组件,安全沙箱是一种用于保护对象隐私和系统安全的机制;安全沙箱可以将安全代理组件和计算任务组件限制在一个封闭的运行环境中,防止其对系统和其他应用程序造成潜在的威胁。此外,安全沙箱可以提供一些虚拟的硬件和软件资源,如文件系统、网络、操作系统等,使安全代理组件和计算任务组件可以在这个虚拟环境中运行,而不会对计算机系统产生任何不良影响。如果安全代理组件和计算任务组件试图访问安全沙箱之外的资源或执行危险操作(如将未加密的业务数据传输给其他业务设备),安全沙箱会拦截这些请求并采取相应的安全措施,安全措施可以包括禁止执行危险操作、中止执行危险操作的应用程序或进程。The server may refer to a device corresponding to a trusted third party. The server includes a security sandbox, in which a security agent component and a computing task component are running. The security sandbox is a mechanism for protecting object privacy and system security. The security sandbox can restrict the security agent component and the computing task component to a closed operating environment to prevent them from causing potential threats to the system and other applications. In addition, the security sandbox can provide some virtual hardware and software resources, such as a file system, a network, an operating system, etc., so that the security agent component and the computing task component can run in this virtual environment without causing any adverse effects on the computer system. If the security agent component and the computing task component attempt to access resources outside the security sandbox or perform dangerous operations (such as transmitting unencrypted business data to other business devices), the security sandbox will intercept these requests and take corresponding security measures. The security measures may include prohibiting the execution of dangerous operations and terminating applications or processes that perform dangerous operations.

其中,安全沙箱还包括访问限制工具,访问限制工具用于限制安全代理组件和计算任务组件分别对应的进程的网络访问、目录访问和进程间访问,以使安全代理组件和计算任务组件运行完全隔离的环境下,由安全代理组件实现数据的读取和写回数据,各个计算任务组件之间允许相互访问。访问限制工具可以包括gVisor(进程级虚拟化)、nsjail(进程隔离工具)或Kata Container(云原生化的虚拟化)。计算任务组件可以包括spark(一种计算引擎或框架)或Ray(一种计算引擎或框架),通常各个计算任务组件之间需要各个计算任务组件之间相互通信以共同完成分布式的计算任务。Among them, the security sandbox also includes an access restriction tool, which is used to restrict the network access, directory access and inter-process access of the processes corresponding to the security proxy component and the computing task component, so that the security proxy component and the computing task component run in a completely isolated environment, and the security proxy component implements data reading and writing back data, and each computing task component is allowed to access each other. The access restriction tool may include gVisor (process-level virtualization), nsjail (process isolation tool) or Kata Container (cloud-native virtualization). The computing task component may include spark (a computing engine or framework) or Ray (a computing engine or framework). Usually, each computing task component needs to communicate with each other to jointly complete the distributed computing tasks.

具体的,安全代理组件可以用于从第二业务设备在读取加密业务数据,对加密业务数据进行解密,得到业务数据,将业务数据和执行文件发送至计算任务组件。计算任务组件可以用于根据执行文件对业务数据执行计算操作。Specifically, the security proxy component can be used to read the encrypted business data from the second business device, decrypt the encrypted business data, obtain the business data, and send the business data and the execution file to the computing task component. The computing task component can be used to perform computing operations on the business data according to the execution file.

其中,可信第三方可以是指数据处理系统中各个终端对应的业务方均信任的实体,如可以是指证书授权(Certificate Authority,CA)管理机构。The trusted third party may refer to an entity that is trusted by the business parties corresponding to each terminal in the data processing system, such as a Certificate Authority (CA) management agency.

本申请的数据处理系统可以用于指导隐私计算系统框架的开发,主要的产品形态以隐私计算平台的形式,在公有云或私有云对外提供联邦学习、联合查询、匿踪查询等服务;联邦学习得到的机器学习模型、联合查询和匿踪查询所得到的查询结果可运用在联合营销、联合广告、联合风控等多个场景。The data processing system of the present application can be used to guide the development of the privacy computing system framework. The main product form is in the form of a privacy computing platform, which provides federated learning, joint query, anonymous query and other services on a public or private cloud. The machine learning model obtained by federated learning and the query results obtained by joint query and anonymous query can be used in multiple scenarios such as joint marketing, joint advertising, and joint risk control.

其中,匿踪查询可以是指隐私数据(信息)检索(Private Information Retrieval– PIR),是安全多方计算中非常实用的一门技术与应用,可以用来保护用户的查询隐私,进而也可以保护用户的查询结果(即业务数据)。其目标是保证第一业务方向可信第三方提交查询请求(即计算任务请求)时,在查询过程不被感知与泄漏的前提下完成查询。在匿踪查询中,第一业务方为查询方,第一业务方所提供的执行文件可以是指用于对查询结果执行计算操作的代码或代码对应的镜像文件;第二业务方可以是指被查询方,即第二业务方的业务数据可以称为查询结果,第二业务方的数量为多个或一个。Among them, anonymous query can refer to private information retrieval (PIR), which is a very practical technology and application in secure multi-party computing. It can be used to protect the user's query privacy, and then protect the user's query results (i.e. business data). Its goal is to ensure that when the first business party submits a query request (i.e. computing task request) to a trusted third party, the query is completed without being perceived or leaked during the query process. In anonymous query, the first business party is the query party, and the executable file provided by the first business party can refer to the code used to perform computing operations on the query results or the image file corresponding to the code; the second business party can refer to the queried party, that is, the business data of the second business party can be called the query result, and the number of second business parties can be multiple or one.

其中,联邦学习,也称联邦机器学习(Federated machine learning/FederatedLearning),联合学习,联盟学习。联邦学习是一个机器学习框架,能有效帮助多个业务方(即第一业务方、第二业务方)在满足用户隐私保护、数据安全和政府法规的要求下,进行数据使用和机器学习建模。联邦学习中,第一业务方可以是指需要机器学习建模的业务方,第一业务方所提供的执行文件可以是指待训练的初始机器学习模型,该待训练的初始机器学习模型由代码或代码的镜像文件构成;第二业务方可以是指提供训练数据的业务方,即第二业务方的业务数据可以是指训练数据。特别地,第一业务方也可以提供训练数据,针对业务数据的计算操作可以是指通过初始机器学习模型对训练数据进行识别,以实现对初始机器学生模型训练,得到执行结果,执行结果为训练得到的机器学习模型。Among them, federated learning is also called federated machine learning (Federated Machine Learning/Federated Learning), joint learning, and alliance learning. Federated learning is a machine learning framework that can effectively help multiple business parties (i.e., the first business party and the second business party) use data and perform machine learning modeling while meeting the requirements of user privacy protection, data security, and government regulations. In federated learning, the first business party may refer to the business party that needs machine learning modeling, and the execution file provided by the first business party may refer to the initial machine learning model to be trained, which is composed of code or a mirror file of the code; the second business party may refer to the business party that provides training data, that is, the business data of the second business party may refer to training data. In particular, the first business party may also provide training data, and the computing operation on the business data may refer to identifying the training data through the initial machine learning model to train the initial machine student model and obtain the execution result, which is the trained machine learning model.

其中,机器学习模型可以是指线性回归模型(Linear Regression)、逻辑回归模型(Logistic Regression)、决策树模型(Decision Tree)、神经网络模型(Neural Network)等。Among them, the machine learning model can refer to a linear regression model (Linear Regression), a logistic regression model (Logistic Regression), a decision tree model (Decision Tree), a neural network model (Neural Network), etc.

其中,该机器学习模型可以用于联合风控场景、联合广告场景以及联合营销场景。即在联合风控场景中,机器学习模型可以用于验证用户是否为合格的投资者、验证个人或机构是否存在金融异常行为。联合广告场景中,机器学习模型可以用于为产品商家,制作用户感兴趣的广告内容;联合营销场景中机器学习模型可以为产品商家,制作针对某个产品的营销策略。Among them, the machine learning model can be used in joint risk control scenarios, joint advertising scenarios, and joint marketing scenarios. That is, in the joint risk control scenario, the machine learning model can be used to verify whether the user is a qualified investor and whether the individual or institution has abnormal financial behavior. In the joint advertising scenario, the machine learning model can be used to produce advertising content that users are interested in for product merchants; in the joint marketing scenario, the machine learning model can be used to produce marketing strategies for a certain product for product merchants.

其中,联合查询可以是一种特殊的查询方式,它的主要功能是将两个或者更多的查询结果组合到一个结果集中、消除查询结果中的重复行以及对联合查询的结果集进行排序、计算等。在联合查询中,第一业务方为查询方,第一业务方所提供的执行文件可以是指用于实现联合查询的代码或代码对应的镜像文件;第二业务方可以是指被查询方,即第二业务方的业务数据可以称为查询结果,第二业务方的数量为多个。Among them, the joint query can be a special query mode, and its main function is to combine two or more query results into a result set, eliminate duplicate rows in the query results, and sort and calculate the result set of the joint query. In the joint query, the first business party is the query party, and the execution file provided by the first business party can refer to the code used to implement the joint query or the image file corresponding to the code; the second business party can refer to the queried party, that is, the business data of the second business party can be called the query result, and the number of the second business parties is multiple.

其中,联合风控场景可以是基于联合查询或匿踪查询所得到的查询结果,或训练得到的机器学习模型,实现对个人或机构的风控管理,风控管理可以是指验证用户是否为合格的投资者、验证个人或机构是否存在金融异常行为,如金融异常行为包括向非法账户转移资产、漏缴税收等。在联合风控场景中,第一业务方(即上述查询方或需要机器学习建模的业务方)具体为风控管理机构,如税务机构、资产监管机构,第一业务方所提供的执行文件可以是对个人或机构进行风控管理的代码或代码对应的镜像文件,如可以为用于风控管理的待训练的初始机器学习模型。第二业务方(即上述被查询方,或提供训练数据的业务方)可以包括银行机构、信托机构、基金公司等中的至少一个,业务数据(如上述的查询结果或训练数据)可以包括用户在银行机构、信托机构、基金公司的交易数据。Among them, the joint risk control scenario can be based on the query results obtained by joint query or anonymous query, or the machine learning model obtained by training, to achieve risk control management for individuals or institutions. Risk control management can refer to verifying whether the user is a qualified investor, verifying whether the individual or institution has financial abnormal behavior, such as financial abnormal behavior including transferring assets to illegal accounts, evading tax payment, etc. In the joint risk control scenario, the first business party (i.e. the above-mentioned query party or the business party that needs machine learning modeling) is specifically a risk control management agency, such as a tax agency or an asset regulatory agency. The execution file provided by the first business party can be a code or a mirror file corresponding to the code for risk control management of individuals or institutions, such as an initial machine learning model to be trained for risk control management. The second business party (i.e. the above-mentioned query party, or the business party providing training data) can include at least one of a banking institution, a trust institution, a fund company, etc., and the business data (such as the above-mentioned query results or training data) can include the transaction data of users in banking institutions, trust institutions, and fund companies.

其中,联合广告场景可以是指基于联合查询或匿踪查询所得到的查询结果,或训练得到的机器学习模型,制作用户感兴趣的广告内容。在联合广告场景中,第一业务方(即上述查询方或需要机器学习建模的业务方)可以为产品商家,第一业务方所提供的执行文件可以是用于生成广告内容的代码或代码对应的镜像文件。第二业务方(即上述被查询方,或提供训练数据的业务方)可以包括广告对应的产品商家和广告平台,广告平台所提供的业务数据为用户针对广告内容的广告行为数据,广告行为数据可以包括广告内容的点击次数、收藏次数、点赞次数等。产品商家所提供的业务数据包括用户针对产品的购买行为数据,如购买行为数据包括购买时间、产品的价格、购买次数、产品的基础信息(生产时间、用途等)等。广告行为数据、购买行为数据可以是指上述查询结果或训练数据。Among them, the joint advertising scenario may refer to the production of advertising content that users are interested in based on the query results obtained by joint query or anonymous query, or the machine learning model obtained by training. In the joint advertising scenario, the first business party (i.e., the query party or the business party that needs machine learning modeling) may be a product merchant, and the execution file provided by the first business party may be a code for generating advertising content or a mirror file corresponding to the code. The second business party (i.e., the queried party or the business party providing training data) may include the product merchant and the advertising platform corresponding to the advertisement. The business data provided by the advertising platform is the advertising behavior data of the user for the advertising content, and the advertising behavior data may include the number of clicks, collections, and likes of the advertising content. The business data provided by the product merchant includes the user's purchase behavior data for the product, such as the purchase behavior data including the purchase time, the price of the product, the number of purchases, and the basic information of the product (production time, purpose, etc.). Advertising behavior data and purchase behavior data may refer to the query results or training data.

其中,联合营销场景可以是指基于联合查询或匿踪查询所得到的查询结果,或训练得到的机器学习模型,制作针对某个产品的营销策略;在联合营销场景中,第一业务方(即上述查询方或需要机器学习建模的业务方)可以为产品商家,第一业务方所提供的执行文件可以是用于生成产品的营销策略的代码或代码对应的镜像文件。第二业务方(即上述被查询方,或提供训练数据的业务方)可以包括产品商家和营销机构,营销机构所提供的业务数据为用户的基础信息,如姓名、性别等;产品商家所提供的业务数据为用户针对产品的购买行为数据。营销策略可以包括购物满减策略、发放优惠券等。基础信息、购买行为数据可以是指上述查询结果或训练数据。Among them, the joint marketing scenario may refer to the production of a marketing strategy for a certain product based on the query results obtained by joint query or anonymous query, or the trained machine learning model; in the joint marketing scenario, the first business party (i.e. the above-mentioned query party or the business party that needs machine learning modeling) may be the product merchant, and the execution file provided by the first business party may be the code or the mirror file corresponding to the code used to generate the marketing strategy of the product. The second business party (i.e. the above-mentioned queried party, or the business party providing training data) may include product merchants and marketing agencies. The business data provided by the marketing agency is the basic information of the user, such as name, gender, etc.; the business data provided by the product merchant is the user's purchase behavior data for the product. Marketing strategies may include shopping discount strategies, issuing coupons, etc. Basic information and purchase behavior data may refer to the above-mentioned query results or training data.

以联合查询应用于联合风控场景为例进行说明,第一业务设备可以是指图1中的第一终端,第二业务设备可以包括图1中第二终端、第三终端、第四终端;第一终端对应的第一业务方为投资机构,第二终端、第三终端、第四终端对应的第二业务方分别为银行机构、信托机构、基金公司。当投资机构需要审核用户u1是否为合格的投资者时,第一终端可以向服务器的安全沙箱中运行的安全代理组件,发送计算任务请求,该计算任务请求用于指示验证用户u1是否为合格的投资者,该计算任务请求中携带投资机构的对象信息,用于对业务数据执行计算操作的执行文件、以及各个加密业务数据的数据标识。投资机构的对象信息可以包括投资机构的信用代码、机构名称等,该业务数据可以包括用户u1在银行机构、信托机构、基金公司中分别对应的交易数据,该执行文件可以用于基于交易数据,验证用户u1是否为合格的投资者。Taking the application of joint query in the joint risk control scenario as an example, the first business device may refer to the first terminal in Figure 1, and the second business device may include the second terminal, the third terminal, and the fourth terminal in Figure 1; the first business party corresponding to the first terminal is an investment institution, and the second business parties corresponding to the second terminal, the third terminal, and the fourth terminal are respectively a bank institution, a trust institution, and a fund company. When the investment institution needs to review whether the user u1 is a qualified investor, the first terminal can send a computing task request to the security agent component running in the security sandbox of the server. The computing task request is used to indicate whether the user u1 is a qualified investor. The computing task request carries the object information of the investment institution, the execution file for performing computing operations on the business data, and the data identifier of each encrypted business data. The object information of the investment institution may include the credit code and institution name of the investment institution, and the business data may include the transaction data corresponding to the user u1 in the bank institution, the trust institution, and the fund company, respectively. The execution file can be used to verify whether the user u1 is a qualified investor based on the transaction data.

服务器中的安全代理组件接收到计算任务请求之后,可以根据投资机构的对象信息验证投资机构是否具有针对上述业务数据的请求计算权限,如服务器可以根据投资机构的对象信息,查询该投资机构是否存在异常投资行为,当查询到投资机构存在异常投资行为时,确定投资机构不具有针对业务数据的请求计算权限,可以拒绝验证用户u1是否为合格的投资者。当查询到投资机构不存在异常投资行为时,确定投资机构具有针对业务数据的请求计算权限,可以根据计算任务请求,从第二终端获取第一加密交易数据,从第三终端中获取第二加密交易数据,从第四终端中获取第二加密交易数据。该第一加密交易数据是对用户u1在银行机构的第一交易数据进行加密得到的,第一交易数据可以包括用户u1在银行机构的借贷记录、存款记录、还款记录等种的至少一种;该第二加密交易数据是对用户u1在信托机构的第二交易数据进行加密得到的,第二交易数据可以包括用户u1在信托机构所购买的信托产品等;该第三加密交易数据是对用户u1在基金公司的第三交易数据进行加密得到的,第三交易数据可以包括用户u1在基金公司的所购买的基金等。After receiving the computing task request, the security proxy component in the server can verify whether the investment institution has the request computing authority for the above-mentioned business data based on the object information of the investment institution. For example, the server can query whether the investment institution has abnormal investment behavior based on the object information of the investment institution. When it is found that the investment institution has abnormal investment behavior, it is determined that the investment institution does not have the request computing authority for the business data, and the verification of whether the user u1 is a qualified investor can be refused. When it is found that the investment institution does not have abnormal investment behavior, it is determined that the investment institution has the request computing authority for the business data, and the first encrypted transaction data can be obtained from the second terminal, the second encrypted transaction data can be obtained from the third terminal, and the second encrypted transaction data can be obtained from the fourth terminal according to the computing task request. The first encrypted transaction data is obtained by encrypting the first transaction data of user u1 in a banking institution, and the first transaction data may include at least one of the borrowing and lending records, deposit records, repayment records, etc. of user u1 in the banking institution; the second encrypted transaction data is obtained by encrypting the second transaction data of user u1 in a trust institution, and the second transaction data may include the trust products purchased by user u1 in the trust institution, etc.; the third encrypted transaction data is obtained by encrypting the third transaction data of user u1 in a fund company, and the third transaction data may include the funds purchased by user u1 in the fund company, etc.

进一步,通过代理安全代理组件,对第一加密交易数据进行解密得到第一交易数据,对第二加密交易数据进行解密得到第二交易数据,对第三加密交易数据进行解密得到第三交易数据。服务器的安全沙箱中运行的计算任务组件,可以根据该执行文件、第一交易数据、第二交易数据以及第三交易数据,验证用户u1是否为合格的投资者,得到验证结果(即执行结果),该验证结果可以反映用户u1为合格的投资者,或者,验证结果反映用户u1不是合格的投资者。通过安全代理组件可以根据投资机构、银行机构、信托机构、基金公司分别对应的公钥,对验证结果进行聚合加密,得到加密验证结果(即加密执行结果),将加密验证结果和执行文件发送至第二终端、第三终端、第四终端,将加密执行结果发送至第一终端。第二终端、第三终端、第四终端分别确定执行文件不能还原出分别对应的交易数据时,采用对应的私钥,对加密验证结果进行解密,得到第二终端、第三终端、第四终端分别对应的第二部分解密结果。第一终端可以根据投资机构对应的私钥,对加密验证结果进行解密,得到第一部分解密结果,接收第二终端、第三终端、第四终端分别发送的第二部分解密结果,根据第一部分解密结果和第二部分解密结果,对加密验证结果进行聚合解密,得到验证结果。Further, through the proxy security proxy component, the first encrypted transaction data is decrypted to obtain the first transaction data, the second encrypted transaction data is decrypted to obtain the second transaction data, and the third encrypted transaction data is decrypted to obtain the third transaction data. The computing task component running in the security sandbox of the server can verify whether the user u1 is a qualified investor based on the execution file, the first transaction data, the second transaction data and the third transaction data, and obtain a verification result (i.e., an execution result), which can reflect that the user u1 is a qualified investor, or the verification result reflects that the user u1 is not a qualified investor. Through the security proxy component, the verification result can be aggregated and encrypted according to the public keys corresponding to the investment institution, the banking institution, the trust institution, and the fund company, respectively, to obtain an encrypted verification result (i.e., an encrypted execution result), and the encrypted verification result and the execution file are sent to the second terminal, the third terminal, and the fourth terminal, and the encrypted execution result is sent to the first terminal. When the second terminal, the third terminal, and the fourth terminal respectively determine that the execution file cannot restore the corresponding transaction data, the corresponding private key is used to decrypt the encrypted verification result to obtain the second part of the decryption result corresponding to the second terminal, the third terminal, and the fourth terminal. The first terminal can decrypt the encrypted verification result according to the private key corresponding to the investment institution to obtain a first part of the decryption result, receive the second part of the decryption result sent by the second terminal, the third terminal, and the fourth terminal respectively, and perform aggregate decryption on the encrypted verification result according to the first part of the decryption result and the second part of the decryption result to obtain a verification result.

可见,本申请可以实现针对银行机构、信托机构、基金公司的联合查询,不需要泄露用户u1未加密的交易数据的情况下,实现对用户u1的验证,实现对用户u1的联合风控,实现针对银行机构、信托机构、基金公司的交易数据的流通,提高各业务方的交易数据的安全性。It can be seen that this application can realize joint queries against banking institutions, trust institutions, and fund companies. It can realize verification of user u1 without leaking the unencrypted transaction data of user u1, realize joint risk control of user u1, and realize the circulation of transaction data for banking institutions, trust institutions, and fund companies, thereby improving the security of transaction data of each business party.

在一个实施例中,本申请提供另一数据处理系统的结构示意图,如图2所示,该数据处理系统包括第三业务设备、第一业务设备以及第二业务设备;其中,第三业务设备可以是指可信第三方对应的设备,即第三业务设备可以是指图1中的服务器。第一业务设备可以是指第一业务方对应的设备,第一业务设备可以是指图1中的任一终端;第二业务设备可以是指第二业务方对应的设备,第二业务设备可以是指图1中的除第一业务方对应的终端以外的终端。In one embodiment, the present application provides a structural diagram of another data processing system, as shown in FIG2, the data processing system includes a third business device, a first business device and a second business device; wherein the third business device may refer to a device corresponding to a trusted third party, that is, the third business device may refer to the server in FIG1. The first business device may refer to a device corresponding to the first business party, and the first business device may refer to any terminal in FIG1; the second business device may refer to a device corresponding to the second business party, and the second business device may refer to a terminal other than the terminal corresponding to the first business party in FIG1.

其中,第一业务设备可以包括任务提交组件、第二任务调度组件、第一数据代理组件;第二业务设备可以包括第三任务调度组件、第二数据代理组件;第三业务设备中包括安全沙箱和第一任务调度组件,安全沙箱中包括计算任务组件和安全代理组件。Among them, the first business device may include a task submission component, a second task scheduling component, and a first data proxy component; the second business device may include a third task scheduling component and a second data proxy component; the third business device includes a security sandbox and a first task scheduling component, and the security sandbox includes a computing task component and a security proxy component.

其中,任务提交组件可以用于生成计算任务请求,并将计算任务请求同步至第一任务调度组件、第二任务调度组件以及第三任务调度组件。Among them, the task submission component can be used to generate a computing task request and synchronize the computing task request to the first task scheduling component, the second task scheduling component and the third task scheduling component.

其中,第二任务调度组件可以用于在接收到计算任务请求之后,启动第一数据代理组件;第一数据代理组件中存储有第一业务方的业务数据,第一数据代理组件用于对第一业务方的业务数据进行加密,得到第一业务方的加密业务数据,并将第一业务方的加密业务数据同步给安全代理组件。Among them, the second task scheduling component can be used to start the first data proxy component after receiving a computing task request; the first data proxy component stores the business data of the first business party, and the first data proxy component is used to encrypt the business data of the first business party, obtain the encrypted business data of the first business party, and synchronize the encrypted business data of the first business party to the security proxy component.

其中,第三任务调度组件可以用于在接收到计算任务请求之后,启动第二数据代理组件;第二数据代理组件中存储有第二业务方的业务数据,第二数据代理组件用于对第二业务方的业务数据进行加密,得到第二业务方的加密业务数据,并将第二业务方的加密业务数据同步给安全代理组件。Among them, the third task scheduling component can be used to start the second data proxy component after receiving a computing task request; the second data proxy component stores the business data of the second business party, and the second data proxy component is used to encrypt the business data of the second business party, obtain the encrypted business data of the second business party, and synchronize the encrypted business data of the second business party to the security proxy component.

其中,针对业务数据的加密对应加密方式可以是由可信第三方与第一业务方、第二业务方分别协商的,即针对第一业务方的业务数据的加密方式可以是由第一业务方与可信第三方协商的,这样第一业务方的加密业务数据只能被可信第三方以及第一业务方解密。针对第二业务方的业务数据的加密方式可以是由第二业务方与可信第三方协商的,这样第二业务方的加密业务数据只能被可信第三方以及第二业务方解密,这样有利于确保业务数据的安全性。Among them, the encryption method corresponding to the encryption of the business data can be negotiated by the trusted third party and the first business party and the second business party respectively, that is, the encryption method for the business data of the first business party can be negotiated by the first business party and the trusted third party, so that the encrypted business data of the first business party can only be decrypted by the trusted third party and the first business party. The encryption method for the business data of the second business party can be negotiated by the second business party and the trusted third party, so that the encrypted business data of the second business party can only be decrypted by the trusted third party and the second business party, which is conducive to ensuring the security of the business data.

其中,加密算法包括非对称加密算法和对称加密算法。非对称加密算法可以是指加密过程和解密过程使用不同的密钥,非对称加密算法的特点是一个密钥(公钥)是公开的,而另一个密钥(私钥)是保密的。公钥用于加密数据,而私钥用于解密数据。非对称加密算法包括RSA(一种非对称加密算法)、背包算法、Rabin(可以视为RSA的一个变种)、密钥交换协议中的公钥加密算法,以及椭圆曲线加密算法(Elliptic Curve Cryptography,ECC)等。对称加密算法可以是指加密过程和解密过程均使用同一个密钥,即该密钥可以称为对称密钥,对称加密算法可以包括数据加密标准(Data Encryption Standard,DES)、高级加密标准(Advanced Encryption Standard,AES)等。Among them, encryption algorithms include asymmetric encryption algorithms and symmetric encryption algorithms. Asymmetric encryption algorithms may refer to different keys used in the encryption process and decryption process. The characteristic of asymmetric encryption algorithms is that one key (public key) is public and the other key (private key) is kept secret. The public key is used to encrypt data, while the private key is used to decrypt data. Asymmetric encryption algorithms include RSA (an asymmetric encryption algorithm), backpack algorithm, Rabin (which can be regarded as a variant of RSA), public key encryption algorithm in key exchange protocol, and Elliptic Curve Cryptography (ECC). Symmetric encryption algorithms may refer to the use of the same key in both the encryption process and the decryption process, that is, the key can be called a symmetric key. Symmetric encryption algorithms may include Data Encryption Standard (DES), Advanced Encryption Standard (AES), etc.

其中,第一任务调度组件可以用于在接收到计算任务请求之后,启动安全代理组件和计算任务组件,并将计算任务请求同步给安全代理组件。安全代理组件可以用于接收第一业务方的加密业务数据和第二业务方的加密业务数据,对第一业务方的加密业务数据和第二业务方的加密业务数据进行解密,得到第一业务方的业务数据和第二业务方的业务数据。计算任务组件可以用于从安全代理组件的服务接口,获取执行文件、第一业务方的业务数据和第二业务方的业务数据,将第一业务方的业务数据和第二业务方的业务数据添加至执行文件中,得到添加后的执行文件,执行添加后的执行文件,得到执行结果。安全代理组件还用于通过服务接口从计算任务组件中获取执行结果,按照第一业务方的第一公钥和第二业务方的第二公钥,对执行结果进行聚合加密,得到加密执行结果,将加密执行结果返回给第一数据代理组件和第二数据代理组件。Among them, the first task scheduling component can be used to start the security proxy component and the computing task component after receiving the computing task request, and synchronize the computing task request to the security proxy component. The security proxy component can be used to receive the encrypted business data of the first business party and the encrypted business data of the second business party, decrypt the encrypted business data of the first business party and the encrypted business data of the second business party, and obtain the business data of the first business party and the business data of the second business party. The computing task component can be used to obtain the execution file, the business data of the first business party and the business data of the second business party from the service interface of the security proxy component, add the business data of the first business party and the business data of the second business party to the execution file, obtain the added execution file, execute the added execution file, and obtain the execution result. The security proxy component is also used to obtain the execution result from the computing task component through the service interface, aggregate and encrypt the execution result according to the first public key of the first business party and the second public key of the second business party, obtain the encrypted execution result, and return the encrypted execution result to the first data proxy component and the second data proxy component.

其中,服务接口可以是指安全代理组件中与计算任务组件进行数据交互的接口。The service interface may refer to an interface in the security proxy component for data interaction with the computing task component.

其中,第二数据代理组件还用于在确定执行文件不能还原出第二业务方的业务数据时,根据第二业务方的第二私钥,对加密执行结果进行解密,得到第二部分解密结果,将第二部分解密结果发送至第一数据代理组件。第一数据代理组件还用于根据第一业务方的第一私钥,对加密执行结果进行解密,得到第一部分解密结果,根据第一部分解密结果和第二部分解密结果,对加密执行结果进行聚合解密,得到执行结果。The second data proxy component is also used to decrypt the encrypted execution result according to the second private key of the second business party when it is determined that the execution file cannot restore the business data of the second business party, obtain the second part of the decrypted result, and send the second part of the decrypted result to the first data proxy component. The first data proxy component is also used to decrypt the encrypted execution result according to the first private key of the first business party to obtain the first part of the decrypted result, and aggregate the encrypted execution result according to the first part of the decrypted result and the second part of the decrypted result to obtain the execution result.

综上,本申请中的数据处理系统具有如下有益效果:1、通过可信第三方与数据提供方所协商的加密算法,对业务数据进行加密,这样确保加密业务数据仅可信第三方和数据提供方可解密,提高业务数据的安全性。In summary, the data processing system in the present application has the following beneficial effects: 1. The business data is encrypted through an encryption algorithm negotiated by a trusted third party and a data provider, thereby ensuring that the encrypted business data can only be decrypted by a trusted third party and a data provider, thereby improving the security of the business data.

2、通过对执行结果进行聚合加密,任何一方仅能对加密执行结果进行部分解密,各方(即第一业务方和第二业务方)将各自部分解密的结果汇聚后,才能得到最终的执行结果,即只有在第二业务方将第二部分解密结果发送至第一业务方之后,第一业务方的业务设备才能解密得到最终的执行结果。换言之,在第二业务方授权同意的情况下,第一业务方才能得到执行结果,可确保第一业务方和第二业务方针对执行结果的共有所有权,确保执行安全可控,提高执行结果的安全性。2. By encrypting the execution results in aggregate, any party can only partially decrypt the encrypted execution results. After the parties (i.e., the first business party and the second business party) aggregate their partial decryption results, they can get the final execution result. That is, only after the second business party sends the second part of the decrypted result to the first business party, the business equipment of the first business party can decrypt and get the final execution result. In other words, the first business party can get the execution result only with the authorization and consent of the second business party, which can ensure the shared ownership of the execution result by the first business party and the second business party, ensure the execution is safe and controllable, and improve the security of the execution result.

3、通过安全沙箱中的安全代理组件,实现加密业务数据的解密过程,通过安全沙箱中的计算任务组件,实现业务数据的计算过程,即通过安全沙箱构建安全隔离的数据计算环境,在安全隔离的数据环境中实现针对业务数据的计算过程。在进程级别对计算任务进行计算、存储和网络的隔离,不需要复杂的集群级别的独立部署;也不需要依赖于专用硬件,在现有的通用硬件资源上进行实施,实现高效的数据协作。3. The decryption process of encrypted business data is realized through the security agent component in the security sandbox, and the computing process of business data is realized through the computing task component in the security sandbox, that is, a secure and isolated data computing environment is built through the security sandbox, and the computing process for business data is realized in the secure and isolated data environment. The computing tasks are isolated in computing, storage and network at the process level, without the need for complex independent deployment at the cluster level; nor do they need to rely on dedicated hardware, and can be implemented on existing general hardware resources to achieve efficient data collaboration.

其中,此处的计算任务可以是指针对业务数据的计算操作,在进程级别对计算任务进行计算、存储和网络的隔离可以是指:对计算任务进行计算、存储和网络的隔离均是由上述计算任务组件、安全代理组件对应的进程来实现。Among them, the computing task here can refer to the computing operation on business data, and the isolation of computing, storage and network of computing tasks at the process level can mean: the isolation of computing, storage and network of computing tasks are all realized by the processes corresponding to the above-mentioned computing task components and security agent components.

进一步地,请参见图3,是本申请实施例提供的一种数据处理方法的流程示意图。如图3所示,该方法可由可信第三方对应的设备来执行,可信第三方对应的设备可以是指终端,也可以是指图1中的服务器,还可以是指终端和服务器,本申请中可信第三方对应的设备可以统称为第三业务设备。其中,该方法可以包括如下步骤:Further, please refer to FIG3, which is a flow chart of a data processing method provided by an embodiment of the present application. As shown in FIG3, the method can be executed by a device corresponding to a trusted third party. The device corresponding to the trusted third party can refer to a terminal, or can refer to the server in FIG1, or can refer to a terminal and a server. In the present application, the device corresponding to the trusted third party can be collectively referred to as a third business device. The method can include the following steps:

S101、通过运行在可信第三方的安全沙箱中的安全代理组件,接收第一业务方对应的第一业务设备所发送的计算任务请求。S101. Receive a computing task request sent by a first business device corresponding to a first business party through a security proxy component running in a security sandbox of a trusted third party.

其中,该计算任务请求包括用于对第二业务方的业务数据执行计算操作的执行文件,和该业务数据对应的加密业务数据的第一数据标识。The computing task request includes an execution file for executing a computing operation on the business data of the second business party, and a first data identifier of encrypted business data corresponding to the business data.

在一个实施例中,如图4所示,在执行步骤S101之前,第三业务设备可以执行如下步骤S40~S48:In one embodiment, as shown in FIG. 4 , before executing step S101, the third service device may execute the following steps S40 to S48:

S40、第一业务设备生成第一业务方的第一密钥对,该第一密钥对包括第一私钥和第一公钥;第一公钥可以用于对数据进行加密,第一私钥可以用于对数据进行解密。具体的,第一业务设备可以采用随机算法生成一个第一随机数,将该第一随机数作为第一私钥,获取基础数据的次方,得到第二公钥,为第一私钥。即第一密钥对可以表示为(),为基础数据,为第一公钥,基础数据可以椭圆曲线群的基点,椭圆曲线群可以包括用于生成密钥的椭圆曲线,基础数据可以是指由第一业务方、第二业务方以及可信第三方事先约定的数据。该随机算法可以包括数值概率算法、拉斯维加斯算法(Las Vegas)、蒙特卡罗算法(Monte Carlo)和舍伍德算法(Sherwood)中的任一种。S40: The first service device generates a first key pair for the first service party, the first key pair including a first private key and a first public key; the first public key can be used to encrypt data, and the first private key can be used to decrypt data. Specifically, the first service device can use a random algorithm to generate a first random number, use the first random number as the first private key, and obtain the first private key of the basic data. To the second power, we get the second public key. is the first private key. That is, the first key pair can be expressed as ( ), As basic data, is the first public key, and the basic data can be elliptic curve group The base point of the elliptic curve group may include an elliptic curve for generating a key, and the basic data may refer to data agreed in advance by the first business party, the second business party, and the trusted third party. The random algorithm may include any one of a numerical probability algorithm, a Las Vegas algorithm, a Monte Carlo algorithm, and a Sherwood algorithm.

S41、第二业务设备可以生成第二密钥对;该第二密钥对包括第二私钥和第二公钥;第二公钥可以用于对数据进行加密,第二私钥可以用于对数据进行解密。具体的,第二业务设备可以采用随机算法生成一个第二随机数,将该第二随机数作为第二私钥,获取基础数据的次方,得到第二公钥,为第二私钥,即第二密钥对可以表示为(),为第二公钥。S41. The second service device may generate a second key pair; the second key pair includes a second private key and a second public key; the second public key may be used to encrypt data, and the second private key may be used to decrypt data. Specifically, the second service device may use a random algorithm to generate a second random number, use the second random number as the second private key, and obtain the basic data. To the second power, we get the second public key. is the second private key, that is, the second key pair can be expressed as ( ), The second public key.

S42、第三业务设备生成第三密钥对;该第三密钥对包括第三私钥和第三公钥;第三公钥可以用于对数据进行加密,第三私钥可以用于对数据进行解密。具体的,第三业务设备可以采用随机算法生成一个第三随机数,将该第三随机数作为第三私钥,获取基础数据的次方,得到第三公钥,为第三私钥,即第三密钥对可以表示为(),为第三公钥。S42: The third service device generates a third key pair; the third key pair includes a third private key and a third public key; the third public key can be used to encrypt data, and the third private key can be used to decrypt data. Specifically, the third service device can use a random algorithm to generate a third random number, use the third random number as the third private key, and obtain the basic data. To the second power, we get the third public key. is the third private key, that is, the third key pair can be expressed as ( ), is the third public key.

S43、第一业务设备发送第一业务方的第一公钥至第三业务设备。S43: The first service device sends the first public key of the first service party to the third service device.

S44、第二业务设备发送第二业务方的第二公钥至第三业务设备。S44: The second service device sends the second public key of the second service party to the third service device.

在步骤S43和S44中,第一业务设备可以发送第一业务方的第一公钥至第三业务设备,第二业务设备可以发送第二业务方的第二公钥至第三业务设备;以便第三业务设备可以基于第一公钥和第二公钥对业务数据的执行结果进行聚合加密。此处的聚合加密可以是指多方参与的加密方式,如针对执行结果的聚合加密可以需要第一业务方的第一公钥、第二业务方的第二公钥,即执行结果的聚合加密需要第一业务方和第二业务方参与。In steps S43 and S44, the first business device may send the first public key of the first business party to the third business device, and the second business device may send the second public key of the second business party to the third business device; so that the third business device can aggregate and encrypt the execution result of the business data based on the first public key and the second public key. Aggregate encryption here may refer to an encryption method involving multiple parties, such as aggregate encryption for the execution result may require the first public key of the first business party and the second public key of the second business party, that is, aggregate encryption of the execution result requires the participation of the first business party and the second business party.

S45、第三业务设备发送可信第三方的第三公钥至第一业务设备和第二业务设备;这样当第一业务设备可以基于第三公钥和第一私钥生成第一业务设备与第三业务设备之间的对称密钥,第一业务设备与第三业务设备之间的对称密钥可以用于对第一业务方的业务数据进行加密,以及对第一业务方的加密业务数据进行解密。同理,当第二业务设备可以基于第三公钥和第二私钥生成第二业务设备与第三业务设备之间的对称密钥,第二业务设备与第三业务设备之间的对称密钥可以用于对第二业务方的业务数据进行加密,以及对第二业务方的加密业务数据进行解密。S45. The third business device sends the third public key of the trusted third party to the first business device and the second business device; in this way, when the first business device can generate a symmetric key between the first business device and the third business device based on the third public key and the first private key, the symmetric key between the first business device and the third business device can be used to encrypt the business data of the first business party and decrypt the encrypted business data of the first business party. Similarly, when the second business device can generate a symmetric key between the second business device and the third business device based on the third public key and the second private key, the symmetric key between the second business device and the third business device can be used to encrypt the business data of the second business party and decrypt the encrypted business data of the second business party.

需要说明的是。本申请主要以第二业务设备和第三业务设备之间的对称密钥为例进行说明,即后续提到的对称密钥均是指第二业务设备与第三业务设备之间的对称密钥,对称密钥的具体生成过程可以参考下文描述。It should be noted that this application mainly uses the symmetric key between the second service device and the third service device as an example for explanation, that is, the symmetric key mentioned later refers to the symmetric key between the second service device and the third service device, and the specific generation process of the symmetric key can be referred to the description below.

需要说明的是,加密业务数据可以是指对业务数据进行加密得到的数据,对加密业务数据进行解密能够得到业务数据,业务数据可以是指未经加密的数据。It should be noted that encrypted business data may refer to data obtained by encrypting business data, and business data may be obtained by decrypting encrypted business data. Business data may refer to unencrypted data.

S46、第二业务设备对业务数据进行加密,得到第二业务方的加密业务数据;第二业务设备可以采用第三公钥,对第二业务方的业务数据进行加密,得到第二业务方的加密业务数据;或者,第二业务设备可以采用对称密钥,对第二业务方的业务数据进行加密,得到第二业务方的加密业务数据。S46. The second business device encrypts the business data to obtain the encrypted business data of the second business party. The second business device may use the third public key to encrypt the business data of the second business party to obtain the encrypted business data of the second business party. Alternatively, the second business device may use a symmetric key to encrypt the business data of the second business party to obtain the encrypted business data of the second business party.

S47、第二业务设备生成第二业务方的加密业务数据的数据标识,记为第一数据标识;如对第二业务方的加密业务数据进行哈希运算,得到第二业务方的加密业务数据的哈希值,可以将第二业务方的加密业务数据的哈希值,确定为第一数据标识。该第一数据标识可以用于唯一标识第二业务方的加密业务数据,该第一数据标识也相当于一个授权码,即具有该第一数据标识的业务方具有针对第二业务方的业务数据的请求计算权限,请求计算权限可以是指具有请求可信第三方针对第二业务方的业务数据执行计算操作的权限。S47. The second business device generates a data identifier of the encrypted business data of the second business party, which is recorded as the first data identifier; if a hash operation is performed on the encrypted business data of the second business party to obtain a hash value of the encrypted business data of the second business party, the hash value of the encrypted business data of the second business party can be determined as the first data identifier. The first data identifier can be used to uniquely identify the encrypted business data of the second business party. The first data identifier is also equivalent to an authorization code, that is, the business party with the first data identifier has the request calculation permission for the business data of the second business party. The request calculation permission can refer to the permission to request a trusted third party to perform a calculation operation on the business data of the second business party.

S48、第二业务设备同步第一数据标识至第一业务设备;第二业务设备可以同步第一数据标识至第一业务设备,以授权第一业务方针对第二业务方业务数据的请求计算权限。S48. The second business device synchronizes the first data identifier to the first business device. The second business device may synchronize the first data identifier to the first business device to authorize the first business party to request computing authority for the business data of the second business party.

需要说明的是,第二业务设备还可以生成第二业务方的加密业务数据的第一数据标识的有效期限,将该第一数据标识和有效期限发送至第三业务设备。即时间位于有效期限内,该第一数据标识有效,持有该第一数据标识的业务方具有针对业务数据的请求计算权限;时间超出有效期限内,该第一数据标识失效,持有该第一数据标识的业务方不具有针对业务数据的请求计算权限。It should be noted that the second business device can also generate the validity period of the first data identifier of the encrypted business data of the second business party, and send the first data identifier and the validity period to the third business device. That is, if the time is within the validity period, the first data identifier is valid, and the business party holding the first data identifier has the request calculation permission for the business data; if the time exceeds the validity period, the first data identifier becomes invalid, and the business party holding the first data identifier does not have the request calculation permission for the business data.

同理,第一业务设备可以对第一业务方的业务数据进行加密,得到第一业务方的加密业务数据,获取第一业务方的加密业务数据的第二数据标识,将第一业务方的加密业务数据的第二数据标识同步至第二业务设备,以授权第二业务方具有针对第一业务方的业务数据的请求计算权限。Similarly, the first business device can encrypt the business data of the first business party, obtain the encrypted business data of the first business party, obtain the second data identifier of the encrypted business data of the first business party, and synchronize the second data identifier of the encrypted business data of the first business party to the second business device to authorize the second business party to have the request computing authority for the business data of the first business party.

基于上述步骤S40~S48,通过第一业务方、第二业务方与可信第三方进行公钥交换,这样有利于后续对执行结果的聚合加密、对加密业务数据的解密。Based on the above steps S40 to S48, the first business party, the second business party and the trusted third party exchange public keys, which is conducive to the subsequent aggregate encryption of the execution results and the decryption of the encrypted business data.

在第一业务设备获取到第二业务方的加密业务数据的第一数据标识之后,可以向运行在可信第三方的安全沙箱中的安全代理组件,发送计算任务请求;第三业务设备可以通过任务调度组件接收该计算任务请求,通过该任务调度组件将计算任务请求发送至安全代理组件。该计算任务请求用于指示对第二业务方的业务数据执行计算操作,该计算任务请求携带用于对第二业务方的业务数据执行计算操作的执行文件,以及业务数据对应的加密业务数据的第一数据标识;该计算任务请求还可以携带第一业务方的对象信息、执行业务数据所需要的参数以及第一业务方的加密业务数据的第二数据标识。如第一业务方为机构时,该对象信息可以包括机构的名称、信用代码、注册时间等,当第一业务方为用户(即个人)时,对象信息可以包括用户的名称等信息。After the first business device obtains the first data identifier of the encrypted business data of the second business party, it can send a computing task request to the security proxy component running in the security sandbox of the trusted third party; the third business device can receive the computing task request through the task scheduling component, and send the computing task request to the security proxy component through the task scheduling component. The computing task request is used to indicate the execution of a computing operation on the business data of the second business party. The computing task request carries an execution file for executing the computing operation on the business data of the second business party, and the first data identifier of the encrypted business data corresponding to the business data; the computing task request can also carry the object information of the first business party, the parameters required to execute the business data, and the second data identifier of the encrypted business data of the first business party. If the first business party is an institution, the object information may include the name of the institution, the credit code, the registration time, etc. When the first business party is a user (i.e., an individual), the object information may include the name of the user and other information.

其中,第一业务设备向第三业务设备发送计算任务请求的过程,相当于启动计算任务的过程,如图5所示,第一业务设备包括任务提交组件、第二任务调度组件、第一数据代理组件,第二业务设备包括第三任务调度组件、第二数据代理组件,第三业务设备包括第一任务调度组件、安全代理组件、计算任务组件。该启动计算任务的过程包括如下步骤S51~S57:The process of the first business device sending a computing task request to the third business device is equivalent to the process of starting a computing task. As shown in FIG5 , the first business device includes a task submission component, a second task scheduling component, and a first data proxy component. The second business device includes a third task scheduling component and a second data proxy component. The third business device includes a first task scheduling component, a security proxy component, and a computing task component. The process of starting a computing task includes the following steps S51 to S57:

S51、任务提交组件向第二任务调度组件发起计算任务请求;当第一业务方需要请求对第二业务方的业务数据执行计算操作时,任务提交组件可以生成计算任务请求,向第二任务调度组件发起计算任务请求。S51, the task submission component initiates a computing task request to the second task scheduling component; when the first business party needs to request to perform a computing operation on the business data of the second business party, the task submission component can generate a computing task request and initiate the computing task request to the second task scheduling component.

S52、第二任务调度组件同步该计算任务请求至第三任务调度组件。S52: The second task scheduling component synchronizes the computing task request to the third task scheduling component.

S53、第二任务调度组件同步该计算任务请求至第一任务调度组件。S53: The second task scheduling component synchronizes the computing task request to the first task scheduling component.

S54、第二任务调度组件启动第一数据代理组件。S54: The second task scheduling component starts the first data proxy component.

在步骤S52~S53中,第二任务调度组件在接收到计算任务请求之后,可以将该计算任务请求分别同步至第二业务设备的第三任务调度组件,和第三业务设备的第一任务调度组件。当第一业务设备也需要同步第一业务方的业务数据至第三业务设备时,第二任务调度组件可以启动第一数据代理组件,以便第一数据代理组件同步第一业务方的加密业务数据至第三业务设备。此处的启动第一数据代理组件可以是指运行第一数据代理组件,以使第一数据代理组件处于工作状态。In steps S52-S53, after receiving the computing task request, the second task scheduling component can synchronize the computing task request to the third task scheduling component of the second business device and the first task scheduling component of the third business device respectively. When the first business device also needs to synchronize the business data of the first business party to the third business device, the second task scheduling component can start the first data proxy component so that the first data proxy component synchronizes the encrypted business data of the first business party to the third business device. Starting the first data proxy component here can refer to running the first data proxy component so that the first data proxy component is in working state.

S55、第三任务调度组件启动第二数据代理组件;在第三任务调度组件接收到该计算任务请求之后,可以运行第二数据代理组件,以便第二数据代理组件同步第二业务方的加密业务数据至第三业务设备。S55. The third task scheduling component starts the second data proxy component. After the third task scheduling component receives the computing task request, the second data proxy component can be run so that the second data proxy component synchronizes the encrypted business data of the second business party to the third business device.

S56、第一任务调度组件启动安全代理组件。S56: The first task scheduling component starts the security proxy component.

S57、第一任务调度组件启动计算任务组件。S57: The first task scheduling component starts the computing task component.

在步骤S56和S57中,在第一任务调度组件接收到该计算任务请求之后,可以运行安全代理组件和计算任务组件,以便安全代理组件能够接收到第二数据代理组件、第一数据代理组件所同步的加密业务数据,并对加密业务数据进行解密,计算任务组件能够对业务数据执行计算操作。In steps S56 and S57, after the first task scheduling component receives the computing task request, the security agent component and the computing task component can be run so that the security agent component can receive the encrypted business data synchronized by the second data agent component and the first data agent component, and decrypt the encrypted business data, and the computing task component can perform computing operations on the business data.

S102、通过上述安全代理组件,根据上述第一数据标识,从上述第二业务方对应的第二业务设备中获取上述第二业务方的加密业务数据,对上述第二业务方的加密业务数据进行解密,得到上述第二业务方的业务数据。S102. Obtain the encrypted business data of the second business party from the second business device corresponding to the second business party through the security proxy component according to the first data identifier, decrypt the encrypted business data of the second business party, and obtain the business data of the second business party.

本申请中,安全代理组件接收到计算任务请求之后,可以根据该计算任务请求验证第一业务方是否具有针对业务数据的请求计算权限,具体的,安全代码组件可以查询该第一数据标识的有效期限,在当前时间未在有效期限内时,确定上述第一业务方不具有针对上述业务数据的请求计算权限。在当前时间位于有效期限内时,确定上述第一业务方具有针对上述业务数据的请求计算权限,可以将该计算任务请求发送至第二业务设备,由第二业务设备向安全代理组件返回第二业务方的加密业务数据,对该第二业务方的加密业务数据进行解密,得到第二业务方的业务数据。通过在安全沙箱中的安全代理组件,对加密业务数据进行解密,这样可以避免业务数据被泄露,提高业务数据的安全性。In the present application, after receiving the computing task request, the security proxy component can verify whether the first business party has the request computing authority for the business data based on the computing task request. Specifically, the security code component can query the validity period of the first data identifier. When the current time is not within the validity period, it is determined that the first business party does not have the request computing authority for the business data. When the current time is within the validity period, it is determined that the first business party has the request computing authority for the business data. The computing task request can be sent to the second business device, and the second business device returns the encrypted business data of the second business party to the security proxy component, and the encrypted business data of the second business party is decrypted to obtain the business data of the second business party. By decrypting the encrypted business data in the security proxy component in the security sandbox, the business data can be prevented from being leaked and the security of the business data can be improved.

特别地,当第一业务方为机构时,安全代理组件可以基于计算任务请求中的对象信息,查询第一业务方对应的机构的经营状态。如果经营状态为正常状态时,确定上述第一业务方具有针对上述业务数据的请求计算权限;如果经营状态为异常状态时,确定上述第一业务方不具有针对上述业务数据的请求计算权限。异常状态可以是指注册地址异常、存在漏缴税收的情况,正常状态可以是指未出现注册地址异常、漏缴税收的情况。In particular, when the first business party is an institution, the security proxy component can query the business status of the institution corresponding to the first business party based on the object information in the computing task request. If the business status is normal, it is determined that the first business party has the request computing authority for the business data; if the business status is abnormal, it is determined that the first business party does not have the request computing authority for the business data. The abnormal state may refer to the situation where the registered address is abnormal or there is tax evasion, and the normal state may refer to the situation where there is no abnormal registered address or tax evasion.

在一个实施例中,上述第二业务方的加密业务数据是对上述第二业务方的业务数据的密文数据和第一坐标值进行拼接得到的,上述第二业务方的业务数据的密文数据是根据对称密钥对上述第二业务方的业务数据进行加密得到的,即业务数据的密文数据可以是指经加密的业务数据。第一坐标值为椭圆曲线群上与基础数据关联的坐标值,即第一坐标值为将基础数据映射至椭圆曲线群中的椭圆曲线上的点在横轴上的坐标值。In one embodiment, the encrypted business data of the second business party is obtained by concatenating the ciphertext data of the business data of the second business party and the first coordinate value. The ciphertext data of the business data of the second business party is obtained by encrypting the business data of the second business party according to the symmetric key, that is, the ciphertext data of the business data may refer to the encrypted business data. The first coordinate value is the coordinate value associated with the basic data on the elliptic curve group, that is, the first coordinate value is the coordinate value of the point on the elliptic curve in the elliptic curve group that maps the basic data to the horizontal axis.

上述对上述第二业务方的加密业务数据进行解密,得到上述第二业务方的业务数据,包括:第三业务设备可以根据第二业务方的业务数据的密文数据和第一坐标值的拼接顺序,和密文数据的数据长度,对该第二业务方的加密业务数据进行拆分,得到该第二业务方的业务数据的密文数据和该第一坐标值。第三业务设备可以根据上述第一坐标值、该第二公钥、该可信第三方的第三私钥,生成该椭圆曲线群上与上述第三私钥关联的第二坐标值和第三坐标值。根据上述第一坐标值、上述第二坐标值和上述第三坐标值、上述第一公钥、该第三私钥对应的第三公钥,生成对称密钥;根据上述对称密钥,对上述第二业务方的业务数据的密文数据进行解密,得到该第二业务方的业务数据。通过安全代理组件,在沙箱中对加密业务数据进行解密,可以避免未经加密的业务数据被非法业务方获取,提高业务数据的安全性。The above-mentioned decryption of the encrypted business data of the second business party to obtain the business data of the second business party includes: the third business device can split the encrypted business data of the second business party according to the splicing order of the ciphertext data of the business data of the second business party and the first coordinate value, and the data length of the ciphertext data, to obtain the ciphertext data of the business data of the second business party and the first coordinate value. The third business device can generate the second coordinate value and the third coordinate value associated with the third private key on the elliptic curve group according to the first coordinate value, the second public key, and the third private key of the trusted third party. A symmetric key is generated according to the first coordinate value, the second coordinate value and the third coordinate value, the first public key, and the third public key corresponding to the third private key; according to the symmetric key, the ciphertext data of the business data of the second business party is decrypted to obtain the business data of the second business party. By decrypting the encrypted business data in the sandbox through the security proxy component, it is possible to prevent the unencrypted business data from being obtained by illegal business parties, thereby improving the security of the business data.

其中,第二业务方的业务数据的密文数据和第一坐标值的拼接顺序,和业务数据的密文数据的数据长度可以是指第二业务方与可信第三方预先约定的,如拼接顺序为第一坐标值拼接在业务数据的密文数据之后,业务数据的密文数据的数据长度为L1,那么,第二业务方的加密业务数据中前L1位为业务数据的密文数据,L1位之后的数据为第一坐标值。Among them, the concatenation order of the ciphertext data of the business data of the second business party and the first coordinate value, and the data length of the ciphertext data of the business data may refer to the pre-agreed agreement between the second business party and the trusted third party. For example, if the concatenation order is that the first coordinate value is concatenated after the ciphertext data of the business data, and the data length of the ciphertext data of the business data is L1, then the first L1 bits in the encrypted business data of the second business party are the ciphertext data of the business data, and the data after the L1 bit is the first coordinate value.

其中,第二坐标值为将第三私钥映射至椭圆曲线群中的椭圆曲线上的点在纵轴上的坐标值,第三坐标值为将第三私钥映射至椭圆曲线群中的椭圆曲线上的点在竖轴上的坐标值,基础数据所映射至椭圆曲线群中的椭圆曲线上的点与第三私钥所映射至椭圆曲线群中的椭圆曲线上的点为同一坐标点。Among them, the second coordinate value is the coordinate value of the point on the vertical axis that maps the third private key to the elliptic curve in the elliptic curve group, the third coordinate value is the coordinate value of the point on the vertical axis that maps the third private key to the elliptic curve in the elliptic curve group, and the point on the elliptic curve in the elliptic curve group mapped to the basic data and the point on the elliptic curve in the elliptic curve group mapped to the third private key are the same coordinate point.

例如,第二业务方的加密业务数据可以表示为如下公式(1):For example, the encrypted business data of the second business party can be expressed as the following formula (1):

(1) (1)

其中,公式(1)中的为第二业务方的加密业务数据,为第一坐标值,为业务数据的密文数据,为拼接,第三业务设备可以对进行拆分,得到,和为第二业务方的业务数据。基于如下公式(2)计算得到第二坐标值和第三坐标值:Among them, in formula (1) The encrypted business data of the second business party, is the first coordinate value, is the ciphertext data of the business data, For splicing, the third service equipment can Split it and get ,and , is the business data of the second business party. The second coordinate value and the third coordinate value are calculated based on the following formula (2):

(2) (2)

其中,公式(2)中的为第二坐标值,为第三坐标值,即第二坐标值为第一坐标值的次方,第三坐标值为次方。基于如下公式(3)计算得到第二业务方与可信第三方之间的对称密钥:Among them, in formula (2) is the second coordinate value, is the third coordinate value, that is, the second coordinate value is the first coordinate value The third coordinate value is of The symmetric key between the second business party and the trusted third party is calculated based on the following formula (3):

(3) (3)

其中,公式(3)中的为对称密钥,为哈希运算,调用对称解密算法进行解密,得到第二业务方的业务数据。Among them, in formula (3) is a symmetric key, For hash operation, call the symmetric decryption algorithm right Decryption is performed to obtain the business data of the second business party.

S103、通过运行在上述安全沙箱中的计算任务组件,根据上述执行文件,对上述第二业务方的业务数据执行计算操作,得到执行结果。S103. Perform a computing operation on the business data of the second business party according to the execution file by running the computing task component in the security sandbox to obtain an execution result.

本申请中,在安全代理组件获取到业务数据和执行文件之后,可以将执行文件和业务数据发送至运行在上述安全沙箱中的计算任务组件,通过计算任务组件,将第二业务方的业务数据添加至执行文件中,执行添加后的执行文件,得到执行结果;实现关于业务数据的计算任务完全隔离的环境(即安全沙箱)下运行,提高业务数据的安全性。In the present application, after the security proxy component obtains the business data and execution file, the execution file and business data can be sent to the computing task component running in the above-mentioned security sandbox. Through the computing task component, the business data of the second business party is added to the execution file, and the added execution file is executed to obtain the execution result; the computing tasks related to the business data are implemented in a completely isolated environment (i.e., the security sandbox), thereby improving the security of the business data.

在一个实施例中,上述S103包括:计算任务请求还包括第一业务方的加密业务数据的第二数据标识,第三业务设备可以基于第一业务方的加密业务数据的第二数据标识,从第一业务设备中获取第一业务方的加密业务数据,对第一业务方的加密业务数据进行解密,得到第一业务方的业务数据,将第一业务方的业务数据和第二业务方的业务数据添加至执行文件中,得到添加后的执行文件,执行添加执行文件,得到执行结果。In one embodiment, the above S103 includes: the computing task request also includes a second data identifier of the encrypted business data of the first business party; the third business device can obtain the encrypted business data of the first business party from the first business device based on the second data identifier of the encrypted business data of the first business party, decrypt the encrypted business data of the first business party to obtain the business data of the first business party, add the business data of the first business party and the business data of the second business party to the execution file to obtain the added execution file, execute the added execution file, and obtain the execution result.

其中,第一业务方的加密业务数据可以是基于第三公钥对第一业务方的业务数据进行加密得到的,这时,第三业务设备可以基于第三私钥,对第一业务方的加密业务数据进行解密,得到第一业务方的业务数据。或者,第一业务方的加密业务数据可以是基于对称密钥对第一业务方的业务数据进行加密得到的,第三业务设备可以基于对称密钥,对第一业务方的加密业务数据进行解密,得到第一业务方的业务数据。此处的对称密钥可以是指第一业务方与可信第三方之间的对称密钥,基于对称密钥,对第一业务方的加密业务数据的解密过程,可以参考上述基于对称密钥,对第二业务方的加密业务数据的解密过程。Among them, the encrypted business data of the first business party can be obtained by encrypting the business data of the first business party based on the third public key. At this time, the third business device can decrypt the encrypted business data of the first business party based on the third private key to obtain the business data of the first business party. Alternatively, the encrypted business data of the first business party can be obtained by encrypting the business data of the first business party based on a symmetric key. The third business device can decrypt the encrypted business data of the first business party based on the symmetric key to obtain the business data of the first business party. The symmetric key here can refer to the symmetric key between the first business party and the trusted third party. The decryption process of the encrypted business data of the first business party based on the symmetric key can refer to the above-mentioned decryption process of the encrypted business data of the second business party based on the symmetric key.

需要说明的是,镜像文件可以是对业务数据执行计算操作的代码进行压缩处理得到的;当执行文件为用于对业务数据执行计算操作的代码对应的镜像文件时,可信第三方可以对镜像文件进行解压缩处理,得到用于对业务数据执行计算操作的代码,将业务数据添加至代码中,得到添加后的执行文件。It should be noted that the image file can be obtained by compressing the code that performs computing operations on the business data; when the execution file is a mirror file corresponding to the code used to perform computing operations on the business data, the trusted third party can decompress the image file to obtain the code used to perform computing operations on the business data, add the business data to the code, and obtain the added execution file.

在一个实施例中,在上述联邦学习中,该业务数据为训练数据,执行文件为待训练的初始机器学习模型,针对业务数据的计算操作,可以是对训练数据进行识别,得到训练数据的识别标签,执行结果可以是指基于训练数据训练得到的机器学习模型。具体的,将该训练数据输入至初始机器学习模型中,通过初始机器学习模型对训练数据进行识别,得到识别标签,根据训练数据的识别标签和标注标签,对初始机器学习模型进行训练,得到已训练的机器学习模型。In one embodiment, in the above-mentioned federated learning, the business data is the training data, the execution file is the initial machine learning model to be trained, the calculation operation on the business data may be to identify the training data and obtain the identification label of the training data, and the execution result may refer to the machine learning model trained based on the training data. Specifically, the training data is input into the initial machine learning model, the training data is identified by the initial machine learning model to obtain the identification label, and the initial machine learning model is trained according to the identification label and the annotation label of the training data to obtain the trained machine learning model.

其中,识别标签可以是指由初始机器学习模型对训练数据进行识别得到的标签,标注标签可以是指人工对训练数据进行标注得到的,识别标签、标注标签可以用于反映训练数据的属性特征。Among them, the identification label can refer to the label obtained by the initial machine learning model to identify the training data, and the annotation label can refer to the label obtained by manually annotating the training data. The identification label and the annotation label can be used to reflect the attribute characteristics of the training data.

其中,在联合风控场景下,该训练数据可以包括用户在银行机构、信托机构、基金公司等中的交易数据,训练数据的识别标签和标注标签反映用户存在金融异常行为,或者,反映用户不存在金融异常行为;已训练的机器学习模型可以用于实现风控管理,如识别用户是否存在金融异常行为。Among them, in the joint risk control scenario, the training data may include the transaction data of users in banking institutions, trust institutions, fund companies, etc. The identification labels and annotation labels of the training data reflect whether the user has abnormal financial behavior, or reflect that the user does not have abnormal financial behavior; the trained machine learning model can be used to implement risk control management, such as identifying whether the user has abnormal financial behavior.

其中,联合广告场景下,训练数据可以包括广告平台所提供的用户针对广告内容的广告行为数据,产品商家所提供的用户针对产品的购买行为数据,训练数据的识别标签和标注标签包括用户感兴趣的广告内容,已训练的机器学习模型可以生成用户感兴趣的广告内容。Among them, in the joint advertising scenario, the training data may include the advertising behavior data of users in response to advertising content provided by the advertising platform, the purchasing behavior data of users in response to products provided by product merchants, and the identification labels and annotation labels of the training data include advertising content that users are interested in. The trained machine learning model can generate advertising content that users are interested in.

其中,联合营销场景下,训练数据可以包括营销机构所提供的用户的基础信息;产品商家所提供的用户针对产品的购买行为数据,训练数据的识别标签和标注标签包括产品的营销策略,已训练的机器学习模型可以生成产品的营销策略。Among them, in the joint marketing scenario, the training data may include the basic information of users provided by the marketing agency; the purchasing behavior data of users for products provided by product merchants; the identification labels and annotation labels of the training data include the marketing strategies of the products; and the trained machine learning model can generate the marketing strategies of the products.

其中,在联合查询或匿踪查询中,业务数据为联合查询或匿踪查询所查询得到的查询结果,执行文件可以用于指示对查询结果进行去重处理、统计处理等,针对业务数据的计算操作可以是指对查询结果进行去重处理、统计处理等,执行结果可以是指处理后的查询结果。Among them, in a joint query or an anonymous query, the business data is the query result obtained by the joint query or the anonymous query, the execution file can be used to instruct deduplication processing, statistical processing, etc. of the query results, the calculation operation on the business data can refer to deduplication processing, statistical processing, etc. of the query results, and the execution result can refer to the processed query result.

例如,第一业务方的计算任务请求还携带查询条件,查询条件指示查询某个公司在2023年的年利润,业务数据包括从该公司(第二业务方)查询到的该公司在2023年的总收益、总支出;针对业务数据的计算操作可以是指对该公司在2023年的总收益与总支出进行相减处理,得到该公司在2023年的年利润,即该公司在2023年的年利润为执行结果。For example, the computing task request of the first business party also carries a query condition, which indicates to query the annual profit of a company in 2023. The business data includes the total revenue and total expenditure of the company in 2023 queried from the company (the second business party); the calculation operation on the business data can refer to subtracting the total revenue and total expenditure of the company in 2023 to obtain the annual profit of the company in 2023, that is, the annual profit of the company in 2023 is the execution result.

特别地,该查询结果可以作为上述训练数据,以对初始机器学习模型进行训练,此时的执行结果可以是指已训练的机器学习模型。In particular, the query result can be used as the above-mentioned training data to train the initial machine learning model, and the execution result at this time may refer to the trained machine learning model.

S104、通过上述安全代理组件,根据上述第一业务方的第一公钥和上述第二业务方的第二公钥,对上述执行结果进行聚合加密,得到加密执行结果,将上述加密执行结果发送至上述第一业务设备和第二业务设备。S104. Perform aggregate encryption on the execution result through the security proxy component according to the first public key of the first business party and the second public key of the second business party to obtain an encrypted execution result, and send the encrypted execution result to the first business device and the second business device.

本申请中,通过对执行结果进行聚合加密,只有在第一业务方和第二业务方均参与到解密过程中,才能得到最终的执行结果,这样有利于确保数据协作结果(即执行结果)的共同所有权,可确保执行结果的安全可控,无须复杂的人工审核。In this application, by performing aggregate encryption on the execution results, the final execution result can only be obtained when both the first business party and the second business party participate in the decryption process. This is conducive to ensuring the common ownership of the data collaboration results (i.e., the execution results) and ensuring the security and controllability of the execution results without the need for complex manual review.

其中,上述第一业务设备用于根据第一部分解密结果和第二部分解密结果,对上述加密执行结果进行聚合解密,得到上述执行结果,上述第一部分解密结果是由上述第一业务设备基于上述第一公钥对应的第一私钥对上述加密执行结果进行解密得到的,上述第二部分解密结果是上述第二业务设备在确定基于上述执行文件不能还原出上述第二业务方的业务数据时,发送至上述第一业务设备的,且上述第二部分解密结果是基于上述第二公钥对应的第二私钥,对上述加密执行结果进行解密得到的。Among them, the above-mentioned first business device is used to aggregately decrypt the above-mentioned encrypted execution result according to the first part of the decryption result and the second part of the decryption result to obtain the above-mentioned execution result. The above-mentioned first part of the decryption result is obtained by the above-mentioned first business device decrypting the above-mentioned encrypted execution result based on the first private key corresponding to the above-mentioned first public key. The above-mentioned second part of the decryption result is sent to the above-mentioned first business device when the above-mentioned second business device determines that the business data of the above-mentioned second business party cannot be restored based on the above-mentioned execution file, and the above-mentioned second part of the decryption result is obtained by decrypting the above-mentioned encrypted execution result based on the second private key corresponding to the above-mentioned second public key.

其中,该第二业务设备中的执行文件是由该第一业务设备或该安全代理组件发送至上述第二业务设备的,如,在第一业务设备发送计算任务请求至第三业务设备的安全代理组件之后,可以将该计算任务请求同步给第二业务设备。或者,可以由安全代理组件,将该计算任务请求同步至第二业务设备,第二业务设备可以从计算任务请求中得到执行文件。The execution file in the second business device is sent to the second business device by the first business device or the security proxy component, such as after the first business device sends the computing task request to the security proxy component of the third business device, the computing task request can be synchronized to the second business device. Alternatively, the computing task request can be synchronized to the second business device by the security proxy component, and the second business device can obtain the execution file from the computing task request.

其中,由于第一业务方提供执行文件,第二业务方提供业务数据,因此,业务数据的执行结果的所有权被第一业务方和第二业务方所共同拥有,即当第二业务设备发送第二部分解密结果至第一业务设备,相当于第二业务方授权第一业务方使用执行结果。当第二业务设备确定基于执行文件能够还原出业务数据时,可以拒绝将第二部分解密结果发送至第一业务设备,这样第一业务设备无法解密出执行结果,这样可以确保执行结果的安全可控。Among them, since the first business party provides the execution file and the second business party provides the business data, the ownership of the execution result of the business data is jointly owned by the first business party and the second business party, that is, when the second business device sends the second part of the decryption result to the first business device, it is equivalent to the second business party authorizing the first business party to use the execution result. When the second business device determines that the business data can be restored based on the execution file, it can refuse to send the second part of the decryption result to the first business device, so that the first business device cannot decrypt the execution result, which can ensure the security and controllability of the execution result.

其中,聚合加密可以是指由第一业务方和第二业务方参与的加密方式,即聚合加密过程需要第一业务方的第一公钥和第二业务方的第二公钥。聚合解密可以是指由第一业务方和第二业务方参与的解密方式,即聚合解密过程需要第一业务方的第一私钥和第二业务方的第二私钥,各个业务方的私钥均由自身管理,因此,聚合解密过程需要第一业务方的部分解密结果和第二业务方的部分解密结果,即仅一个业务方参与不能解密出执行结果。Among them, aggregate encryption can refer to an encryption method in which the first business party and the second business party participate, that is, the aggregate encryption process requires the first public key of the first business party and the second public key of the second business party. Aggregate decryption can refer to a decryption method in which the first business party and the second business party participate, that is, the aggregate decryption process requires the first private key of the first business party and the second private key of the second business party, and the private keys of each business party are managed by themselves. Therefore, the aggregate decryption process requires partial decryption results of the first business party and partial decryption results of the second business party, that is, only one business party participating cannot decrypt the execution result.

其中,加密执行结果可以是指经聚合加密的执行结果,基于执行文件是否能够还原出第二业务方的业务数据可以是根据执行文件的计算复杂度确定的,具体的描述可以参考下文。Among them, the encrypted execution result may refer to the execution result after aggregate encryption. Whether the business data of the second business party can be restored based on the execution file may be determined according to the computational complexity of the execution file. For a specific description, please refer to the following.

其中,第一部分解密结果可以是指基于第一私钥从加密执行结果中解密得到的数据,第二部分解密结果可以是指基于第二私钥从加密执行结果中解密得到的数据,第一部分解密结果和第二部分解密结果均不是最终的执行结果。关于第一部分解密结果和第二部分解密结果的描述可以参考下文。The first part of the decryption result may refer to the data decrypted from the encrypted execution result based on the first private key, and the second part of the decryption result may refer to the data decrypted from the encrypted execution result based on the second private key. Neither the first part of the decryption result nor the second part of the decryption result is the final execution result. For a description of the first part of the decryption result and the second part of the decryption result, please refer to the following.

在一个实施例中,上述通过上述安全代理组件,根据上述第一业务方的第一公钥和上述第二业务方的第二公钥,对上述执行结果进行聚合加密,得到加密执行结果,包括:第三业务设备可以通过上述安全代理组件,对上述第一业务方的第一公钥和上述第二业务方的第二公钥进行相乘处理,得到联合公钥;将联合公钥的r次方,确定为派生公钥。获取基础数据的r次方,得到扩展基础数据;r为上述第一随机数,上述基础数据为用于计算上述第一公钥、上述第二公钥的数据。第三业务设备可以根据上述扩展基础数据、上述派生公钥,对上述执行结果进行聚合加密,得到加密执行结果。通过对执行结果进行聚合加密,以便只有在第一业务方和第二业务方均参与的情况下,才能对加密执行结果进行聚合解密,这样有利于确保执行结果的共有所有权,实现执行结果的安全可控。In one embodiment, the above-mentioned execution result is aggregated and encrypted according to the first public key of the first business party and the second public key of the second business party through the above-mentioned security proxy component to obtain an encrypted execution result, including: the third business device can multiply the first public key of the first business party and the second public key of the second business party through the above-mentioned security proxy component to obtain a joint public key; the rth power of the joint public key is determined as a derived public key. The rth power of the basic data is obtained to obtain the extended basic data; r is the above-mentioned first random number, and the above-mentioned basic data is the data used to calculate the above-mentioned first public key and the above-mentioned second public key. The third business device can aggregate and encrypt the above-mentioned execution result according to the above-mentioned extended basic data and the above-mentioned derived public key to obtain an encrypted execution result. By aggregate encryption of the execution result, the encrypted execution result can be aggregated and decrypted only when both the first business party and the second business party participate, which is conducive to ensuring the shared ownership of the execution result and realizing the security and controllability of the execution result.

在一个实施例,上述根据上述扩展基础数据、上述派生公钥,对上述执行结果进行聚合加密,得到加密执行结果,包括:第三业务设备可以对该派生公钥和该执行结果进行哈希运算,得到哈希值,将该哈希值作为该执行结果的摘要数据。根据该执行结果的数据长度,对上述派生公钥进行扩展处理,得到随机字节流;对上述随机字节流与上述执行结果进行异或处理,得到异或处理结果;对上述扩展基础数据、该摘要数据和上述异或处理结果进行拼接,得到加密执行结果。In one embodiment, the execution result is aggregated and encrypted based on the extended basic data and the derived public key to obtain an encrypted execution result, including: the third service device can perform a hash operation on the derived public key and the execution result to obtain a hash value, and use the hash value as the summary data of the execution result. According to the data length of the execution result, the derived public key is extended to obtain a random byte stream; the random byte stream and the execution result are XORed to obtain an XORed result; the extended basic data, the summary data and the XORed result are concatenated to obtain an encrypted execution result.

其中,随机字节流的数据长度与执行结果的数据长度相同,即随机字节流可以是指按照执行结果的数据长度,在派生公钥中添加随机数得到的。The data length of the random byte stream is the same as the data length of the execution result, that is, the random byte stream may be obtained by adding a random number to the derived public key according to the data length of the execution result.

其中,上述异或处理可以是指将随机字节流与执行结果中相同位置处的两个数据进行比较,当两个数据相同时,该位置的比较结果为0,当两个数据不相同时,位置的比较结果为1,所有位置的比较结果为异或处理结果。例如,随机字节流为0101,执行结果为1011;则异或处理结果为1110。The above XOR processing may refer to comparing the random byte stream with the two data at the same position in the execution result. When the two data are the same, the comparison result of the position is 0, and when the two data are different, the comparison result of the position is 1. The comparison results of all positions are the XOR processing results. For example, if the random byte stream is 0101 and the execution result is 1011, the XOR processing result is 1110.

例如,第三业务设备可以基于如下公式(4)计算得到联合公钥:For example, the third service device may calculate the joint public key based on the following formula (4):

(4) (4)

其中,公式(4)中的为联合公钥,将联合公钥的r次方,作为派生公钥,即该派生公钥可以采用如下公式(5)表示:Among them, in formula (4) The rth power of the joint public key is used as the derived public key, that is, the derived public key can be expressed by the following formula (5):

(5) (5)

其中,公式(5)中的为派生公钥,利用密钥派生函数(Key Derived Function,KDF)将扩展成数据长度与执行结果的数据长度相同的随机字节流。对随机字节流与该执行结果进行异或处理,得到异或处理结果,该异或处理结果可以采用如下公式(6)表示:Among them, in formula (5) To derive the public key, a key derivation function (KDF) is used to convert Expand to a random byte stream with the same data length as the execution result. Perform XOR processing on the random byte stream and the execution result to obtain an XOR processing result, which can be expressed by the following formula (6):

(6) (6)

其中,公式(6)中的为异或处理结果,为执行结果,为随机字节流,为异或处理(即异或计算符号)。对派生公钥和执行结果进行哈希运算,得到该执行结果的摘要数据,该摘要数据可以采用如下公式(7)表示:Among them, in formula (6) is the result of XOR processing, For the execution result, is a random byte stream, is an XOR process (i.e., an XOR calculation symbol). A hash operation is performed on the derived public key and the execution result to obtain the summary data of the execution result. The summary data can be expressed by the following formula (7):

(7) (7)

其中,公式(7)中的表示执行结果的摘要数据,将基础数据的r次方,作为扩展基础数据,将扩展基础数据、摘要数据、该异或处理结果进行拼接,得到加密执行结果,该加密执行结果可以采用如下公式(8)表示:Among them, in formula (7) The summary data representing the execution result is the rth power of the basic data as the extended basic data. The extended basic data, the summary data and the XOR processing result are concatenated to obtain the encrypted execution result. The encrypted execution result can be expressed by the following formula (8):

(8) (8)

其中,公式(8)中的为加密执行结果,为扩展基础数据。Among them, the To encrypt the execution result, To expand the basic data.

在一个实施例中,第三业务设备基于执行文件,对第一业务方的业务数据和第二业务方的业务数据执行计算操作,以执行计算任务,该计算任务的执行过程如图6所示。第一业务设备包括第一数据代理组件,第二业务设备包括第二数据代理组件,第三业务设备包括安全代理组件和计算任务组件。计算任务的执行过程包括如下步骤S61~S69:In one embodiment, the third business device performs a computing operation on the business data of the first business party and the business data of the second business party based on the execution file to perform a computing task. The execution process of the computing task is shown in Figure 6. The first business device includes a first data proxy component, the second business device includes a second data proxy component, and the third business device includes a security proxy component and a computing task component. The execution process of the computing task includes the following steps S61 to S69:

S61、第一数据代理组件发送第一业务方的加密业务数据至安全代理组件;第一数据代理组件可以对第一业务方的业务数据进行加密,得到第一业务方的加密业务数据,如,第一数据代理组件可以根据第三公钥,对第一业务方的业务数据进行加密,得到第一业务方的加密业务数据。将该第一业务方的加密业务数据发送至安全代理组件。S61. The first data proxy component sends the encrypted business data of the first business party to the security proxy component; the first data proxy component can encrypt the business data of the first business party to obtain the encrypted business data of the first business party, such as the first data proxy component can encrypt the business data of the first business party according to the third public key to obtain the encrypted business data of the first business party. The encrypted business data of the first business party is sent to the security proxy component.

S62、第二数据代理组件发送第二业务方的加密业务数据至安全代理组件;第二数据代理组件可以对第二业务方的业务数据进行加密,得到第二业务方的加密业务数据,如,第二数据代理组件可以根据第三公钥,对第二业务方的业务数据进行加密,得到第二业务方的加密业务数据。将该第二业务方的加密业务数据发送至安全代理组件。S62, the second data proxy component sends the encrypted business data of the second business party to the security proxy component; the second data proxy component can encrypt the business data of the second business party to obtain the encrypted business data of the second business party, for example, the second data proxy component can encrypt the business data of the second business party according to the third public key to obtain the encrypted business data of the second business party. The encrypted business data of the second business party is sent to the security proxy component.

S63、安全代理组件发送解密得到的业务数据和执行文件至计算任务组件;如安全代理组件可以对第一业务方的加密业务数据、第二业务方的加密业务数据进行解密,得到第一业务方的业务数据和第二业务方的业务数据。如第一业务方的加密业务数据和第二业务方的加密业务数据均是基于第三公钥加密得到的,安全代理组件可以根据第三私钥,分别对第一业务方的加密业务数据、第二业务方的加密业务数据进行解密,得到第一业务方的业务数据和第二业务方的业务数据。通过安全代理组件的服务接口,将第一业务方和第二业务方的业务数据和执行文件至计算任务组件。S63, the security proxy component sends the decrypted business data and execution file to the computing task component; for example, the security proxy component can decrypt the encrypted business data of the first business party and the encrypted business data of the second business party to obtain the business data of the first business party and the business data of the second business party. If the encrypted business data of the first business party and the encrypted business data of the second business party are both encrypted based on the third public key, the security proxy component can decrypt the encrypted business data of the first business party and the encrypted business data of the second business party respectively according to the third private key to obtain the business data of the first business party and the business data of the second business party. The business data and execution files of the first business party and the second business party are sent to the computing task component through the service interface of the security proxy component.

S64、计算任务组件可以根据执行文件,对业务数据执行计算操作,得到执行结果;计算任务组件可以将第一业务方和第二业务方的业务数据添加至执行文件中,执行添加后的执行文件,得到执行结果。S64. The computing task component may perform computing operations on the business data according to the execution file to obtain an execution result. The computing task component may add the business data of the first business party and the second business party to the execution file, and execute the added execution file to obtain an execution result.

S65、安全代理组件对执行结果进行聚合加密,得到加密执行结果;计算任务组件可以通过服务接口将执行结果返回给安全代理组件,安全代理组件可以按照第一业务方的第一公钥和第二业务方的第二公钥,对执行结果进行聚合加密,得到加密执行结果。S65. The security proxy component aggregates and encrypts the execution results to obtain an encrypted execution result. The computing task component can return the execution result to the security proxy component through the service interface. The security proxy component can aggregate and encrypt the execution results according to the first public key of the first business party and the second public key of the second business party to obtain an encrypted execution result.

S66、安全代理组件将加密执行结果发送至第一数据代理组件。S66. The security proxy component sends the encryption execution result to the first data proxy component.

S67、第一数据代理组件接收并存储加密执行结果。S67. The first data proxy component receives and stores the encryption execution result.

步骤S66~S67中,安全代理组件获取到加密执行结果时,可以将该加密执行结果,发送至第一数据代理组件,第一数据代理组件可以接收该加密执行结果,并存储该加密执行结果,以便第一业务设备可以基于第二业务设备的第二部分解密结果和自身的第一部分解密结果,对加密执行结果进行聚合解密,得到执行结果。In steps S66~S67, when the security proxy component obtains the encrypted execution result, it can send the encrypted execution result to the first data proxy component. The first data proxy component can receive the encrypted execution result and store the encrypted execution result so that the first business device can aggregate and decrypt the encrypted execution result based on the second part of the decryption result of the second business device and its own first part of the decryption result to obtain the execution result.

S68、安全代理组件将加密执行结果发送至第二数据代理组件。S68. The security proxy component sends the encryption execution result to the second data proxy component.

S69、第二数据代理组件接收并存储加密执行结果。S69. The second data proxy component receives and stores the encryption execution result.

步骤S68~S69中,安全代理组件获取到加密执行结果时,可以将该加密执行结果,发送至第二数据代理组件,第二数据代理组件可以接收该加密执行结果,并存储该加密执行结果,以便第二业务设备可以对加密执行结果进行解密,得到第二部分解密结果。In steps S68~S69, when the security proxy component obtains the encrypted execution result, it can send the encrypted execution result to the second data proxy component. The second data proxy component can receive the encrypted execution result and store the encrypted execution result so that the second business device can decrypt the encrypted execution result to obtain the second part of the decrypted result.

在一个实施例中,第三业务设备可以对执行结果划分,得到第一执行子结果和第二执行子结果,如执行结果的数据长度为L3,可以将执行结果的前L4位数据作为第一执行子结果,将执行结果中位于第L4位之后的数据,作为第二执行子结果,L4小于L3。采用第一公钥对第一执行子结果进行加密,得到第一加密执行子结果,将该第一加密子结果发送至第一业务设备。采用第二公钥对第二执行子结果进行加密,得到第二加密执行子结果,将该第二加密子结果发送至第二业务设备。In one embodiment, the third business device can divide the execution result to obtain a first execution sub-result and a second execution sub-result. For example, if the data length of the execution result is L3, the first L4 bits of the execution result can be used as the first execution sub-result, and the data after the L4th bit in the execution result can be used as the second execution sub-result, where L4 is less than L3. The first execution sub-result is encrypted using the first public key to obtain a first encrypted execution sub-result, and the first encrypted sub-result is sent to the first business device. The second execution sub-result is encrypted using the second public key to obtain a second encrypted execution sub-result, and the second encrypted sub-result is sent to the second business device.

第一业务设备可以基于第一私钥,对第一加密子结果进行解密,得到第一执行子结果,接收第二业务设备所发送的第二执行子结果,对第一执行子结果和第二执行子结果进行拼接,得到执行结果。第二业务设备所发送的第二执行子结果是由第二业务设备基于第二私钥,对第二加密子结果进行解密得到的。The first business device can decrypt the first encrypted sub-result based on the first private key to obtain a first execution sub-result, receive the second execution sub-result sent by the second business device, and concatenate the first execution sub-result and the second execution sub-result to obtain an execution result. The second execution sub-result sent by the second business device is obtained by the second business device decrypting the second encrypted sub-result based on the second private key.

本申请中至少具有如下有益效果:(1)在各个业务方对应的可信第三方的安全沙箱中部署安全代理组件和计算任务组件,第二业务方的加密业务数据的解密和计算过程,均是通过安全沙箱中的安全代理组件和计算任务组件实现,即通过安全沙箱实现各个业务方的业务数据流通,不需要为各个业务方创建独立的集群,也不需要依赖于专用硬件,降低业务数据的流通成本,提高业务数据的流通过程的便捷性,且流通过过程不需要人工参与,提高业务数据的流通效率。(2)通过对执行结果进行聚合加密,以使第二业务方确定执行文件不能还原出原始数据(即业务数据)时,才将自身得到的第二部分解密结果发送至第一业务方,这样第一业务方才能基于自身得到的第一部分解密结果和所接收到的第二部分解密结果,对加密执行结果进行聚合解密,得到执行结果,可确保第一业务方、第二业务方针对执行结果的共有所有权,实现执行结果的安全可控,提高执行结果的安全性。The present application has at least the following beneficial effects: (1) Deploy security proxy components and computing task components in the security sandbox of the trusted third party corresponding to each business party, and the decryption and computing process of the encrypted business data of the second business party are all realized through the security proxy components and computing task components in the security sandbox, that is, the business data of each business party is circulated through the security sandbox, and there is no need to create independent clusters for each business party, nor to rely on dedicated hardware, thereby reducing the circulation cost of business data and improving the convenience of the business data circulation process. In addition, the circulation process does not require manual participation, thereby improving the circulation efficiency of business data. (2) By aggregate encryption of the execution results, the second business party will send the second part of the decryption result obtained by itself to the first business party only when it determines that the execution file cannot restore the original data (that is, the business data). In this way, the first business party can aggregate and decrypt the encrypted execution results based on the first part of the decryption result obtained by itself and the second part of the decryption result received to obtain the execution result, which can ensure the shared ownership of the execution results by the first and second business parties, realize the security and controllability of the execution results, and improve the security of the execution results.

进一步地,请参见图7,是本申请实施例提供的另一种数据处理方法的流程示意图。如图7所示,该方法可由第一业务方对应的设备来执行,可信第一业务方对应的设备可以是指图1中的终端,也可以是指图1中的服务器,还可以是指终端和服务器,本申请中第一业务方对应的设备可以统称为第一业务设备。其中,该方法可以包括如下步骤:Further, please refer to Figure 7, which is a flowchart of another data processing method provided by an embodiment of the present application. As shown in Figure 7, the method can be executed by a device corresponding to the first business party, and the device corresponding to the trusted first business party can refer to the terminal in Figure 1, or the server in Figure 1, or the terminal and the server. In the present application, the device corresponding to the first business party can be collectively referred to as the first business device. Among them, the method can include the following steps:

S201、向运行在可信第三方的安全沙箱中的安全代理组件,发送计算任务请求。S201. Send a computing task request to a security proxy component running in a security sandbox of a trusted third party.

其中,上述计算任务请求包括用于对第二业务方的业务数据执行计算操作的执行文件,和上述业务数据对应的加密业务数据的第一数据标识。上述安全代理组件用于根据上述第一数据标识,从上述第二业务方对应的第二业务设备中获取上述第二业务方的加密业务数据,对上述第二业务方的加密业务数据进行解密,得到上述第二业务方的业务数据。The computing task request includes an execution file for executing a computing operation on the business data of the second business party, and a first data identifier of the encrypted business data corresponding to the business data. The security proxy component is used to obtain the encrypted business data of the second business party from the second business device corresponding to the second business party according to the first data identifier, decrypt the encrypted business data of the second business party, and obtain the business data of the second business party.

本申请中,第一业务设备中的任务提交组件可以生成计算任务请求,将该计算任务请求发送至第一业务设备中的任务调度组件,由第一业务设备中的任务调度组件将该计算任务请求同步至第三业务中的任务调度组件。由第三业务中的任务调度组件向安全代理组件转发计算任务请求。In the present application, the task submission component in the first business device can generate a computing task request, send the computing task request to the task scheduling component in the first business device, and the task scheduling component in the first business device synchronizes the computing task request to the task scheduling component in the third business. The task scheduling component in the third business forwards the computing task request to the security proxy component.

S202、接收上述安全代理组件所发送的加密执行结果。S202: Receive the encryption execution result sent by the security proxy component.

其中,上述加密执行结果是由上述安全代理组件根据第一业务方的第一公钥和上述第二业务方的第二公钥,对执行结果进行聚合加密得到的,上述执行结果是运行在上述安全沙箱中的计算任务组件,根据上述执行文件对上述第二业务方的业务数据执行计算操作所得到的。Among them, the above-mentioned encrypted execution result is obtained by the above-mentioned security agent component by aggregately encrypting the execution result according to the first public key of the first business party and the second public key of the above-mentioned second business party, and the above-mentioned execution result is obtained by the computing task component running in the above-mentioned security sandbox, which performs computing operations on the business data of the above-mentioned second business party according to the above-mentioned execution file.

S203、根据上述第一公钥对应的第一私钥,对上述加密执行结果进行解密,得到第一部分解密结果,接收由第二业务方对应的第二业务设备所发送的第二部分解密结果。S203. Decrypt the encryption execution result according to the first private key corresponding to the first public key to obtain a first partial decryption result, and receive a second partial decryption result sent by a second business device corresponding to the second business party.

其中,上述第二部分解密结果是上述第二业务设备在确定基于上述执行文件不能还原出上述第二业务方的业务数据时,发送至上述第一业务方对应的第一业务设备的,且上述第二部分解密结果是基于上述第二公钥对应的第二私钥,对上述加密执行结果进行解密得到的。上述加密执行结果是由上述安全代理组件发送至上述第二业务设备的,上述第二业务设备中的执行文件是由上述第一业务设备或上述安全代理组件发送至上述第二业务设备的。The second part of the decryption result is sent to the first business device corresponding to the first business party when the second business device determines that the business data of the second business party cannot be restored based on the execution file, and the second part of the decryption result is obtained by decrypting the encrypted execution result based on the second private key corresponding to the second public key. The encrypted execution result is sent to the second business device by the security proxy component, and the execution file in the second business device is sent to the second business device by the first business device or the security proxy component.

在一个实施例中,上述根据上述第一公钥对应的第一私钥,对上述加密执行结果进行解密,得到第一部分解密结果,包括:由于加密执行结果是对扩展基础数据、执行结果的摘要数据和异或处理结果进行拼接得到的,因此,第一业务设备可以根据拼接顺序,以及各个数据(即扩展基础数据、执行结果的摘要数据和异或处理结果)的数据长度,从该加密执行结果中提取扩展基础数据。例如,拼接顺序从左到右依次为:扩展基础数据、执行结果的摘要数据、异或处理结果;即执行结果的摘要数据拼接在扩展基础数据之后,异或处理结果拼接在执行结果的摘要数据之后,假设扩展基础数据的数据长度为L2,则加密执行结果的前L2位为扩展基础数据。该扩展基础数据为基础数据的r次方,r为第一随机数,该基础数据为用于计算该第一公钥、上述第二公钥的数据。获取该扩展基础数据的次方,得到第一部分解密结果;为该第一公钥对应的第一私钥。In one embodiment, the encrypted execution result is decrypted according to the first private key corresponding to the first public key to obtain the first part of the decrypted result, including: since the encrypted execution result is obtained by splicing the extended basic data, the summary data of the execution result and the XOR processing result, the first business device can extract the extended basic data from the encrypted execution result according to the splicing order and the data length of each data (i.e., the extended basic data, the summary data of the execution result and the XOR processing result). For example, the splicing order from left to right is: extended basic data, summary data of the execution result, XOR processing result; that is, the summary data of the execution result is spliced after the extended basic data, and the XOR processing result is spliced after the summary data of the execution result. Assuming that the data length of the extended basic data is L2, the first L2 bits of the encrypted execution result are the extended basic data. The extended basic data is the rth power of the basic data, r is a first random number, and the basic data is the data used to calculate the first public key and the second public key. Obtain the extended basic data To the power of , we get the first part of the decryption result; is the first private key corresponding to the first public key.

例如,第一业务设备可以采用如下公式(9)计算得到第一部分解密结果:For example, the first service device may use the following formula (9) to calculate the first part of the decryption result:

(9) (9)

其中,公式(9)中的为第一部分解密结果。Among them, in formula (9) Decryption result for the first part.

同理,第二业务设备根据上述第二公钥对应的第二私钥,对上述加密执行结果进行解密,得到第二部分解密结果,包括:第二业务设备可以根据拼接顺序,以及各个数据(即扩展基础数据、执行结果的摘要数据和异或处理结果)的数据长度,从该加密执行结果中提取扩展基础数据;上述扩展基础数据为基础数据的r次方,r为第一随机数,上述基础数据为用于计算上述第一公钥、上述第二公钥的数据。获取上述扩展基础数据的次方,得到第二部分解密结果;为上述第二公钥对应的第二私钥。Similarly, the second business device decrypts the above-mentioned encrypted execution result according to the second private key corresponding to the above-mentioned second public key to obtain the second part of the decrypted result, including: the second business device can extract the extended basic data from the encrypted execution result according to the splicing order and the data length of each data (i.e., the extended basic data, the summary data of the execution result and the XOR processing result); the above-mentioned extended basic data is the rth power of the basic data, r is the first random number, and the above-mentioned basic data is the data used to calculate the above-mentioned first public key and the above-mentioned second public key. To the power of , we get the second part of the decryption result; It is the second private key corresponding to the above second public key.

例如,第二业务设备可以采用如下公式(10)计算得到第二部分解密结果:For example, the second service device may use the following formula (10) to calculate the second part of the decryption result:

(10) (10)

其中,公式(10)中的为第二部分解密结果。Among them, in formula (10) Decrypt the result for the second part.

S204、根据上述第一部分解密结果和上述第二部分解密结果,对上述加密执行结果进行聚合解密,得到上述执行结果。S204. According to the first part of the decryption results and the second part of the decryption results, the encrypted execution results are aggregated and decrypted to obtain the execution results.

在一个实施例中,上述步骤S204可以包括:第一业务设备可以根据拼接顺序,以及各个数据(即扩展基础数据、执行结果的摘要数据和异或处理结果)的数据长度,从该加密执行结果中,提取该执行结果的摘要数据和异或处理结果;该异或处理结果是对随机字节流与上述执行结果进行异或处理得到的。例如,拼接顺序从左到右依次为:扩展基础数据、执行结果的摘要数据、异或处理结果;即执行结果的摘要数据拼接在扩展基础数据之后,异或处理结果拼接在执行结果的摘要数据之后。假设扩展基础数据的数据长度为5,执行结果的摘要数据的数据长度为10,异或处理结果的数据长度为10;加密执行结果的前5位为扩展基础数据,加密执行结果的第6位到第15位为执行结果的摘要数据,加执行结果的第16位至25位为异或处理结果。对上述第一部分解密结果和上述第二部分解密结果进行相乘处理,得到派生公钥。根据该异或处理结果的数据长度,对上述派生公钥进行扩展处理,得到上述随机字节流;该异或处理结果的数据长度与执行结果的数据长度相同。根据上述异或处理结果、上述随机字节流、上述派生公钥、上述执行结果的摘要数据,确定执行结果。通过第一业务方和第二业务方参与对加密执行结果的聚合解密过程,这样有利于确保执行结果的共有所有权,确保执行结果的安全可控,提高执行结果的安全性。In one embodiment, the above step S204 may include: the first service device may extract the summary data and the XOR processing result of the execution result from the encrypted execution result according to the splicing order and the data length of each data (i.e., the extended basic data, the summary data of the execution result, and the XOR processing result); the XOR processing result is obtained by XOR processing the random byte stream and the above execution result. For example, the splicing order from left to right is: extended basic data, summary data of the execution result, XOR processing result; that is, the summary data of the execution result is spliced after the extended basic data, and the XOR processing result is spliced after the summary data of the execution result. Assume that the data length of the extended basic data is 5, the data length of the summary data of the execution result is 10, and the data length of the XOR processing result is 10; the first 5 bits of the encrypted execution result are the extended basic data, the 6th to 15th bits of the encrypted execution result are the summary data of the execution result, and the 16th to 25th bits of the encrypted execution result are the XOR processing result. The above first part of the decryption result and the above second part of the decryption result are multiplied to obtain a derived public key. According to the data length of the XOR processing result, the derived public key is extended to obtain the random byte stream; the data length of the XOR processing result is the same as the data length of the execution result. The execution result is determined based on the XOR processing result, the random byte stream, the derived public key, and the summary data of the execution result. The first business party and the second business party participate in the aggregate decryption process of the encrypted execution result, which is conducive to ensuring the shared ownership of the execution result, ensuring the security and controllability of the execution result, and improving the security of the execution result.

在一个实施例中,上述根据上述异或处理结果、上述随机字节流、上述派生公钥、上述执行结果的摘要数据,确定执行结果,包括:第一业务设备对上述异或处理结果与该随机字节流进行异或处理,得到初始执行结果;对该初始执行结果和上述派生公钥进行哈希运算,得到哈希运算结果;当该哈希运算结果与上述执行结果的摘要数据匹配时,将上述初始执行结果,确定该业务数据的执行结果。当该哈希运算结果与上述执行结果的摘要数据不匹配时,执行结果解密失败,返回解密失败至第二业务设备,以便重新返回第二部分解密结果。或者,可以向可信第三方对应的第三业务设备返回解密失败,以重新对执行结果进行聚合加密,得到加密执行结果。通过第一业务方和第二业务方参与对加密执行结果的聚合解密过程,这样有利于确保执行结果的共有所有权,确保执行结果的安全可控,提高执行结果的安全性。In one embodiment, the above-mentioned determination of the execution result according to the above-mentioned XOR processing result, the above-mentioned random byte stream, the above-mentioned derived public key, and the summary data of the above-mentioned execution result includes: the first business device performs XOR processing on the above-mentioned XOR processing result and the random byte stream to obtain an initial execution result; performs hash operation on the initial execution result and the above-mentioned derived public key to obtain a hash operation result; when the hash operation result matches the summary data of the above-mentioned execution result, the above-mentioned initial execution result is used to determine the execution result of the business data. When the hash operation result does not match the summary data of the above-mentioned execution result, the execution result fails to be decrypted, and the decryption failure is returned to the second business device so as to return the second part of the decryption result again. Alternatively, the decryption failure can be returned to the third business device corresponding to the trusted third party to re-aggregate and encrypt the execution result to obtain an encrypted execution result. The first business party and the second business party participate in the aggregate decryption process of the encrypted execution result, which is conducive to ensuring the shared ownership of the execution result, ensuring the security and controllability of the execution result, and improving the security of the execution result.

例如,第一业务设备可以基于如下公式(11)计算得到派生公钥:For example, the first service device may calculate the derived public key based on the following formula (11):

(11) (11)

进一步,利用密钥派生函数,将扩展成数据长度与执行结果的数据长度相同的随机字节流,对该异或处理结果与该随机字节流进行异或处理,得到初始执行结果,该初始执行结果可以采用如下公式(12)表示:Further, using the key derivation function, The random byte stream is expanded to have the same data length as the data length of the execution result, and the XOR processing result is XORed with the random byte stream to obtain the initial execution result. The initial execution result can be expressed by the following formula (12):

(12) (12)

其中,公式(12)中的为初始执行结果,为随机字节流,为异或处理结果。对该初始执行结果和上述派生公钥进行哈希运算,得到哈希运算结果,该哈希运算结果可以采用如下公式(13)表示:Among them, in formula (12) is the initial execution result, is a random byte stream, is the XOR processing result. The initial execution result and the above-mentioned derived public key are hashed to obtain a hash operation result, which can be expressed by the following formula (13):

(13) (13)

其中,公式(13)中的表示哈希运算结果,即哈希运算结果为一个哈希值,将哈希运算结果与digest相同时,将确定为执行结果。Among them, in formula (13) Indicates the result of the hash operation, that is, the result of the hash operation is a hash value. If the hash operation result is the same as the digest, Determine the execution result.

例如,针对加密执行结果的解密过程如图8所示,该解密过程包括如下步骤S81~S84:For example, the decryption process for the encryption execution result is shown in FIG8 , and the decryption process includes the following steps S81 to S84:

S81、第一业务设备解密得到第一部分解密结果;即第一业务设备可以根据第一业务方的第一私钥,对加密执行结果进行解密,得到第一部分解密结果,具体实现过程可以参考上文描述。S81. The first business device decrypts to obtain a first part of the decryption result; that is, the first business device can decrypt the encryption execution result according to the first private key of the first business party to obtain the first part of the decryption result. The specific implementation process can refer to the above description.

S82、第二业务设备解密得到第二部分解密结果;即第二业务设备可以根据第二业务方的第二私钥,对加密执行结果进行解密,得到第二部分解密结果,具体实现过程可以参考上文描述。S82. The second business device decrypts to obtain a second part of the decryption result; that is, the second business device can decrypt the encryption execution result according to the second private key of the second business party to obtain the second part of the decryption result. The specific implementation process can refer to the above description.

S83、第二业务设备发送第二部分解密结果至第一业务设备;当第二业务设备确定基于执行文件不能还原出业务数据时,第二业务设备可以将第二部分解密结果发送至第一业务设备,以授权同意第一业务方使用执行结果。S83. The second business device sends the second part of the decryption result to the first business device. When the second business device determines that the business data cannot be restored based on the execution file, the second business device can send the second part of the decryption result to the first business device to authorize the first business party to use the execution result.

S84、第一业务设备根据第一部分解密结果和第二部分解密结果,对加密执行结果进行聚合解密,得到执行结果。S84. The first service device aggregates and decrypts the encrypted execution result according to the first part of the decryption result and the second part of the decryption result to obtain an execution result.

综上,需要在第二业务方授权同意第一业务方使用执行结果的情况下,第一业务设备才能基于第一部分解密结果和第二部分解密结果,对加密执行结果进行聚合解密,得到执行结果。可确保第一业务方、第二业务方针对执行结果的共有所有权,实现执行结果的安全可控,提高业务数据、执行结果的安全性。In summary, only when the second business party authorizes and agrees that the first business party can use the execution result, can the first business device aggregate and decrypt the encrypted execution result based on the first part of the decryption result and the second part of the decryption result to obtain the execution result. This ensures the shared ownership of the execution result by the first and second business parties, realizes the security and controllability of the execution result, and improves the security of business data and execution results.

本申请中,通过第一业务设备从第二业务设备中获取第二部分解密结果,基于第一部分解密结果和第二部分解密结果,对加密执行结果进行解密,得到执行结果,可确保第一业务方、第二业务方针对执行结果的共有所有权,实现执行结果的安全可控,提高执行结果的安全性。In the present application, the second part of the decryption result is obtained from the second business device through the first business device, and the encrypted execution result is decrypted based on the first part of the decryption result and the second part of the decryption result to obtain the execution result. This can ensure the shared ownership of the execution result by the first business party and the second business party, achieve the security and controllability of the execution result, and improve the security of the execution result.

进一步地,请参见图9,是本申请实施例提供的又一种数据处理方法的流程示意图。如图9所示,该方法可由第二业务方对应的设备来执行,可信第二业务方对应的设备可以是指图1中的终端,也可以是指图1中的服务器,还可以是指终端和服务器,本申请中第二业务方对应的设备可以统称为第二业务设备。其中,该方法可以包括如下步骤:Further, please refer to Figure 9, which is a flowchart of another data processing method provided by an embodiment of the present application. As shown in Figure 9, the method can be executed by a device corresponding to the second business party. The device corresponding to the trusted second business party can refer to the terminal in Figure 1, or the server in Figure 1, or the terminal and the server. In the present application, the device corresponding to the second business party can be collectively referred to as the second business device. Among them, the method can include the following steps:

S301、根据计算任务请求中所携带的第一数据标识,向运行在可信第三方的安全沙箱中的安全代理组件,发送第二业务方的加密业务数据。S301. Send encrypted business data of a second business party to a security proxy component running in a security sandbox of a trusted third party according to a first data identifier carried in a computing task request.

其中,上述计算任务请求是由第一业务方对应的第一业务设备发送至上述安全代理组件的,上述计算任务请求包括用于对第二业务方的业务数据执行计算操作的执行文件,和上述业务数据对应的加密业务数据的第一数据标识,上述安全代理组件用于对上述第二业务方的加密业务数据进行解密,得到上述第二业务方的业务数据。Among them, the above-mentioned computing task request is sent by the first business device corresponding to the first business party to the above-mentioned security proxy component, and the above-mentioned computing task request includes an execution file for performing computing operations on the business data of the second business party, and a first data identifier of the encrypted business data corresponding to the above-mentioned business data. The above-mentioned security proxy component is used to decrypt the encrypted business data of the above-mentioned second business party to obtain the business data of the above-mentioned second business party.

本申请中,第二业务设备可以接收第一业务设备所发送的计算任务请求,或者,接收第三业务设备所发送的计算任务请求;根据该计算任务请求中第一数据标识,向运行在可信第三方的安全沙箱中的安全代理组件,发送第二业务方的加密业务数据。In the present application, the second business device can receive a computing task request sent by the first business device, or receive a computing task request sent by the third business device; based on the first data identifier in the computing task request, the second business party's encrypted business data is sent to the security agent component running in the security sandbox of the trusted third party.

S302、接收上述安全代理组件所发送的上述业务数据的加密执行结果。S302: Receive the encryption execution result of the business data sent by the security proxy component.

其中,上述加密执行结果是由上述安全代理组件根据上述第一业务方的第一公钥和上述第二业务方的第二公钥,对执行结果进行聚合加密得到的。上述执行结果是由运行在上述安全沙箱中的计算任务组件,根据上述执行文件,对上述第二业务方的业务数据执行计算操作得到的。The encrypted execution result is obtained by the security proxy component performing aggregate encryption on the execution result according to the first public key of the first business party and the second public key of the second business party. The execution result is obtained by the computing task component running in the security sandbox performing computing operations on the business data of the second business party according to the execution file.

S303、在确定基于上述执行文件不能还原出上述第二业务方的业务数据时,根据上述第二公钥对应的第二私钥,对上述加密执行结果进行解密,得到第二部分解密结果。S303: When it is determined that the business data of the second business party cannot be restored based on the execution file, the encrypted execution result is decrypted according to the second private key corresponding to the second public key to obtain a second part of the decrypted result.

其中,上述第二业务方对应的第二业务设备中的执行文件是由上述第一业务设备或上述安全代理组件发送至上述第二业务设备的。The execution file in the second service device corresponding to the second service party is sent from the first service device or the security proxy component to the second service device.

在一个实施例中,上述确定基于上述执行文件不能还原出上述第二业务方的业务数据,包括:第二业务设备可以从上述执行文件,获取针对该第二业务方的业务数据的计算操作对应的计算信息,计算信息可以包括对第二业务方的业务数据的计算方式、计算时长等。第二业务设备可以根据上述计算信息,确定针对上述第二业务方的业务数据的计算操作对应的计算复杂度;当上述计算复杂度大于复杂度阈值时,确定基于上述执行文件不能还原出上述第二业务方的业务数据。通过针对第二业务方的业务数据的计算复杂度,来判断是否能够从执行文件还原出第二业务方的业务数据,这样避免第一业务方获取到第二业务方未加密的业务数据,提高业务数据的安全性。In one embodiment, the above determination that the business data of the second business party cannot be restored based on the above execution file includes: the second business device can obtain the calculation information corresponding to the calculation operation on the business data of the second business party from the above execution file, and the calculation information may include the calculation method and calculation duration of the business data of the second business party. The second business device can determine the calculation complexity corresponding to the calculation operation on the business data of the second business party based on the above calculation information; when the above calculation complexity is greater than the complexity threshold, it is determined that the business data of the second business party cannot be restored based on the above execution file. By determining the calculation complexity of the business data of the second business party, it is determined whether the business data of the second business party can be restored from the execution file, thereby preventing the first business party from obtaining the unencrypted business data of the second business party and improving the security of the business data.

其中,复杂度阈值可以预设设置的,或者,该复杂度阈值可以是根据应用场景确定的,如在应用场景中第二业务方的业务数据的私密性比较高,则将第一数值,确定为复杂度阈值;在应用场景中第二业务方的业务数据的私密性比较低,则将第二数值,确定为复杂度阈值;第一数值大于第二数值。Among them, the complexity threshold can be preset, or the complexity threshold can be determined according to the application scenario. For example, if the privacy of the business data of the second business party in the application scenario is relatively high, the first value is determined as the complexity threshold; if the privacy of the business data of the second business party in the application scenario is relatively low, the second value is determined as the complexity threshold; the first value is greater than the second value.

其中,当计算信息包括计算时长时,可以根据该计算时长,确定针对上述业务数据的计算操作对应的计算复杂度。即计算时长越长,计算复杂度越高;反之,计算时长越短,计算复杂度越低。当计算信息包括计算方式,以及每种计算方式对应的计算时长,第二业务设备可以获取每种计算方式对应的权重,采用计算方式对的权重,对该计算方式对应的计算时长进行加权,得到加权后的计算时长,对各种计算方式分别对应的加权后的计算时长进行求和,得到针对上述业务数据的计算操作对应的计算复杂度。计算方式对应的权重可以是预先设置的,如相乘、相除计算方式对应的权重大于相减、相加计算方式分别对应的权重。Among them, when the calculation information includes the calculation duration, the calculation complexity corresponding to the calculation operation for the above-mentioned business data can be determined according to the calculation duration. That is, the longer the calculation duration, the higher the calculation complexity; conversely, the shorter the calculation duration, the lower the calculation complexity. When the calculation information includes the calculation method and the calculation duration corresponding to each calculation method, the second business device can obtain the weight corresponding to each calculation method, use the weight of the calculation method to weight the calculation duration corresponding to the calculation method, obtain the weighted calculation duration, sum the weighted calculation durations corresponding to various calculation methods, and obtain the calculation complexity corresponding to the calculation operation for the above-mentioned business data. The weight corresponding to the calculation method can be pre-set, such as the weight corresponding to the multiplication and division calculation methods is greater than the weight corresponding to the subtraction and addition calculation methods.

在一个实施例中,第二业务设备可以根据对象密钥,对第二业务方的业务数据进行加密,得到第二业务方的加密业务数据,具体的,第二业务设备可以根据基础数据、该可信第三方的第三公钥、上述第二私钥,生成对称密钥;将该基础数据的x次方,确定为椭圆曲线群上与该基础数据关联的第一坐标值,x为第二随机数。根据上述对称密钥和上述第一坐标值,对上述第二业务方的业务数据进行加密,得到第二业务方的加密业务数据;对上述第二业务方的加密业务数据进行哈希运算,得到上述第二业务方的加密业务数据的数据标识。将上述加密业务数据的数据标识发送至上述第一业务方对应的第一业务设备,以授权第一业务方针对业务数据的请求计算权限。通过第二业务设备,对业务数据进行加密,这样可以避免业务数据在传输过程中被泄露,提高业务数据的安全性。In one embodiment, the second business device can encrypt the business data of the second business party according to the object key to obtain the encrypted business data of the second business party. Specifically, the second business device can generate a symmetric key according to the basic data, the third public key of the trusted third party, and the second private key; the x-th power of the basic data is determined as the first coordinate value associated with the basic data on the elliptic curve group, and x is a second random number. According to the symmetric key and the first coordinate value, the business data of the second business party is encrypted to obtain the encrypted business data of the second business party; the encrypted business data of the second business party is hashed to obtain the data identifier of the encrypted business data of the second business party. The data identifier of the encrypted business data is sent to the first business device corresponding to the first business party to authorize the first business party to request computing authority for the business data. By encrypting the business data through the second business device, the business data can be prevented from being leaked during transmission, thereby improving the security of the business data.

在一个实施例中,上述根据基础数据、上述可信第三方的第三公钥、上述第二私钥,生成对称密钥,包括:第二业务设备可以将上述可信第三方的第三公钥的x次方,确定为上述椭圆曲线群上与上述第三公钥关联的第二坐标值。将上述可信第三方的第三公钥的次方,得到上述椭圆曲线群上与上述第三公钥关联的第三坐标值;为上述第二私钥。对上述第三公钥、上述第二公钥、上述第一坐标值、上述第二坐标值和上述第三坐标值进行哈希运算,得到对称密钥。通过生成对称密钥,以对业务数据进行加密,这样以便第三业务设备可以基相同的对称密钥对加密业务数据进行解密,提高解密的便捷性。In one embodiment, the generation of the symmetric key based on the basic data, the third public key of the trusted third party, and the second private key includes: the second service device may determine the xth power of the third public key of the trusted third party as the second coordinate value associated with the third public key on the elliptic curve group. to the power, obtaining a third coordinate value associated with the third public key on the elliptic curve group; The second private key is the third public key, the second public key, the first coordinate value, the second coordinate value and the third coordinate value are hashed to obtain a symmetric key. By generating a symmetric key, the service data is encrypted so that the third service device can decrypt the encrypted service data based on the same symmetric key, thereby improving the convenience of decryption.

需要说明的是,此处的第二坐标值为将第三公钥映射至椭圆曲线群中的椭圆曲线上的点在纵轴上的坐标值,第三坐标值为将第三公钥映射至椭圆曲线群中的椭圆曲线上的点在竖轴上的坐标值。由于第三公钥是基于基础数据和第三私钥计算得到的,因此,该椭圆曲线群上与上述第三私钥关联的第二坐标值与该椭圆曲线群上,与上述第三公钥关联的第二坐标值相同;该椭圆曲线群上与上述第三私钥关联的第三坐标值,与该椭圆曲线群上与上述第三公钥关联的第三坐标值相同。It should be noted that the second coordinate value here is the coordinate value of the point on the elliptic curve in the elliptic curve group that maps the third public key to the coordinate value on the vertical axis, and the third coordinate value is the coordinate value of the point on the elliptic curve in the elliptic curve group that maps the third public key to the coordinate value on the vertical axis. Since the third public key is calculated based on the basic data and the third private key, the second coordinate value associated with the third private key on the elliptic curve group is the same as the second coordinate value associated with the third public key on the elliptic curve group; the third coordinate value associated with the third private key on the elliptic curve group is the same as the third coordinate value associated with the third public key on the elliptic curve group.

在一个实施例中,上述根据上述对称密钥和上述第一坐标值,对上述第二业务方的业务数据进行加密,得到第二业务方的加密业务数据,包括:第二业务设备可以根据该对称密钥,对上述第二业务方的业务数据进行加密,得到上述业务数据的密文数据;将上述业务数据的密文数据与上述第一坐标值进行拼接,得到第二业务方的加密业务数据。这样有利于第三业务设备基于加密业务数据中的第一坐标值和自身的私钥,计算得到对称密钥,以对业务数据的密文数据进行解密,得到第二业务方的业务数据,提高解密的便捷性。In one embodiment, the business data of the second business party is encrypted according to the symmetric key and the first coordinate value to obtain the encrypted business data of the second business party, including: the second business device can encrypt the business data of the second business party according to the symmetric key to obtain the ciphertext data of the business data; the ciphertext data of the business data is concatenated with the first coordinate value to obtain the encrypted business data of the second business party. This is conducive to the third business device to calculate the symmetric key based on the first coordinate value in the encrypted business data and its own private key to decrypt the ciphertext data of the business data to obtain the business data of the second business party, thereby improving the convenience of decryption.

例如,第二业务设备可以根据随机算法,生成随机数,根据该随机数、第二私钥、第三公钥计算上述第一坐标值、第二坐标值以及第三坐标值,上述第一坐标值、第二坐标值以及第三坐标值可以采用如下公式(14)表示:For example, the second service device may generate a random number according to a random algorithm, and calculate the first coordinate value, the second coordinate value, and the third coordinate value according to the random number, the second private key, and the third public key. The first coordinate value, the second coordinate value, and the third coordinate value may be expressed by the following formula (14):

(14) (14)

其中,由于第三私钥和第三公钥之间的关系为:(),第二公钥和第二私钥之间的关系为:()。因此,公式(14)中与公式(2)中的为同一值,公式(14)中与公式(2)中的为同一值。第二业务设备可以对上述第三公钥、上述第二公钥、上述第一坐标值、上述第二坐标值和上述第三坐标值进行哈希运算,得到对称密钥,该对称密钥可以采用如上公式(3)表示。调用对称加密算法加密第二业务方的业务数据,得到业务数据的密文数据,对第一坐标值与业务数据的密文数据进行拼接,得到第二业务方的加密业务数据,该第二业务方的加密业务数据可以采用如上公式(1)表示。Among them, since the relationship between the third private key and the third public key is: ( ), the relationship between the second public key and the second private key is: ( ). Therefore, in formula (14) Compared with the formula (2) are the same value, in formula (14) Compared with the formula (2) The second service device can perform a hash operation on the third public key, the second public key, the first coordinate value, the second coordinate value and the third coordinate value to obtain a symmetric key, which can be expressed by the above formula (3). Calling a symmetric encryption algorithm Encrypting the business data of the second business party , obtain the ciphertext data of the business data, concatenate the first coordinate value with the ciphertext data of the business data, and obtain the encrypted business data of the second business party. The encrypted business data of the second business party can be expressed by the above formula (1).

需要说明的是,在第二业务方中,该对称密钥是根据第三公钥、第二私钥、以及第二随机数等参数生成的。因此,如果在某个时刻T该第二私钥被泄露,由于该第二随机数为未知的,这样也不能对第二业务方的加密业务数据进行解密,可确保第二业务方的业务数据的前向安全,前向安全是指确保第二业务方在T时刻之前的加密业务数据不会被泄露。It should be noted that, in the second business party, the symmetric key is generated based on the third public key, the second private key, the second random number and other parameters. Therefore, if the second private key is leaked at a certain time T, since the second random number is unknown, the encrypted business data of the second business party cannot be decrypted, which can ensure the forward security of the business data of the second business party. Forward security means ensuring that the encrypted business data of the second business party before time T will not be leaked.

S304、将上述第二部分解密结果发送至上述第一业务方对应的第一业务设备。S304: Send the second partial decryption result to the first service device corresponding to the first service party.

其中,上述第一业务设备用于根据第一部分解密结果和第二部分解密结果,对上述加密执行结果进行聚合解密,得到上述执行结果,上述第一部分解密结果是由上述第一业务设备基于上述第一公钥对应的第一私钥对上述加密执行结果进行解密得到的。Among them, the above-mentioned first business device is used to aggregately decrypt the above-mentioned encrypted execution result according to the first part decryption result and the second part decryption result to obtain the above-mentioned execution result. The above-mentioned first part decryption result is obtained by the above-mentioned first business device decrypting the above-mentioned encrypted execution result based on the first private key corresponding to the above-mentioned first public key.

本申请中,第二业务设备通过传输加密业务数据至安全代理组件,可以避免未经加密的业务数据在传输的过程中被泄露,提高业务数据的安全性。通过在确定基于执行文件无法还原出第二业务方的业务数据时,才向第一业务设备返回第二部分解密结果,可避免第一业务方基于执行文件还原出业务数据,提高业务数据的安全性;可确保第一业务方、第二业务方针对执行结果的共有所有权,实现执行结果的安全可控,提高执行结果、业务数据的安全性。In this application, the second business device can prevent the unencrypted business data from being leaked during the transmission process by transmitting encrypted business data to the security proxy component, thereby improving the security of business data. By returning the second part of the decryption result to the first business device only when it is determined that the business data of the second business party cannot be restored based on the execution file, it can prevent the first business party from restoring the business data based on the execution file, thereby improving the security of business data; it can ensure the shared ownership of the execution results by the first business party and the second business party, realize the security and controllability of the execution results, and improve the security of the execution results and business data.

请参见图10,是本申请实施例提供的一种数据处理装置的结构示意图。如图10所示,该数据处理装置可以包括:Please refer to Figure 10, which is a schematic diagram of the structure of a data processing device provided in an embodiment of the present application. As shown in Figure 10, the data processing device may include:

接收模块1010,用于通过运行在可信第三方的安全沙箱中的安全代理组件,接收第一业务方对应的第一业务设备所发送的计算任务请求;上述计算任务请求包括用于对第二业务方的业务数据执行计算操作的执行文件,和上述业务数据对应的加密业务数据的第一数据标识;The receiving module 1010 is used to receive a computing task request sent by a first business device corresponding to the first business party through a security proxy component running in a security sandbox of a trusted third party; the computing task request includes an execution file for performing a computing operation on the business data of the second business party, and a first data identifier of encrypted business data corresponding to the business data;

解密模块1011,用于通过上述安全代理组件,根据上述第一数据标识,从上述第二业务方对应的第二业务设备中获取上述第二业务方的加密业务数据,对上述第二业务方的加密业务数据进行解密,得到上述第二业务方的业务数据;The decryption module 1011 is used to obtain the encrypted business data of the second business party from the second business device corresponding to the second business party through the security proxy component according to the first data identifier, decrypt the encrypted business data of the second business party, and obtain the business data of the second business party;

执行模块1012,用于通过运行在上述安全沙箱中的计算任务组件,根据上述执行文件,对上述第二业务方的业务数据执行计算操作,得到执行结果;An execution module 1012 is used to execute a computing operation on the business data of the second business party according to the execution file by running a computing task component in the security sandbox to obtain an execution result;

加密模块1013,用于通过上述安全代理组件,根据上述第一业务方的第一公钥和上述第二业务方的第二公钥,对上述执行结果进行聚合加密,得到加密执行结果,将上述加密执行结果发送至上述第一业务设备和上述第二业务设备;The encryption module 1013 is used to perform aggregate encryption on the execution result through the security proxy component according to the first public key of the first business party and the second public key of the second business party to obtain an encrypted execution result, and send the encrypted execution result to the first business device and the second business device;

其中,上述第一业务设备用于根据第一部分解密结果和第二部分解密结果,对上述加密执行结果进行聚合解密,得到上述执行结果,上述第一部分解密结果是由上述第一业务设备基于上述第一公钥对应的第一私钥对上述加密执行结果进行解密得到的,上述第二部分解密结果是上述第二业务设备在确定基于上述执行文件不能还原出上述第二业务方的业务数据时,发送至上述第一业务设备的,且上述第二部分解密结果是基于上述第二公钥对应的第二私钥,对上述加密执行结果进行解密得到的,上述第二业务设备中的执行文件是由上述第一业务设备或上述安全代理组件发送至上述第二业务设备的。Among them, the above-mentioned first business device is used to aggregately decrypt the above-mentioned encrypted execution result according to the first part of the decryption result and the second part of the decryption result to obtain the above-mentioned execution result. The above-mentioned first part of the decryption result is obtained by the above-mentioned first business device decrypting the above-mentioned encrypted execution result based on the first private key corresponding to the above-mentioned first public key. The above-mentioned second part of the decryption result is sent to the above-mentioned first business device when the above-mentioned second business device determines that the business data of the above-mentioned second business party cannot be restored based on the above-mentioned execution file, and the above-mentioned second part of the decryption result is obtained by decrypting the above-mentioned encrypted execution result based on the second private key corresponding to the above-mentioned second public key. The execution file in the above-mentioned second business device is sent to the above-mentioned second business device by the above-mentioned first business device or the above-mentioned security agent component.

可选的,加密模块1013,具体用于:Optionally, the encryption module 1013 is specifically used for:

通过上述安全代理组件,对上述第一业务方的第一公钥和上述第二业务方的第二公钥进行相乘处理,得到联合公钥;By means of the security proxy component, the first public key of the first business party and the second public key of the second business party are multiplied to obtain a joint public key;

根据第一随机数,对上述联合公钥进行派生处理,得到派生公钥;According to the first random number, deriving the joint public key to obtain a derived public key;

获取基础数据的r次方,得到扩展基础数据;r为上述第一随机数,上述基础数据为用于计算上述第一公钥、上述第二公钥的数据;Obtaining the rth power of the basic data to obtain the extended basic data, wherein r is the first random number, and the basic data is the data used to calculate the first public key and the second public key;

根据上述扩展基础数据、上述派生公钥,对上述执行结果进行聚合加密,得到加密执行结果。According to the above-mentioned extended basic data and the above-mentioned derived public key, the above-mentioned execution result is aggregated and encrypted to obtain an encrypted execution result.

可选的,加密模块1013,具体用于:Optionally, the encryption module 1013 is specifically used for:

对上述派生公钥和上述执行结果进行哈希运算,得到上述执行结果的摘要数据;Performing a hash operation on the derived public key and the execution result to obtain summary data of the execution result;

根据上述执行结果的数据长度,对上述派生公钥进行扩展处理,得到随机字节流;According to the data length of the above execution result, the above derived public key is extended to obtain a random byte stream;

对上述随机字节流与上述执行结果进行异或处理,得到异或处理结果;Performing XOR processing on the random byte stream and the execution result to obtain an XOR processing result;

对上述扩展基础数据、上述摘要数据和上述异或处理结果进行拼接,得到加密执行结果。The extended basic data, the summary data and the XOR processing result are concatenated to obtain an encrypted execution result.

可选的,上述第二业务方的加密业务数据是对上述第二业务方的业务数据的密文数据和第一坐标值进行拼接得到的,上述第二业务方的业务数据的密文数据是根据对称密钥对上述第二业务方的业务数据进行加密得到的,上述第一坐标值为椭圆曲线群上与基础数据关联的坐标值。Optionally, the encrypted business data of the second business party is obtained by concatenating the ciphertext data of the business data of the second business party and the first coordinate value. The ciphertext data of the business data of the second business party is obtained by encrypting the business data of the second business party according to a symmetric key, and the first coordinate value is the coordinate value associated with the basic data on the elliptic curve group.

可选的,解密模块1011,具体用于:Optionally, the decryption module 1011 is specifically used for:

对上述第二业务方的加密业务数据进行拆分,得到上述第一坐标值和上述第二业务方的业务数据的密文数据;Splitting the encrypted business data of the second business party to obtain the first coordinate value and ciphertext data of the business data of the second business party;

根据上述第一坐标值、上述第二公钥、上述可信第三方的第三私钥,生成上述椭圆曲线群上与上述第三私钥关联的第二坐标值和第三坐标值;Generate a second coordinate value and a third coordinate value associated with the third private key on the elliptic curve group according to the first coordinate value, the second public key, and the third private key of the trusted third party;

根据上述第一坐标值、上述第二坐标值和上述第三坐标值、上述第二公钥、上述第三私钥对应的第三公钥,生成对称密钥;Generate a symmetric key according to the first coordinate value, the second coordinate value, the third coordinate value, the second public key, and the third public key corresponding to the third private key;

根据上述对称密钥,对上述第二业务方的业务数据的密文数据进行解密,得到上述第二业务方的业务数据。The ciphertext data of the business data of the second business party is decrypted according to the symmetric key to obtain the business data of the second business party.

可选的,上述计算任务请求还携带上述第一业务方的加密业务数据的第二数据标识;Optionally, the computing task request further carries a second data identifier of the encrypted business data of the first business party;

可选的,执行模块1012,具体用于:Optionally, the execution module 1012 is specifically configured to:

通过上述安全代理组件,根据上述第二数据标识,从上述第一业务设备中获取上述第一业务方的加密业务数据;Obtaining the encrypted business data of the first business party from the first business device through the security proxy component according to the second data identifier;

对上述第一业务方的加密业务数据进行解密,得到上述第一业务方的业务数据;Decrypting the encrypted business data of the first business party to obtain the business data of the first business party;

通过运行在上述安全沙箱中的计算任务组件,根据上述执行文件,对上述第一业务方的业务数据和第二业务方的执行计算操作,得到执行结果。By running the computing task component in the security sandbox, the computing operation is performed on the business data of the first business party and the second business party according to the execution file to obtain the execution result.

本申请中至少具有如下有益效果:(1)在各个业务方对应的可信第三方的安全沙箱中部署安全代理组件和计算任务组件,第二业务方的加密业务数据的解密和计算过程,均是通过安全沙箱中的安全代理组件和计算任务组件实现,即通过安全沙箱实现各个业务方的业务数据流通,不需要为各个业务方创建独立的集群,也不需要依赖于专用硬件,降低业务数据的流通成本,提高业务数据的流通过程的便捷性,且流通过过程不需要人工参与,提高业务数据的流通效率。(2)通过对执行结果进行聚合加密,以使第二业务方确定执行文件不能还原出原始数据(即业务数据)时,才将自身得到的第二部分解密结果发送至第一业务方,这样第一业务方才能基于自身得到的第一部分解密结果和所接收到的第二部分解密结果,对加密执行结果进行聚合解密,得到执行结果,可确保第一业务方、第二业务方针对执行结果的共有所有权,实现执行结果的安全可控,提高执行结果的安全性。The present application has at least the following beneficial effects: (1) Deploy security proxy components and computing task components in the security sandbox of the trusted third party corresponding to each business party, and the decryption and computing process of the encrypted business data of the second business party are all realized through the security proxy components and computing task components in the security sandbox, that is, the business data of each business party is circulated through the security sandbox, and there is no need to create independent clusters for each business party, nor to rely on dedicated hardware, thereby reducing the circulation cost of business data and improving the convenience of the business data circulation process. In addition, the circulation process does not require manual participation, thereby improving the circulation efficiency of business data. (2) By aggregate encryption of the execution results, the second business party will send the second part of the decryption result obtained by itself to the first business party only when it determines that the execution file cannot restore the original data (that is, the business data). In this way, the first business party can aggregate and decrypt the encrypted execution results based on the first part of the decryption result obtained by itself and the second part of the decryption result received to obtain the execution result, which can ensure the shared ownership of the execution results by the first and second business parties, realize the security and controllability of the execution results, and improve the security of the execution results.

请参见图11,是本申请实施例提供的另一种数据处理装置的结构示意图。如图11所示,该数据处理装置可以包括:Please refer to Figure 11, which is a schematic diagram of the structure of another data processing device provided in an embodiment of the present application. As shown in Figure 11, the data processing device may include:

发送模块1111,用于向运行在可信第三方的安全沙箱中的安全代理组件,发送计算任务请求;上述计算任务请求包括用于对第二业务方的业务数据执行计算操作的执行文件,和上述业务数据对应的加密业务数据的第一数据标识,上述安全代理组件用于根据上述第一数据标识,从上述第二业务方对应的第二业务设备中获取上述第二业务方的加密业务数据,对上述第二业务方的加密业务数据进行解密,得到上述第二业务方的业务数据;The sending module 1111 is used to send a computing task request to a security proxy component running in a security sandbox of a trusted third party; the computing task request includes an execution file for performing a computing operation on the business data of the second business party, and a first data identifier of encrypted business data corresponding to the business data; the security proxy component is used to obtain the encrypted business data of the second business party from a second business device corresponding to the second business party according to the first data identifier, decrypt the encrypted business data of the second business party, and obtain the business data of the second business party;

接收模块1112,用于接收上述安全代理组件所发送的加密执行结果;上述加密执行结果是由上述安全代理组件根据第一业务方的第一公钥和上述第二业务方的第二公钥,对执行结果进行聚合加密得到的,上述执行结果是运行在上述安全沙箱中的计算任务组件,根据上述执行文件对上述第二业务方的业务数据执行计算操作所得到的;The receiving module 1112 is used to receive the encrypted execution result sent by the security proxy component; the encrypted execution result is obtained by the security proxy component performing aggregate encryption on the execution result according to the first public key of the first business party and the second public key of the second business party, and the execution result is obtained by the computing task component running in the security sandbox performing a computing operation on the business data of the second business party according to the execution file;

解密模块1113,用于根据上述第一公钥对应的第一私钥,对上述加密执行结果进行解密,得到第一部分解密结果,接收由第二业务方对应的第二业务设备所发送的第二部分解密结果;上述第二部分解密结果是上述第二业务设备在确定基于上述执行文件不能还原出上述第二业务方的业务数据时,发送至上述第一业务方对应的第一业务设备的,且上述第二部分解密结果是基于上述第二公钥对应的第二私钥,对上述加密执行结果进行解密得到的,上述加密执行结果是由上述安全代理组件发送至上述第二业务设备的,上述第二业务设备中的执行文件是由上述第一业务设备或上述安全代理组件发送至上述第二业务设备的;The decryption module 1113 is used to decrypt the above-mentioned encrypted execution result according to the first private key corresponding to the above-mentioned first public key to obtain a first part of the decryption result, and receive the second part of the decryption result sent by the second business device corresponding to the second business party; the above-mentioned second part of the decryption result is sent to the first business device corresponding to the above-mentioned first business party when the above-mentioned second business device determines that the business data of the above-mentioned second business party cannot be restored based on the above-mentioned execution file, and the above-mentioned second part of the decryption result is obtained by decrypting the above-mentioned encrypted execution result based on the second private key corresponding to the above-mentioned second public key, the above-mentioned encrypted execution result is sent to the above-mentioned second business device by the above-mentioned security proxy component, and the execution file in the above-mentioned second business device is sent to the above-mentioned second business device by the above-mentioned first business device or the above-mentioned security proxy component;

上述解密模块1113,还用于根据上述第一部分解密结果和上述第二部分解密结果,对上述加密执行结果进行聚合解密,得到上述执行结果。The decryption module 1113 is further used to perform aggregate decryption on the encrypted execution result according to the first part of the decryption result and the second part of the decryption result to obtain the execution result.

可选的,解密模块1113,具体用于:Optionally, the decryption module 1113 is specifically used for:

从上述加密执行结果中,提取上述执行结果的摘要数据和异或处理结果;上述异或处理结果是对随机字节流与上述执行结果进行异或处理得到的;Extracting summary data and an XOR processing result of the execution result from the encrypted execution result; the XOR processing result is obtained by performing XOR processing on the random byte stream and the execution result;

对上述第一部分解密结果和上述第二部分解密结果进行相乘处理,得到派生公钥;Multiplying the first partial decryption result and the second partial decryption result to obtain a derived public key;

根据上述异或处理结果的数据长度,对上述派生公钥进行扩展处理,得到上述随机字节流;According to the data length of the XOR processing result, the derived public key is extended to obtain the random byte stream;

根据上述异或处理结果、上述随机字节流、上述派生公钥、上述执行结果的摘要数据,确定执行结果;Determine the execution result according to the XOR processing result, the random byte stream, the derived public key, and the summary data of the execution result;

可选的,解密模块1113,具体用于:Optionally, the decryption module 1113 is specifically used for:

对上述异或处理结果与上述随机字节流进行异或处理,得到初始执行结果;Performing XOR processing on the XOR processing result and the random byte stream to obtain an initial execution result;

对上述初始执行结果和上述派生公钥进行哈希运算,得到哈希运算结果;Performing a hash operation on the initial execution result and the derived public key to obtain a hash operation result;

当上述哈希运算结果与上述执行结果的摘要数据匹配时,将上述初始执行结果,确定上述业务数据的执行结果。When the above hash operation result matches the summary data of the above execution result, the above initial execution result is used to determine the execution result of the above business data.

可选的,解密模块1113,具体用于:Optionally, the decryption module 1113 is specifically used for:

从上述加密执行结果中提取扩展基础数据;上述扩展基础数据为基础数据的r次方,r为第一随机数,上述基础数据为用于计算上述第一公钥、上述第二公钥的数据;Extract extended basic data from the encryption execution result; the extended basic data is the r-th power of the basic data, r is a first random number, and the basic data is data used to calculate the first public key and the second public key;

获取上述扩展基础数据的次方,得到第一部分解密结果;为上述第一公钥对应的第一私钥。Get the above extended basic data To the power of , we get the first part of the decryption result; It is the first private key corresponding to the first public key.

本申请中,通过第一业务设备从第二业务设备中获取第二部分解密结果,基于第一部分解密结果和第二部分解密结果,对加密执行结果进行解密,得到执行结果,可确保第一业务方、第二业务方针对执行结果的共有所有权,实现执行结果的安全可控,提高执行结果的安全性。In the present application, the second part of the decryption result is obtained from the second business device through the first business device, and the encrypted execution result is decrypted based on the first part of the decryption result and the second part of the decryption result to obtain the execution result. This can ensure the shared ownership of the execution result by the first business party and the second business party, achieve the security and controllability of the execution result, and improve the security of the execution result.

请参见图12,是本申请实施例提供的又一种数据处理装置的结构示意图。如图12所示,该数据处理装置可以包括:Please refer to Figure 12, which is a schematic diagram of the structure of another data processing device provided in an embodiment of the present application. As shown in Figure 12, the data processing device may include:

发送模块1211,用于根据计算任务请求中所携带的第一数据标识,向运行在可信第三方的安全沙箱中的安全代理组件,发送第二业务方的加密业务数据;上述计算任务请求是由第一业务方对应的第一业务设备发送至上述安全代理组件的,上述计算任务请求包括用于对第二业务方的业务数据执行计算操作的执行文件,和上述业务数据对应的加密业务数据的第一数据标识,上述安全代理组件用于对上述第二业务方的加密业务数据进行解密,得到上述第二业务方的业务数据;The sending module 1211 is used to send the encrypted business data of the second business party to the security proxy component running in the security sandbox of the trusted third party according to the first data identifier carried in the computing task request; the computing task request is sent to the security proxy component by the first business device corresponding to the first business party, and the computing task request includes an execution file for performing a computing operation on the business data of the second business party, and the first data identifier of the encrypted business data corresponding to the business data, and the security proxy component is used to decrypt the encrypted business data of the second business party to obtain the business data of the second business party;

接收模块1212,用于接收上述安全代理组件所发送的加密执行结果;上述加密执行结果是由上述安全代理组件根据上述第一业务方的第一公钥和上述第二业务方的第二公钥,对执行结果进行聚合加密得到的,上述执行结果是由运行在上述安全沙箱中的计算任务组件,根据上述执行文件,对上述第二业务方的业务数据执行计算操作得到的;The receiving module 1212 is used to receive the encrypted execution result sent by the security proxy component; the encrypted execution result is obtained by the security proxy component performing aggregate encryption on the execution result according to the first public key of the first business party and the second public key of the second business party, and the execution result is obtained by the computing task component running in the security sandbox performing a computing operation on the business data of the second business party according to the execution file;

解密模块1213,用于在确定基于上述执行文件不能还原出上述第二业务方的业务数据时,根据上述第二公钥对应的第二私钥,对上述加密执行结果进行解密,得到第二部分解密结果;上述第二业务方对应的第二业务设备中的执行文件是由上述第一业务设备或上述安全代理组件发送至上述第二业务设备的;The decryption module 1213 is used to decrypt the encrypted execution result according to the second private key corresponding to the second public key to obtain a second part of the decryption result when it is determined that the business data of the second business party cannot be restored based on the execution file; the execution file in the second business device corresponding to the second business party is sent to the second business device by the first business device or the security proxy component;

上述发送模块1211,还用于将上述第二部分解密结果发送至上述第一业务方对应的第一业务设备;上述第一业务设备用于根据第一部分解密结果和第二部分解密结果,对上述加密执行结果进行聚合解密,得到上述执行结果,上述第一部分解密结果是由上述第一业务设备基于上述第一公钥对应的第一私钥对上述加密执行结果进行解密得到的。The above-mentioned sending module 1211 is also used to send the above-mentioned second part of the decryption result to the first business device corresponding to the above-mentioned first business party; the above-mentioned first business device is used to aggregate and decrypt the above-mentioned encrypted execution result according to the first part of the decryption result and the second part of the decryption result to obtain the above-mentioned execution result. The above-mentioned first part of the decryption result is obtained by the above-mentioned first business device decrypting the above-mentioned encrypted execution result based on the first private key corresponding to the above-mentioned first public key.

可选的,解密模块1213,具体用于:Optionally, the decryption module 1213 is specifically used for:

从上述加密执行结果中提取扩展基础数据;上述扩展基础数据为基础数据的r次方,r为第一随机数,上述基础数据为用于计算上述第一公钥、上述第二公钥的数据;Extract extended basic data from the encryption execution result; the extended basic data is the r-th power of the basic data, r is a first random number, and the basic data is data used to calculate the first public key and the second public key;

获取上述扩展基础数据的次方,得到第二部分解密结果;为上述第二公钥对应的第二私钥。Get the above extended basic data To the power of , we get the second part of the decryption result; It is the second private key corresponding to the above second public key.

可选的,解密模块1213,具体用于:Optionally, the decryption module 1213 is specifically used for:

从上述执行文件,获取针对上述第二业务方的业务数据的计算操作对应的计算信息;Obtaining, from the execution file, calculation information corresponding to the calculation operation on the business data of the second business party;

根据上述计算信息,确定针对上述第二业务方的业务数据的计算操作对应的计算复杂度;Determine, according to the calculation information, the calculation complexity corresponding to the calculation operation on the business data of the second business party;

当上述计算复杂度大于复杂度阈值时,确定基于上述执行文件不能还原出上述第二业务方的业务数据。When the calculation complexity is greater than the complexity threshold, it is determined that the business data of the second business party cannot be restored based on the execution file.

可选的,发送模块1211,具体用于根据基础数据、上述可信第三方的第三公钥、上述第二私钥,生成对称密钥;Optionally, the sending module 1211 is specifically configured to generate a symmetric key according to the basic data, the third public key of the trusted third party, and the second private key;

将上述基础数据的x次方,确定为椭圆曲线群上与上述基础数据关联的第一坐标值;x为第二随机数;The x-th power of the basic data is determined as the first coordinate value associated with the basic data on the elliptic curve group; x is a second random number;

根据上述对称密钥和上述第一坐标值,对上述第二业务方的业务数据进行加密,得到上述第二业务方的加密业务数据;Encrypting the business data of the second business party according to the symmetric key and the first coordinate value to obtain the encrypted business data of the second business party;

对上述第二业务方的加密业务数据进行哈希运算,得到上述第二业务方的加密业务数据的数据标识;Performing a hash operation on the encrypted business data of the second business party to obtain a data identifier of the encrypted business data of the second business party;

将上述第二业务方的加密业务数据的数据标识发送至上述第一业务方对应的第一业务设备。The data identifier of the encrypted business data of the second business party is sent to the first business device corresponding to the first business party.

可选的,发送模块1211,具体用于:Optionally, the sending module 1211 is specifically configured to:

将上述可信第三方的第三公钥的x次方,确定为上述椭圆曲线群上与上述第三公钥关联的第二坐标值;Determine the xth power of the third public key of the trusted third party as the second coordinate value associated with the third public key on the elliptic curve group;

将上述可信第三方的第三公钥的次方,得到上述椭圆曲线群上与上述第三公钥关联的第三坐标值;为上述第二私钥;The third public key of the above trusted third party to the power, obtaining a third coordinate value associated with the third public key on the elliptic curve group; is the above-mentioned second private key;

对上述第三公钥、上述第二公钥、上述第一坐标值、上述第二坐标值和上述第三坐标值进行哈希运算,得到对称密钥。A hash operation is performed on the third public key, the second public key, the first coordinate value, the second coordinate value and the third coordinate value to obtain a symmetric key.

本申请中,第二业务设备通过传输加密业务数据至安全代理组件,可以避免未经加密的业务数据在传输的过程中被泄露,提高业务数据的安全性。通过在确定基于执行文件无法还原出第二业务方的业务数据时,才向第一业务设备返回第二部分解密结果,可避免第一业务方基于执行文件还原出业务数据,提高业务数据的安全性;可确保第一业务方、第二业务方针对执行结果的共有所有权,实现执行结果的安全可控,提高执行结果、业务数据的安全性。In this application, the second business device can prevent the unencrypted business data from being leaked during the transmission process by transmitting encrypted business data to the security proxy component, thereby improving the security of business data. By returning the second part of the decryption result to the first business device only when it is determined that the business data of the second business party cannot be restored based on the execution file, it can prevent the first business party from restoring the business data based on the execution file, thereby improving the security of business data; it can ensure the shared ownership of the execution results by the first business party and the second business party, realize the security and controllability of the execution results, and improve the security of the execution results and business data.

请参见图13,是本申请实施例提供的一种计算机设备的结构示意图。如图13所示,上述计算机设备1000可以是指终端或服务器,包括:处理器1001,网络接口1004和存储器1005,此外,上述计算机设备1000还可以包括:用户接口1003,和至少一条通信总线1002。其中,通信总线1002用于实现这些组件之间的连接通信。其中,在一些实施例中,用户接口1003可以包括显示屏(DiSPlay)、键盘(Keyboard),可选用户接口1003还可以包括标准的有线接口、无线接口。网络接口1004可选的可以包括标准的有线接口、无线接口(如WI-FI接口)。存储器1005可以是高速RAM存储器,也可以是非易失性的存储器(non-volatileMeMory),例如至少一个磁盘存储器。存储器1005可选的还可以是至少一个在远离前述处理器1001的存储装置。如图13所示,作为一种计算机可读存储介质的存储器1005中可以包括操作系统、网络通信模块、用户接口模块以及计算机程序。Please refer to Figure 13, which is a structural diagram of a computer device provided by an embodiment of the present application. As shown in Figure 13, the above-mentioned computer device 1000 may refer to a terminal or a server, including: a processor 1001, a network interface 1004 and a memory 1005. In addition, the above-mentioned computer device 1000 may also include: a user interface 1003, and at least one communication bus 1002. Among them, the communication bus 1002 is used to realize the connection and communication between these components. Among them, in some embodiments, the user interface 1003 may include a display screen (DiSPlay), a keyboard (Keyboard), and the optional user interface 1003 may also include a standard wired interface and a wireless interface. The network interface 1004 may optionally include a standard wired interface and a wireless interface (such as a WI-FI interface). The memory 1005 may be a high-speed RAM memory, or it may be a non-volatile memory (non-volatileMeMory), such as at least one disk memory. The memory 1005 may also be at least one storage device away from the aforementioned processor 1001. As shown in FIG. 13 , the memory 1005 as a computer-readable storage medium may include an operating system, a network communication module, a user interface module, and a computer program.

在图13所示的计算机设备1000中,网络接口1004可提供网络通讯功能;而用户接口1003主要用于提供输入的接口;而处理器1001可以用于调用存储器1005中存储的计算机程序,以实现本申请各方法实施例中的步骤。In the computer device 1000 shown in FIG. 13 , the network interface 1004 can provide a network communication function; the user interface 1003 is mainly used to provide an input interface; and the processor 1001 can be used to call a computer program stored in the memory 1005 to implement the steps in each method embodiment of the present application.

本申请中至少具有如下有益效果:(1)在各个业务方对应的可信第三方的安全沙箱中部署安全代理组件和计算任务组件,第二业务方的加密业务数据的解密和计算过程,均是通过安全沙箱中的安全代理组件和计算任务组件实现,即通过安全沙箱实现各个业务方的业务数据流通,不需要为各个业务方创建独立的集群,也不需要依赖于专用硬件,降低业务数据的流通成本,提高业务数据的流通过程的便捷性,且流通过过程不需要人工参与,提高业务数据的流通效率。(2)通过对执行结果进行聚合加密,以使第二业务方确定执行文件不能还原出原始数据(即业务数据)时,才将自身得到的第二部分解密结果发送至第一业务方,这样第一业务方才能基于自身得到的第一部分解密结果和所接收到的第二部分解密结果,对加密执行结果进行聚合解密,得到执行结果,可确保第一业务方、第二业务方针对执行结果的共有所有权,实现执行结果的安全可控,提高执行结果的安全性。The present application has at least the following beneficial effects: (1) Deploy security proxy components and computing task components in the security sandbox of the trusted third party corresponding to each business party, and the decryption and computing process of the encrypted business data of the second business party are all realized through the security proxy components and computing task components in the security sandbox, that is, the business data of each business party is circulated through the security sandbox, and there is no need to create independent clusters for each business party, nor to rely on dedicated hardware, thereby reducing the circulation cost of business data and improving the convenience of the business data circulation process. In addition, the circulation process does not require manual participation, thereby improving the circulation efficiency of business data. (2) By aggregate encryption of the execution results, the second business party will send the second part of the decryption result obtained by itself to the first business party only when it determines that the execution file cannot restore the original data (that is, the business data). In this way, the first business party can aggregate and decrypt the encrypted execution results based on the first part of the decryption result obtained by itself and the second part of the decryption result received to obtain the execution result, which can ensure the shared ownership of the execution results by the first and second business parties, realize the security and controllability of the execution results, and improve the security of the execution results.

应当理解,本申请实施例中所描述的计算机设备可执行前文所对应实施例中对上述数据处理方法的描述,也可执行前文所对应实施例中对上述数据处理装置的描述,在此不再赘述。另外,对采用相同方法的有益效果描述,也不再进行赘述。It should be understood that the computer device described in the embodiments of the present application can execute the description of the above data processing method in the corresponding embodiments above, and can also execute the description of the above data processing device in the corresponding embodiments above, which will not be repeated here. In addition, the description of the beneficial effects of adopting the same method will not be repeated.

本申请书中相关数据收集处理在实例应用时应该严格根据相关法律法规的要求,获取个人信息主体的知情同意或单独同意,并在法律法规及个人信息主体的授权范围内,开展后续数据使用及处理行为。The data collection and processing in this application should be strictly in accordance with the requirements of relevant laws and regulations when applied in practice, and the informed consent or separate consent of the personal information subject should be obtained. Subsequent data use and processing should be carried out within the scope of authorization of laws and regulations and the personal information subject.

此外,这里需要指出的是:本申请实施例还提供了一种计算机可读存储介质,且上述计算机可读存储介质中存储有前文提及的数据处理装置所执行的计算机程序,且上述计算机程序包括程序指令,当上述处理器执行上述程序指令时,能够执行前文对应实施例中对上述数据处理方法的描述,因此,这里将不再进行赘述。另外,对采用相同方法的有益效果描述,也不再进行赘述。对于本申请所涉及的计算机可读存储介质实施例中未披露的技术细节,请参照本申请方法实施例的描述。In addition, it should be pointed out here that: the embodiment of the present application also provides a computer-readable storage medium, and the computer-readable storage medium stores a computer program executed by the data processing device mentioned above, and the computer program includes program instructions. When the processor executes the program instructions, it can execute the description of the data processing method in the corresponding embodiment above, so it will not be repeated here. In addition, the description of the beneficial effects of the same method will not be repeated. For technical details not disclosed in the computer-readable storage medium embodiment involved in this application, please refer to the description of the method embodiment of this application.

作为示例,上述程序指令可被部署在一个计算机设备上执行,或者被部署在一个地点的至少两个计算机设备上执行,又或者,在分布在至少两个地点且通过通信网络互连的至少两个计算机设备上执行,分布在至少两个地点且通过通信网络互连的至少两个计算机设备可以组成区块链网络。As an example, the above program instructions may be deployed on a computer device for execution, or deployed on at least two computer devices at one location for execution, or executed on at least two computer devices distributed at at least two locations and interconnected through a communication network. At least two computer devices distributed at at least two locations and interconnected through a communication network may constitute a blockchain network.

上述计算机可读存储介质可以是前述任一实施例提供的数据处理装置或者上述计算机设备的中部存储单元,例如计算机设备的硬盘或中存。该计算机可读存储介质也可以是该计算机设备的外部存储设备,例如该计算机设备上配备的插接式硬盘,智能存储卡(SMart Media card,SMC),安全数字(Secure digital,SD)卡,闪存卡(flaSh card)等。进一步地,该计算机可读存储介质还可以既包括该计算机设备的中部存储单元也包括外部存储设备。该计算机可读存储介质用于存储该计算机程序以及该计算机设备所需的其他程序和数据。该计算机可读存储介质还可以用于暂时地存储已经输出或者将要输出的数据。The computer-readable storage medium may be the data processing device provided in any of the aforementioned embodiments or the central storage unit of the computer device, such as a hard disk or a memory of the computer device. The computer-readable storage medium may also be an external storage device of the computer device, such as a plug-in hard disk, a smart memory card (SMART Media card, SMC), a secure digital (Secure digital, SD) card, a flash memory card (flaSh card), etc. equipped on the computer device. Further, the computer-readable storage medium may also include both the central storage unit of the computer device and an external storage device. The computer-readable storage medium is used to store the computer program and other programs and data required by the computer device. The computer-readable storage medium may also be used to temporarily store data that has been output or is to be output.

本申请实施例的说明书和权利要求书及附图中的术语“第一”、“第二”等是用于区别不同媒体中容,而非用于描述特定顺序。此外,术语“包括”以及它们任何变形,意图在于覆盖不排他的包含。例如包含了一系列步骤或单元的过程、方法、装置、产品或设备没有限定于已列出的步骤或模块,而是可选地还包括没有列出的步骤或模块,或可选地还包括对于这些过程、方法、装置、产品或设备固有的其他步骤单元。The terms "first", "second", etc. in the description, claims, and drawings of the embodiments of the present application are used to distinguish between contents in different media, rather than to describe a specific order. In addition, the terms "including" and any of their variations are intended to cover non-exclusive inclusions. For example, a process, method, device, product, or equipment that includes a series of steps or units is not limited to the listed steps or modules, but may optionally include steps or modules that are not listed, or may optionally include other step units inherent to these processes, methods, devices, products, or equipment.

本申请实施例中,术语“模块”或“单元”是指有预定功能的计算机程序或计算机程序的一部分,并与其他相关部分一起工作以实现预定目标,并且可以通过使用软件、硬件(如处理电路或存储器)或其组合来全部或部分实现。同样的,一个处理器(或多个处理器或存储器)可以用来实现一个或多个模块或单元。此外,每个模块或单元都可以是包含该模块或单元功能的整体模块或单元的一部分。In the embodiments of the present application, the term "module" or "unit" refers to a computer program or a part of a computer program that has a predetermined function and works together with other related parts to achieve a predetermined goal, and can be implemented in whole or in part by using software, hardware (such as processing circuits or memories), or a combination thereof. Similarly, a processor (or multiple processors or memories) can be used to implement one or more modules or units. In addition, each module or unit can be part of an overall module or unit that includes the function of the module or unit.

本申请书中相关数据收集处理在实例应用时应该严格根据相关法律法规的要求,获取个人信息主体的知情同意或单独同意,并在法律法规及个人信息主体的授权范围内,开展后续数据使用及处理行为。The data collection and processing in this application should be strictly in accordance with the requirements of relevant laws and regulations when applied in practice, and the informed consent or separate consent of the personal information subject should be obtained. Subsequent data use and processing should be carried out within the scope of authorization of laws and regulations and the personal information subject.

本申请实施例还提供了一种计算机程序产品,包括计算机程序,上述计算机程序被处理器执行时实现前文对应实施例中对上述数据处理方法、解码方法的描述,因此,这里将不再进行赘述。另外,对采用相同方法的有益效果描述,也不再进行赘述。对于本申请所涉及的计算机程序产品的实施例中未披露的技术细节,请参照本申请方法实施例的描述。The embodiment of the present application also provides a computer program product, including a computer program, which, when executed by a processor, implements the description of the above-mentioned data processing method and decoding method in the corresponding embodiment above, so it will not be repeated here. In addition, the description of the beneficial effects of the same method will not be repeated. For technical details not disclosed in the embodiment of the computer program product involved in the present application, please refer to the description of the method embodiment of the present application.

本领域普通技术人员可以意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,能够以电子硬件、计算机软件或者二者的结合来实现,为了清楚地说明硬件和软件的可互换性,在上述说明中已经按照功能一般性地描述了各示例的组成及步骤。这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本申请的范围。Those of ordinary skill in the art will appreciate that the units and algorithm steps of each example described in conjunction with the embodiments disclosed herein can be implemented in electronic hardware, computer software, or a combination of the two. In order to clearly illustrate the interchangeability of hardware and software, the composition and steps of each example have been generally described in terms of function in the above description. Whether these functions are performed in hardware or software depends on the specific application and design constraints of the technical solution. Professional and technical personnel can use different methods to implement the described functions for each specific application, but such implementation should not be considered to be beyond the scope of this application.

本申请实施例提供的方法及相关装置是参照本申请实施例提供的方法流程图和/或结构示意图来描述的,具体可由计算机程序指令实现方法流程图和/或结构示意图的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。这些计算机程序指令可提供到通用计算机、专用计算机、嵌入式处理机或其他可编程网络连接设备的处理器以产生一个机器,使得通过计算机或其他可编程网络连接设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或结构示意图一个方框或多个方框中指定的功能的装置。这些计算机程序指令也可存储在能引导计算机或其他可编程网络连接设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或结构示意图一个方框或多个方框中指定的功能。这些计算机程序指令也可装载到计算机或其他可编程网络连接设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或结构示意一个方框或多个方框中指定的功能的步骤。The method and related device provided by the embodiment of the present application are described with reference to the method flow chart and/or structural diagram provided by the embodiment of the present application, and each process and/or box of the method flow chart and/or structural diagram, and the combination of the process and/or box in the flow chart and/or block diagram can be realized by computer program instructions. These computer program instructions can be provided to a processor of a general-purpose computer, a special-purpose computer, an embedded processor or other programmable network connection device to produce a machine, so that the instructions executed by the processor of the computer or other programmable network connection device produce a device for realizing the function specified in one process or multiple processes of the flow chart and/or one box or multiple boxes of the structural diagram. These computer program instructions can also be stored in a computer-readable memory that can guide a computer or other programmable network connection device to work in a specific manner, so that the instructions stored in the computer-readable memory produce a product including an instruction device, which implements the function specified in one process or multiple processes of the flow chart and/or one box or multiple boxes of the structural diagram. These computer program instructions may also be loaded onto a computer or other programmable network-connected device so that a series of operational steps are executed on the computer or other programmable device to produce a computer-implemented process, whereby the instructions executed on the computer or other programmable device provide steps for implementing the functions specified in one or more processes in the flowchart and/or one or more boxes in the structure diagram.

以上所揭露的仅为本申请较佳实施例而已,当然不能以此来限定本申请之权利范围,因此依本申请权利要求所作的等同变化,仍属本申请所涵盖的范围。The above disclosure is only the preferred embodiment of the present application, which certainly cannot be used to limit the scope of rights of the present application. Therefore, equivalent changes made according to the claims of the present application are still within the scope covered by the present application.

Claims (20)

1.一种数据处理方法,其特征在于,包括:1. A data processing method, comprising: 通过运行在可信第三方的安全沙箱中的安全代理组件,接收第一业务方对应的第一业务设备所发送的计算任务请求;所述计算任务请求包括用于对第二业务方的业务数据执行计算操作的执行文件,和所述业务数据对应的加密业务数据的第一数据标识;A computing task request sent by a first business device corresponding to a first business party is received by a security proxy component running in a security sandbox of a trusted third party; the computing task request includes an execution file for performing a computing operation on business data of a second business party, and a first data identifier of encrypted business data corresponding to the business data; 通过所述安全代理组件,根据所述第一数据标识,从所述第二业务方对应的第二业务设备中获取所述第二业务方的加密业务数据,对所述第二业务方的加密业务数据进行解密,得到所述第二业务方的业务数据;Obtaining, by the security proxy component, the encrypted business data of the second business party from the second business device corresponding to the second business party according to the first data identifier, and decrypting the encrypted business data of the second business party to obtain the business data of the second business party; 通过运行在所述安全沙箱中的计算任务组件,根据所述执行文件,对所述第二业务方的业务数据执行计算操作,得到执行结果;By running the computing task component in the security sandbox, according to the execution file, a computing operation is performed on the business data of the second business party to obtain an execution result; 通过所述安全代理组件,根据所述第一业务方的第一公钥和所述第二业务方的第二公钥,对所述执行结果进行聚合加密,得到加密执行结果,将所述加密执行结果发送至所述第一业务设备和所述第二业务设备;By means of the security proxy component, the execution result is aggregated and encrypted according to the first public key of the first business party and the second public key of the second business party to obtain an encrypted execution result, and the encrypted execution result is sent to the first business device and the second business device; 其中,所述第一业务设备用于根据第一部分解密结果和第二部分解密结果,对所述加密执行结果进行聚合解密,得到所述执行结果,所述第一部分解密结果是由所述第一业务设备基于所述第一公钥对应的第一私钥对所述加密执行结果进行解密得到的,所述第二部分解密结果是所述第二业务设备在确定基于所述执行文件不能还原出所述第二业务方的业务数据时,发送至所述第一业务设备的,且所述第二部分解密结果是基于所述第二公钥对应的第二私钥,对所述加密执行结果进行解密得到的,所述第二业务设备中的执行文件是由所述第一业务设备或所述安全代理组件发送至所述第二业务设备的。Among them, the first business device is used to aggregate and decrypt the encrypted execution result according to the first part of the decryption result and the second part of the decryption result to obtain the execution result, the first part of the decryption result is obtained by the first business device decrypting the encrypted execution result based on the first private key corresponding to the first public key, the second part of the decryption result is sent to the first business device by the second business device when it is determined that the business data of the second business party cannot be restored based on the execution file, and the second part of the decryption result is obtained by decrypting the encrypted execution result based on the second private key corresponding to the second public key, and the execution file in the second business device is sent to the second business device by the first business device or the security agent component. 2.如权利要求1所述的方法,其特征在于,所述通过所述安全代理组件,根据所述第一业务方的第一公钥和所述第二业务方的第二公钥,对所述执行结果进行聚合加密,得到加密执行结果,包括:2. The method according to claim 1, wherein the step of performing aggregate encryption on the execution result according to the first public key of the first business party and the second public key of the second business party through the security proxy component to obtain the encrypted execution result comprises: 通过所述安全代理组件,对所述第一业务方的第一公钥和所述第二业务方的第二公钥进行相乘处理,得到联合公钥;By means of the security proxy component, a first public key of the first business party and a second public key of the second business party are multiplied to obtain a joint public key; 根据第一随机数,对所述联合公钥进行派生处理,得到派生公钥;According to the first random number, deriving the joint public key to obtain a derived public key; 获取基础数据的r次方,得到扩展基础数据;r为所述第一随机数,所述基础数据为用于计算所述第一公钥、所述第二公钥的数据;Obtaining the rth power of basic data to obtain extended basic data, wherein r is the first random number, and the basic data is data used to calculate the first public key and the second public key; 根据所述扩展基础数据、所述派生公钥,对所述执行结果进行聚合加密,得到加密执行结果。The execution result is aggregated and encrypted according to the extended basic data and the derived public key to obtain an encrypted execution result. 3.如权利要求2所述的方法,其特征在于,所述根据所述扩展基础数据、所述派生公钥,对所述执行结果进行聚合加密,得到加密执行结果,包括:3. The method according to claim 2, wherein the step of performing aggregate encryption on the execution result according to the extended basic data and the derived public key to obtain the encrypted execution result comprises: 对所述派生公钥和所述执行结果进行哈希运算,得到所述执行结果的摘要数据;Performing a hash operation on the derived public key and the execution result to obtain summary data of the execution result; 根据所述执行结果的数据长度,对所述派生公钥进行扩展处理,得到随机字节流;According to the data length of the execution result, the derived public key is extended to obtain a random byte stream; 对所述随机字节流与所述执行结果进行异或处理,得到异或处理结果;Performing XOR processing on the random byte stream and the execution result to obtain an XOR processing result; 对所述扩展基础数据、所述摘要数据和所述异或处理结果进行拼接,得到加密执行结果。The extended basic data, the summary data and the XOR processing result are concatenated to obtain an encrypted execution result. 4.如权利要求1所述的方法,其特征在于,所述第二业务方的加密业务数据是对所述第二业务方的业务数据的密文数据和第一坐标值进行拼接得到的,所述第二业务方的业务数据的密文数据是根据对称密钥对所述第二业务方的业务数据进行加密得到的,所述第一坐标值为椭圆曲线群上与基础数据关联的坐标值;4. The method according to claim 1, characterized in that the encrypted business data of the second business party is obtained by concatenating the ciphertext data of the business data of the second business party and the first coordinate value, the ciphertext data of the business data of the second business party is obtained by encrypting the business data of the second business party according to a symmetric key, and the first coordinate value is a coordinate value associated with the basic data on the elliptic curve group; 所述对所述第二业务方的加密业务数据进行解密,得到所述第二业务方的业务数据,包括:The decrypting the encrypted business data of the second business party to obtain the business data of the second business party includes: 对所述第二业务方的加密业务数据进行拆分,得到所述第一坐标值和所述第二业务方的业务数据的密文数据;Splitting the encrypted business data of the second business party to obtain the first coordinate value and ciphertext data of the business data of the second business party; 根据所述第一坐标值、所述第二公钥、所述可信第三方的第三私钥,生成所述椭圆曲线群上与所述第三私钥关联的第二坐标值和第三坐标值;Generate a second coordinate value and a third coordinate value associated with the third private key on the elliptic curve group according to the first coordinate value, the second public key, and the third private key of the trusted third party; 根据所述第一坐标值、所述第二坐标值和所述第三坐标值、所述第二公钥、所述第三私钥对应的第三公钥,生成对称密钥;Generate a symmetric key according to the first coordinate value, the second coordinate value, the third coordinate value, the second public key, and a third public key corresponding to the third private key; 根据所述对称密钥,对所述第二业务方的业务数据的密文数据进行解密,得到所述第二业务方的业务数据。The ciphertext data of the business data of the second business party is decrypted according to the symmetric key to obtain the business data of the second business party. 5.如权利要求1所述的方法,其特征在于,所述计算任务请求还携带所述第一业务方的加密业务数据的第二数据标识;5. The method according to claim 1, wherein the computing task request also carries a second data identifier of the encrypted business data of the first business party; 所述通过运行在所述安全沙箱中的计算任务组件,根据所述执行文件,对所述第二业务方的业务数据执行计算操作,得到执行结果,包括:The step of performing a computing operation on the business data of the second business party according to the execution file by running the computing task component in the security sandbox to obtain an execution result includes: 通过所述安全代理组件,根据所述第二数据标识,从所述第一业务设备中获取所述第一业务方的加密业务数据;Obtaining, by the security proxy component, the encrypted business data of the first business party from the first business device according to the second data identifier; 对所述第一业务方的加密业务数据进行解密,得到所述第一业务方的业务数据;decrypting the encrypted business data of the first business party to obtain the business data of the first business party; 通过运行在所述安全沙箱中的计算任务组件,根据所述执行文件,对所述第一业务方的业务数据和第二业务方的执行计算操作,得到执行结果。By running the computing task component in the security sandbox, computing operations are performed on the business data of the first business party and the second business party according to the execution file to obtain an execution result. 6.一种数据处理方法,其特征在于,包括:6. A data processing method, comprising: 向运行在可信第三方的安全沙箱中的安全代理组件,发送计算任务请求;所述计算任务请求包括用于对第二业务方的业务数据执行计算操作的执行文件,和所述业务数据对应的加密业务数据的第一数据标识,所述安全代理组件用于根据所述第一数据标识,从所述第二业务方对应的第二业务设备中获取所述第二业务方的加密业务数据,对所述第二业务方的加密业务数据进行解密,得到所述第二业务方的业务数据;Sending a computing task request to a security proxy component running in a security sandbox of a trusted third party; the computing task request includes an execution file for performing a computing operation on the business data of the second business party, and a first data identifier of encrypted business data corresponding to the business data, the security proxy component is used to obtain the encrypted business data of the second business party from a second business device corresponding to the second business party according to the first data identifier, decrypt the encrypted business data of the second business party, and obtain the business data of the second business party; 接收所述安全代理组件所发送的加密执行结果;所述加密执行结果是由所述安全代理组件根据第一业务方的第一公钥和所述第二业务方的第二公钥,对执行结果进行聚合加密得到的,所述执行结果是运行在所述安全沙箱中的计算任务组件,根据所述执行文件对所述第二业务方的业务数据执行计算操作所得到的;receiving an encrypted execution result sent by the security proxy component; the encrypted execution result is obtained by the security proxy component performing aggregate encryption on the execution result according to the first public key of the first business party and the second public key of the second business party, and the execution result is obtained by the computing task component running in the security sandbox performing a computing operation on the business data of the second business party according to the execution file; 根据所述第一公钥对应的第一私钥,对所述加密执行结果进行解密,得到第一部分解密结果,接收由第二业务方对应的第二业务设备所发送的第二部分解密结果;所述第二部分解密结果是所述第二业务设备在确定基于所述执行文件不能还原出所述第二业务方的业务数据时,发送至所述第一业务方对应的第一业务设备的,且所述第二部分解密结果是基于所述第二公钥对应的第二私钥,对所述加密执行结果进行解密得到的,所述加密执行结果是由所述安全代理组件发送至所述第二业务设备的,所述第二业务设备中的执行文件是由所述第一业务设备或所述安全代理组件发送至所述第二业务设备的;The encrypted execution result is decrypted according to the first private key corresponding to the first public key to obtain a first part of the decrypted result, and the second part of the decrypted result sent by the second business device corresponding to the second business party is received; the second part of the decrypted result is sent to the first business device corresponding to the first business party by the second business device when it is determined that the business data of the second business party cannot be restored based on the execution file, and the second part of the decrypted result is obtained by decrypting the encrypted execution result based on the second private key corresponding to the second public key, the encrypted execution result is sent by the security proxy component to the second business device, and the execution file in the second business device is sent to the second business device by the first business device or the security proxy component; 根据所述第一部分解密结果和所述第二部分解密结果,对所述加密执行结果进行聚合解密,得到所述执行结果。According to the first partial decryption result and the second partial decryption result, the encrypted execution result is aggregated and decrypted to obtain the execution result. 7.如权利要求6所述的方法,其特征在于,所述根据所述第一部分解密结果和所述第二部分解密结果,对所述加密执行结果进行聚合解密,得到所述执行结果,包括:7. The method according to claim 6, wherein the step of performing aggregate decryption on the encrypted execution result according to the first partial decryption result and the second partial decryption result to obtain the execution result comprises: 从所述加密执行结果中,提取所述执行结果的摘要数据和异或处理结果;所述异或处理结果是对随机字节流与所述执行结果进行异或处理得到的;Extracting summary data and an XOR processing result of the execution result from the encrypted execution result; the XOR processing result is obtained by performing XOR processing on a random byte stream and the execution result; 对所述第一部分解密结果和所述第二部分解密结果进行相乘处理,得到派生公钥;Multiplying the first partial decryption result and the second partial decryption result to obtain a derived public key; 根据所述异或处理结果的数据长度,对所述派生公钥进行扩展处理,得到所述随机字节流;According to the data length of the XOR processing result, the derived public key is extended to obtain the random byte stream; 根据所述异或处理结果、所述随机字节流、所述派生公钥、所述执行结果的摘要数据,确定执行结果。The execution result is determined according to the XOR processing result, the random byte stream, the derived public key, and the summary data of the execution result. 8.如权利要求7所述的方法,其特征在于,所述根据所述异或处理结果、所述随机字节流、所述派生公钥、所述执行结果的摘要数据,确定执行结果,包括:8. The method according to claim 7, wherein determining the execution result according to the XOR processing result, the random byte stream, the derived public key, and the summary data of the execution result comprises: 对所述异或处理结果与所述随机字节流进行异或处理,得到初始执行结果;Performing XOR processing on the XOR processing result and the random byte stream to obtain an initial execution result; 对所述初始执行结果和所述派生公钥进行哈希运算,得到哈希运算结果;Performing a hash operation on the initial execution result and the derived public key to obtain a hash operation result; 当所述哈希运算结果与所述执行结果的摘要数据匹配时,将所述初始执行结果,确定所述业务数据的执行结果。When the hash operation result matches the summary data of the execution result, the initial execution result is used to determine the execution result of the business data. 9.如权利要求6所述的方法,其特征在于,所述根据所述第一公钥对应的第一私钥,对所述加密执行结果进行解密,得到第一部分解密结果,包括:9. The method according to claim 6, wherein decrypting the encrypted execution result according to the first private key corresponding to the first public key to obtain a first partial decryption result comprises: 从所述加密执行结果中提取扩展基础数据;所述扩展基础数据为基础数据的r次方,r为第一随机数,所述基础数据为用于计算所述第一公钥、所述第二公钥的数据;Extracting extended basic data from the encryption execution result; the extended basic data is the rth power of the basic data, r is a first random number, and the basic data is data used to calculate the first public key and the second public key; 获取所述扩展基础数据的次方,得到第一部分解密结果;为所述第一公钥对应的第一私钥。Get the extended basic data To the power of , we get the first part of the decryption result; The first private key corresponds to the first public key. 10.一种数据处理方法,其特征在于,包括:10. A data processing method, comprising: 根据计算任务请求中所携带的第一数据标识,向运行在可信第三方的安全沙箱中的安全代理组件,发送第二业务方的加密业务数据;所述计算任务请求是由第一业务方对应的第一业务设备发送至所述安全代理组件的,所述计算任务请求包括用于对第二业务方的业务数据执行计算操作的执行文件,和所述业务数据对应的加密业务数据的第一数据标识,所述安全代理组件用于对所述第二业务方的加密业务数据进行解密,得到所述第二业务方的业务数据;According to the first data identifier carried in the computing task request, the encrypted business data of the second business party is sent to the security proxy component running in the security sandbox of the trusted third party; the computing task request is sent to the security proxy component by the first business device corresponding to the first business party, the computing task request includes an execution file for performing a computing operation on the business data of the second business party, and the first data identifier of the encrypted business data corresponding to the business data, and the security proxy component is used to decrypt the encrypted business data of the second business party to obtain the business data of the second business party; 接收所述安全代理组件所发送的加密执行结果;所述加密执行结果是由所述安全代理组件根据所述第一业务方的第一公钥和所述第二业务方的第二公钥,对执行结果进行聚合加密得到的,所述执行结果是由运行在所述安全沙箱中的计算任务组件,根据所述执行文件,对所述第二业务方的业务数据执行计算操作得到的;receiving an encrypted execution result sent by the security proxy component; the encrypted execution result is obtained by the security proxy component performing aggregate encryption on the execution result according to the first public key of the first business party and the second public key of the second business party, and the execution result is obtained by the computing task component running in the security sandbox performing a computing operation on the business data of the second business party according to the execution file; 在确定基于所述执行文件不能还原出所述第二业务方的业务数据时,根据所述第二公钥对应的第二私钥,对所述加密执行结果进行解密,得到第二部分解密结果;所述第二业务方对应的第二业务设备中的执行文件是由所述第一业务设备或所述安全代理组件发送至所述第二业务设备的;When it is determined that the business data of the second business party cannot be restored based on the execution file, the encrypted execution result is decrypted according to the second private key corresponding to the second public key to obtain a second partial decryption result; the execution file in the second business device corresponding to the second business party is sent to the second business device by the first business device or the security proxy component; 将所述第二部分解密结果发送至所述第一业务方对应的第一业务设备;所述第一业务设备用于根据第一部分解密结果和第二部分解密结果,对所述加密执行结果进行聚合解密,得到所述执行结果,所述第一部分解密结果是由所述第一业务设备基于所述第一公钥对应的第一私钥对所述加密执行结果进行解密得到的。The second part of the decryption result is sent to the first business device corresponding to the first business party; the first business device is used to aggregate and decrypt the encrypted execution result according to the first part of the decryption result and the second part of the decryption result to obtain the execution result. The first part of the decryption result is obtained by the first business device decrypting the encrypted execution result based on the first private key corresponding to the first public key. 11.如权利要求10所述的方法,其特征在于,所述根据所述第二公钥对应的第二私钥,对所述加密执行结果进行解密,得到第二部分解密结果,包括:11. The method according to claim 10, wherein the step of decrypting the encrypted execution result according to the second private key corresponding to the second public key to obtain the second partial decryption result comprises: 从所述加密执行结果中提取扩展基础数据;所述扩展基础数据为基础数据的r次方,r为第一随机数,所述基础数据为用于计算所述第一公钥、所述第二公钥的数据;Extracting extended basic data from the encryption execution result; the extended basic data is the rth power of the basic data, r is a first random number, and the basic data is data used to calculate the first public key and the second public key; 获取所述扩展基础数据的次方,得到第二部分解密结果;为所述第二公钥对应的第二私钥。Get the extended basic data To the power of , we get the second part of the decryption result; The second private key corresponding to the second public key. 12.如权利要求10所述的方法,其特征在于,所述确定基于所述执行文件不能还原出所述第二业务方的业务数据,包括:12. The method according to claim 10, wherein the determining that the business data of the second business party cannot be restored based on the execution file comprises: 从所述执行文件,获取针对所述第二业务方的业务数据的计算操作对应的计算信息;acquiring, from the execution file, calculation information corresponding to the calculation operation on the business data of the second business party; 根据所述计算信息,确定针对所述第二业务方的业务数据的计算操作对应的计算复杂度;Determining, according to the calculation information, a calculation complexity corresponding to a calculation operation on the business data of the second business party; 当所述计算复杂度大于复杂度阈值时,确定基于所述执行文件不能还原出所述第二业务方的业务数据。When the calculation complexity is greater than a complexity threshold, it is determined that the business data of the second business party cannot be restored based on the execution file. 13.如权利要求10所述的方法,其特征在于,所述方法还包括:13. The method according to claim 10, characterized in that the method further comprises: 根据基础数据、所述可信第三方的第三公钥、所述第二私钥,生成对称密钥;Generate a symmetric key according to basic data, a third public key of the trusted third party, and the second private key; 将所述基础数据的x次方,确定为椭圆曲线群上与所述基础数据关联的第一坐标值;x为第二随机数;Determine the xth power of the basic data as the first coordinate value associated with the basic data on the elliptic curve group; x is a second random number; 根据所述对称密钥和所述第一坐标值,对所述第二业务方的业务数据进行加密,得到所述第二业务方的加密业务数据;Encrypting the service data of the second service party according to the symmetric key and the first coordinate value to obtain the encrypted service data of the second service party; 对所述第二业务方的加密业务数据进行哈希运算,得到所述第二业务方的加密业务数据的数据标识;Performing a hash operation on the encrypted business data of the second business party to obtain a data identifier of the encrypted business data of the second business party; 将所述第二业务方的加密业务数据的数据标识发送至所述第一业务方对应的第一业务设备。The data identifier of the encrypted service data of the second service party is sent to the first service device corresponding to the first service party. 14.如权利要求13所述的方法,其特征在于,所述根据基础数据、所述可信第三方的第三公钥、所述第二私钥,生成对称密钥,包括:14. The method according to claim 13, wherein generating a symmetric key according to basic data, a third public key of the trusted third party, and the second private key comprises: 将所述可信第三方的第三公钥的x次方,确定为所述椭圆曲线群上与所述第三公钥关联的第二坐标值;Determine the xth power of the third public key of the trusted third party as the second coordinate value associated with the third public key on the elliptic curve group; 将所述可信第三方的第三公钥的次方,得到所述椭圆曲线群上与所述第三公钥关联的第三坐标值;为所述第二私钥;The third public key of the trusted third party to the power, obtaining a third coordinate value associated with the third public key on the elliptic curve group; is the second private key; 对所述第三公钥、所述第二公钥、所述第一坐标值、所述第二坐标值和所述第三坐标值进行哈希运算,得到对称密钥。A hash operation is performed on the third public key, the second public key, the first coordinate value, the second coordinate value, and the third coordinate value to obtain a symmetric key. 15.一种数据处理装置,其特征在于,包括:15. A data processing device, comprising: 接收模块,用于通过运行在可信第三方的安全沙箱中的安全代理组件,接收第一业务方对应的第一业务设备所发送的计算任务请求;所述计算任务请求包括用于对第二业务方的业务数据执行计算操作的执行文件,和所述业务数据对应的加密业务数据的第一数据标识;A receiving module, configured to receive a computing task request sent by a first business device corresponding to a first business party through a security proxy component running in a security sandbox of a trusted third party; the computing task request includes an execution file for performing a computing operation on business data of a second business party, and a first data identifier of encrypted business data corresponding to the business data; 解密模块,用于通过所述安全代理组件,根据所述第一数据标识,从所述第二业务方对应的第二业务设备中获取所述第二业务方的加密业务数据,对所述第二业务方的加密业务数据进行解密,得到所述第二业务方的业务数据;a decryption module, configured to obtain, through the security proxy component and according to the first data identifier, the encrypted business data of the second business party from the second business device corresponding to the second business party, and decrypt the encrypted business data of the second business party to obtain the business data of the second business party; 执行模块,用于通过运行在所述安全沙箱中的计算任务组件,根据所述执行文件,对所述第二业务方的业务数据执行计算操作,得到执行结果;an execution module, configured to execute a computing operation on the business data of the second business party according to the execution file by running a computing task component in the security sandbox to obtain an execution result; 加密模块,用于通过所述安全代理组件,根据所述第一业务方的第一公钥和所述第二业务方的第二公钥,对所述执行结果进行聚合加密,得到加密执行结果,将所述加密执行结果发送至所述第一业务设备和所述第二业务设备;an encryption module, configured to perform aggregate encryption on the execution result through the security proxy component according to the first public key of the first business party and the second public key of the second business party to obtain an encrypted execution result, and send the encrypted execution result to the first business device and the second business device; 其中,所述第一业务设备用于根据第一部分解密结果和第二部分解密结果,对所述加密执行结果进行聚合解密,得到所述执行结果,所述第一部分解密结果是由所述第一业务设备基于所述第一公钥对应的第一私钥对所述加密执行结果进行解密得到的,所述第二部分解密结果是所述第二业务设备在确定基于所述执行文件不能还原出所述第二业务方的业务数据时,发送至所述第一业务设备的,且所述第二部分解密结果是基于所述第二公钥对应的第二私钥,对所述加密执行结果进行解密得到的,所述第二业务设备中的执行文件是由所述第一业务设备或所述安全代理组件发送至所述第二业务设备的。Among them, the first business device is used to aggregate and decrypt the encrypted execution result according to the first part of the decryption result and the second part of the decryption result to obtain the execution result, the first part of the decryption result is obtained by the first business device decrypting the encrypted execution result based on the first private key corresponding to the first public key, the second part of the decryption result is sent to the first business device by the second business device when it is determined that the business data of the second business party cannot be restored based on the execution file, and the second part of the decryption result is obtained by decrypting the encrypted execution result based on the second private key corresponding to the second public key, and the execution file in the second business device is sent to the second business device by the first business device or the security agent component. 16.一种数据处理装置,其特征在于,包括:16. A data processing device, comprising: 发送模块,用于向运行在可信第三方的安全沙箱中的安全代理组件,发送计算任务请求;所述计算任务请求包括用于对第二业务方的业务数据执行计算操作的执行文件,和所述业务数据对应的加密业务数据的第一数据标识,所述安全代理组件用于根据所述第一数据标识,从所述第二业务方对应的第二业务设备中获取所述第二业务方的加密业务数据,对所述第二业务方的加密业务数据进行解密,得到所述第二业务方的业务数据;A sending module, configured to send a computing task request to a security proxy component running in a security sandbox of a trusted third party; the computing task request includes an execution file for performing a computing operation on the business data of the second business party, and a first data identifier of encrypted business data corresponding to the business data; the security proxy component is configured to obtain the encrypted business data of the second business party from a second business device corresponding to the second business party according to the first data identifier, decrypt the encrypted business data of the second business party, and obtain the business data of the second business party; 接收模块,用于接收所述安全代理组件所发送的加密执行结果;所述加密执行结果是由所述安全代理组件根据第一业务方的第一公钥和所述第二业务方的第二公钥,对执行结果进行聚合加密得到的,所述执行结果是运行在所述安全沙箱中的计算任务组件,根据所述执行文件对所述第二业务方的业务数据执行计算操作所得到的;a receiving module, configured to receive an encrypted execution result sent by the security proxy component; the encrypted execution result is obtained by the security proxy component performing aggregate encryption on the execution result according to the first public key of the first business party and the second public key of the second business party, and the execution result is obtained by the computing task component running in the security sandbox performing a computing operation on the business data of the second business party according to the execution file; 解密模块,用于根据所述第一公钥对应的第一私钥,对所述加密执行结果进行解密,得到第一部分解密结果,接收由第二业务方对应的第二业务设备所发送的第二部分解密结果;所述第二部分解密结果是所述第二业务设备在确定基于所述执行文件不能还原出所述第二业务方的业务数据时,发送至所述第一业务方对应的第一业务设备的,且所述第二部分解密结果是基于所述第二公钥对应的第二私钥,对所述加密执行结果进行解密得到的,所述加密执行结果是由所述安全代理组件发送至所述第二业务设备的,所述第二业务设备中的执行文件是由所述第一业务设备或所述安全代理组件发送至所述第二业务设备的;a decryption module, configured to decrypt the encrypted execution result according to the first private key corresponding to the first public key to obtain a first part of the decryption result, and receive a second part of the decryption result sent by a second business device corresponding to the second business party; the second part of the decryption result is sent by the second business device to the first business device corresponding to the first business party when the second business device determines that the business data of the second business party cannot be restored based on the execution file, and the second part of the decryption result is obtained by decrypting the encrypted execution result based on the second private key corresponding to the second public key, the encrypted execution result is sent by the security proxy component to the second business device, and the execution file in the second business device is sent to the second business device by the first business device or the security proxy component; 所述解密模块,还用于根据所述第一部分解密结果和所述第二部分解密结果,对所述加密执行结果进行聚合解密,得到所述执行结果。The decryption module is further used to perform aggregate decryption on the encrypted execution result according to the first partial decryption result and the second partial decryption result to obtain the execution result. 17.一种数据处理装置,其特征在于,包括:17. A data processing device, comprising: 发送模块,用于根据计算任务请求中所携带的第一数据标识,向运行在可信第三方的安全沙箱中的安全代理组件,发送第二业务方的加密业务数据;所述计算任务请求是由第一业务方对应的第一业务设备发送至所述安全代理组件的,所述计算任务请求包括用于对第二业务方的业务数据执行计算操作的执行文件,和所述业务数据对应的加密业务数据的第一数据标识,所述安全代理组件用于对所述第二业务方的加密业务数据进行解密,得到所述第二业务方的业务数据;A sending module, used to send the encrypted business data of the second business party to a security proxy component running in a security sandbox of a trusted third party according to a first data identifier carried in a computing task request; the computing task request is sent to the security proxy component by a first business device corresponding to the first business party, the computing task request includes an execution file for performing a computing operation on the business data of the second business party, and a first data identifier of the encrypted business data corresponding to the business data, the security proxy component is used to decrypt the encrypted business data of the second business party to obtain the business data of the second business party; 接收模块,用于接收所述安全代理组件所发送的加密执行结果;所述加密执行结果是由所述安全代理组件根据所述第一业务方的第一公钥和所述第二业务方的第二公钥,对执行结果进行聚合加密得到的,所述执行结果是由运行在所述安全沙箱中的计算任务组件,根据所述执行文件,对所述第二业务方的业务数据执行计算操作得到的;a receiving module, configured to receive an encrypted execution result sent by the security proxy component; the encrypted execution result is obtained by the security proxy component performing aggregate encryption on the execution result according to the first public key of the first business party and the second public key of the second business party, and the execution result is obtained by the computing task component running in the security sandbox performing a computing operation on the business data of the second business party according to the execution file; 解密模块,用于在确定基于所述执行文件不能还原出所述第二业务方的业务数据时,根据所述第二公钥对应的第二私钥,对所述加密执行结果进行解密,得到第二部分解密结果;所述第二业务方对应的第二业务设备中的执行文件是由所述第一业务设备或所述安全代理组件发送至所述第二业务设备的;a decryption module, configured to decrypt the encrypted execution result according to a second private key corresponding to the second public key to obtain a second partial decryption result when it is determined that the business data of the second business party cannot be restored based on the execution file; the execution file in the second business device corresponding to the second business party is sent to the second business device by the first business device or the security proxy component; 所述发送模块,还用于将所述第二部分解密结果发送至所述第一业务方对应的第一业务设备;所述第一业务设备用于根据第一部分解密结果和第二部分解密结果,对所述加密执行结果进行聚合解密,得到所述执行结果,所述第一部分解密结果是由所述第一业务设备基于所述第一公钥对应的第一私钥对所述加密执行结果进行解密得到的。The sending module is also used to send the second part of the decryption result to the first business device corresponding to the first business party; the first business device is used to aggregate the decryption of the encrypted execution result according to the first part of the decryption result and the second part of the decryption result to obtain the execution result, and the first part of the decryption result is obtained by the first business device decrypting the encrypted execution result based on the first private key corresponding to the first public key. 18.一种计算机设备,包括存储器和处理器,所述存储器存储有计算机程序,其特征在于,所述处理器执行所述计算机程序时实现权利要求1至14中任一项所述的方法的步骤。18. A computer device comprising a memory and a processor, wherein the memory stores a computer program, wherein the processor implements the steps of the method according to any one of claims 1 to 14 when executing the computer program. 19.一种计算机可读存储介质,其上存储有计算机程序,其特征在于,所述计算机程序被处理器执行时实现权利要求1至14中任一项所述的方法的步骤。19. A computer-readable storage medium having a computer program stored thereon, wherein when the computer program is executed by a processor, the steps of the method according to any one of claims 1 to 14 are implemented. 20.一种计算机程序产品,包括计算机程序,其特征在于,该计算机程序被处理器执行时实现权利要求1至14中任一项所述的方法的步骤。20. A computer program product, comprising a computer program, characterized in that when the computer program is executed by a processor, the steps of the method according to any one of claims 1 to 14 are implemented.
CN202411063834.7A 2024-08-05 2024-08-05 Data processing method, device, equipment and storage medium Active CN118585991B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202411063834.7A CN118585991B (en) 2024-08-05 2024-08-05 Data processing method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202411063834.7A CN118585991B (en) 2024-08-05 2024-08-05 Data processing method, device, equipment and storage medium

Publications (2)

Publication Number Publication Date
CN118585991A CN118585991A (en) 2024-09-03
CN118585991B true CN118585991B (en) 2024-10-29

Family

ID=92530307

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202411063834.7A Active CN118585991B (en) 2024-08-05 2024-08-05 Data processing method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN118585991B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115242553A (en) * 2022-09-21 2022-10-25 航天宏图信息技术股份有限公司 Data exchange method and system supporting secure multi-party computation
CN116684172A (en) * 2023-06-25 2023-09-01 广州谦益科技有限公司 Data exchange method, device and system based on secure multiparty calculation and electronic equipment

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023158695A1 (en) * 2022-02-15 2023-08-24 Google Llc Secure environment for operations on private data
CN116933247A (en) * 2023-06-30 2023-10-24 中科云谷科技有限公司 Industrial big data sandbox system and industrial big data system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115242553A (en) * 2022-09-21 2022-10-25 航天宏图信息技术股份有限公司 Data exchange method and system supporting secure multi-party computation
CN116684172A (en) * 2023-06-25 2023-09-01 广州谦益科技有限公司 Data exchange method, device and system based on secure multiparty calculation and electronic equipment

Also Published As

Publication number Publication date
CN118585991A (en) 2024-09-03

Similar Documents

Publication Publication Date Title
JP6873270B2 (en) Handling of transaction activities based on smart contracts in the blockchain Caution Methods and devices for protecting data
EP3961455A1 (en) Data verification methods, apparatuses, and devices
CN113468602B (en) Data inspection method, device and equipment
CN113011894B (en) Financial derivative digital transaction system based on trusted computing and intelligent contract
CN114866323B (en) User-controllable privacy data authorization sharing system and method
JP2008501176A (en) Information distribution system that protects privacy
CN111431713A (en) Private key storage method and device and related equipment
CN112435026B (en) Method and device for protecting file transaction information by using zero-knowledge proof and electronic equipment
CN108537047B (en) Method and device for generating information based on block chain
KR102329221B1 (en) Blockchain-based user authentication model
US20210027283A1 (en) Federated custodian
CN111291122B (en) Bidding method and device based on block chain
US20220286291A1 (en) Secure environment for cryptographic key generation
TWI622949B (en) Know your customer (kyc) data marking dispute relief system with multiple secret key and method thereof
CN106960343B (en) A kind of electronic cash safe payment method and device
EP4092984A1 (en) Data processing method and apparatus, device and medium
CN119301903A (en) Systems and methods for alleviating network congestion on a blockchain network by supporting blockchain operations via off-chain interactions
US20250021631A1 (en) Systems and methods for whitebox device binding
CN115022042A (en) A compliance code verification method and computer-readable medium for protecting data privacy
CN111125734B (en) Data processing method and system
CN111861462A (en) Financial product transaction method and device based on block chain
CN118585991B (en) Data processing method, device, equipment and storage medium
CN114418769A (en) Block chain transaction charging method and device and readable storage medium
CN114168978A (en) Data processing method, electronic device and computer storage medium
CN111131227A (en) A data processing method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant