WO2021208906A1 - Transmission, traitement et autorisation de données - Google Patents

Transmission, traitement et autorisation de données Download PDF

Info

Publication number
WO2021208906A1
WO2021208906A1 PCT/CN2021/086900 CN2021086900W WO2021208906A1 WO 2021208906 A1 WO2021208906 A1 WO 2021208906A1 CN 2021086900 W CN2021086900 W CN 2021086900W WO 2021208906 A1 WO2021208906 A1 WO 2021208906A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
group
trusted
processed
trusted zone
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2021/086900
Other languages
English (en)
Chinese (zh)
Inventor
王磊
余超凡
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alipay Hangzhou Information Technology Co Ltd
Original Assignee
Alipay Hangzhou Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alipay Hangzhou Information Technology Co Ltd filed Critical Alipay Hangzhou Information Technology Co Ltd
Publication of WO2021208906A1 publication Critical patent/WO2021208906A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/065Network architectures or network communication protocols for network security for supporting key management in a packet data network for group communications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/088Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0877Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]

Definitions

  • the embodiments of this specification relate to the field of information technology, in particular to data transmission, processing, and authorization.
  • TEE Trusted Execution Environment
  • One of the embodiments of this specification provides a data transmission method, wherein the method is executed by a data provider’s equipment, and includes: obtaining to-be-processed data, and the to-be-processed data is used according to one or The data processing procedures in multiple trusted areas are processed into target data; the secret key used to encrypt at least part of the target data is obtained; the information to be encrypted is obtained based on the to-be-processed data and the secret key; the information to be encrypted is obtained from the trusted area
  • the group public key of the group authorization system the group public key corresponds to the trusted area group; the group public key is used to encrypt the information to be encrypted, and the encryption result is sent to a certain area in the trusted area. Devices in the trusted zone.
  • One of the embodiments of this specification provides a data transmission system, which includes: a to-be-processed data acquisition module for acquiring the to-be-processed data, and the to-be-processed data is used according to one or more credible areas in the credible area group; The data processing flow in the area is processed into target data; the secret key obtaining module is used to obtain the secret key used to encrypt at least part of the target data; the first to-be-encrypted information obtaining module is used to obtain the data based on the to-be-processed data and the The secret key is used to obtain the information to be encrypted; the group public key acquisition module is used to obtain the group public key from the trusted zone group authorization system, the group public key corresponds to the trusted zone group; the first encryption module is used to use all The group public key encrypts the information to be encrypted, and sends the encryption result to a device having a certain trusted zone in the trusted zone group.
  • One of the embodiments of this specification provides a data transmission device, which includes a processor and a storage device.
  • the storage device is used to store instructions. Data transfer method.
  • One of the embodiments of this specification provides a data processing method, wherein the method is executed in a certain trusted zone in a trusted zone group, which includes: receiving a ciphertext; obtaining a group from a trusted zone group authorization system The public key and the group private key, the group public key and the group private key correspond to the trusted zone group; the group private key is used to decrypt the ciphertext to obtain the data to be processed and used to encrypt at least part of the target data The secret key of; the data processing procedure is performed on the data to be processed to obtain the result data; the information to be encrypted is obtained based on the result data and the secret key; the information to be encrypted is encrypted using the set of private keys, and Send the encryption result to other trusted zones in the trusted zone group.
  • One of the embodiments of this specification provides a data processing system, wherein the system is implemented in a certain trusted zone in a trusted zone group, and includes: a first receiving module for receiving ciphertext; group public and private key The obtaining module is used to obtain the group public key and the group private key from the trusted zone group authorization system, the group public key and the group private key correspond to the trusted zone group; the first decryption module is used to use the The group private key decrypts the ciphertext to obtain the data to be processed and the secret key used to encrypt at least part of the target data; the data processing module is configured to perform a data processing procedure on the data to be processed to obtain the result data; second The information to be encrypted obtaining module is used to obtain the information to be encrypted based on the result data and the secret key; the second encryption module is used to encrypt the information to be encrypted using the group private key and send the encryption result to Other trusted zones in the trusted zone group.
  • One of the embodiments of this specification provides a data processing device, which includes a processor and a storage device.
  • the storage device is used to store instructions. Data processing method.
  • One of the embodiments of this specification provides a data authorization method, wherein the method is executed in a certain trusted zone within a trusted zone group, which includes: receiving ciphertext; obtaining a group from the trusted zone group authorization system Private key, the group of private keys corresponds to the trusted zone group; the group of private keys is used to decrypt the ciphertext to obtain the data to be processed and the secret key used to encrypt at least part of the target data; based on the group of private keys The data is processed to obtain target data; the secret key is used to encrypt at least part of the target data; and the encrypted at least part of the target data is output.
  • One of the embodiments of this specification provides a data authorization system, wherein the system is implemented in a certain trusted zone in a trusted zone group, and includes: a second receiving module for receiving ciphertext; a group private key
  • the obtaining module is used to obtain the group private key from the trusted zone group authorization system, where the group private key corresponds to the trusted zone group;
  • the second decryption module is used to decrypt the ciphertext using the group private key ,
  • a target data obtaining module to obtain target data based on the to-be-processed data;
  • a third encryption module to use the secret key to encrypt at least part of the target data Target data; output module for outputting at least part of the encrypted target data.
  • One of the embodiments of this specification provides a data authorization device, which includes a processor and a storage device.
  • the storage device is used to store instructions.
  • the processor executes the instructions, the implementation is as described in any embodiment of this specification Data authorization method.
  • Fig. 1 is a schematic diagram of an application scenario of a data sharing system according to some embodiments of this specification
  • Fig. 2 is an exemplary flowchart of a data transmission method according to some embodiments of the present specification
  • Fig. 3 is an exemplary flowchart of a data processing method according to some embodiments of the present specification
  • Fig. 4 is a schematic diagram of secure transmission of data in a trusted zone group according to some embodiments of this specification
  • Fig. 5 is an exemplary flowchart of a data authorization method according to some embodiments of the present specification
  • Fig. 6 is an exemplary block diagram of a data transmission system according to some embodiments of the present specification.
  • Fig. 7 is an exemplary block diagram of a data processing system according to some embodiments of the present specification.
  • Fig. 8 is an exemplary block diagram of a data authorization system according to some embodiments of the present specification.
  • system is a method for distinguishing different components, elements, parts, parts, or assemblies of different levels.
  • the words can be replaced by other expressions.
  • data provider A holds feature data
  • data provider B holds private label data. It is necessary to combine the feature data and label data held by the two parties for model training.
  • multiple data providers hold private and different feature data, and joint feature data of multiple parties for model training can improve the accuracy of the model, or it is necessary to combine feature data of multiple parties for model prediction.
  • this manual mainly uses machine learning as an example, the principles in this manual can also be applied to other scenarios that need to combine private data from multiple parties for data processing, for example, to combine private data from multiple parties for data processing. Data statistics, data analysis, etc.
  • the parties can encrypt the data and upload it to a device with a trusted zone (also called a TEE-equipped device, or TEE device for short), and the TEE device is in the trusted zone Decrypt the private data of all parties and perform data processing on the private data of all parties.
  • the data processing code is stored in the trusted zone, and the code runs in the trusted zone and realizes the corresponding data processing flow.
  • the outside world for example, the operating system of the device
  • the trusted area mentioned in this specification may include an enclave in an SGX (Software Guard eXtensions) trusted execution environment.
  • the target data can only be used by one or more designated parties.
  • the designated party may include the model trainer that uses the model as the initial model in the model migration task.
  • the designated party may include the initiator of the prediction request.
  • the model can be split into multiple sub-models one-to-one corresponding to multiple feature parties in the credible area, where each feature can be used as a sub-model. Designated party.
  • multiple features can use their respective sub-models for joint prediction.
  • the embodiments in this specification provide data transmission, processing, and authorization methods and systems.
  • the private data of each party can be processed into target data according to the data processing flow in one or more trusted areas.
  • the data to be processed or the result data always carry the secret key from the designated party before being transmitted to the trusted area. Encrypted together. After a certain trusted area obtains the target data and the decrypted secret key from the designated party, the secret key is used to encrypt at least part of the target data, and then at least part of the target data encrypted with the secret key is output. In this way, only the designated party can decrypt the at least part of the target data for use, which can prevent the target data from being abused.
  • Fig. 1 is a schematic diagram of an application scenario of a data sharing system according to some embodiments of this specification.
  • the data sharing system 100 may include devices 110 of more than two data providers, a device 120 with a trusted area, and a network 150.
  • the device 110 of the data provider may encrypt the to-be-processed private data with a secret key used to encrypt at least part of the target data, and then upload the encryption result to the device 120 with a trusted area.
  • the device 110 of the data provider can obtain the encrypted at least the target data, if the data provider The device 110 of holds the secret key used to decrypt the at least part of the target data, and can decrypt the at least part of the target data for use.
  • the device 110 of the data provider may include various devices with information receiving and/or sending functions.
  • the device 110 of the data provider may include one of a smart phone, a tablet computer, a laptop computer, a desktop computer, a server, etc., or any combination thereof.
  • the server mentioned in this specification may be an independent server or a server group, and the server group may be centralized or distributed. In some embodiments, the server may be regional or remote. In some embodiments, the server may be executed on a cloud platform.
  • the cloud platform may include one or any combination of private cloud, public cloud, hybrid cloud, community cloud, decentralized cloud, internal cloud, etc.
  • the device 120 with a trusted zone may include various types of computing devices, such as servers.
  • the data sharing system 100 may include one or more devices with trusted zones.
  • the device 120 with a trusted zone can obtain ciphertexts from multiple data providers, and decrypt private data from all parties in the trusted zone (and the secret key used to encrypt at least part of the target data). ) And combine the private data of all parties for data processing to obtain intermediate result data or target data.
  • the private data of the parties can be processed as target data according to the data processing procedures in multiple trusted regions. After the trusted region that obtains the private data is processed to obtain the intermediate result data, the intermediate result data can be converted to the target data. Encrypt it with the decrypted secret key used to encrypt at least part of the target data, and transmit the encryption result to the next trusted area.
  • Each trusted area responsible for data processing can encrypt and transmit data according to the above process until there is a trusted area to obtain the target data.
  • the trusted area responsible for data processing obtains target data through data processing
  • at least part of the target data can be encrypted with the decrypted secret key, and at least part of the encrypted target data is output.
  • the target data can be encrypted with the secret key used to encrypt at least part of the target data, and the encryption result is sent to the person responsible for data authorization. Trusted zone. After the trusted area responsible for data authorization decrypts the target data and the secret key used to encrypt at least part of the target data, the decrypted secret key can be used to encrypt at least part of the target data and output the encrypted at least part of the target data.
  • one trusted zone or multiple trusted zones can be created on the same device.
  • the trusted zone E1, the trusted zone E2, and the trusted zone E3 can be created on the device 120 at the same time.
  • multiple trusted zones can be located on the same device, or they can be deployed on different devices.
  • the data sharing system 100 may also include a third-party device 130.
  • the third-party device 130 can obtain at least part of the encrypted target data. If the third-party device 130 holds a secret key for decrypting the at least part of the target data, it can decrypt the at least part of the target data for use.
  • the third-party device 130 may obtain a model encrypted with the public key of the third-party device 130, and then use the local private key of the third-party device 130 to decrypt the model for use.
  • the decrypted model may be used as the initial model. Model training.
  • the third-party device 130 may include various devices with information receiving and/or sending functions.
  • the device 110 of the data provider may include one of a smart phone, a tablet computer, a laptop computer, a desktop computer, a server, etc., or any combination thereof.
  • the data sharing system 100 may also include a trusted zone group authorization system 140.
  • the trusted region group authorization system 140 can be the same
  • the trusted zone of the group provides a unified secret key for data encryption/decryption, such as a public-private key pair including a group public key and a group private key, so that data can be safely transmitted within the trusted zone group.
  • the trusted zone group authorization system 140 can obtain identification information (also called signature information) of multiple trusted zones to be networked, and generate public and private keys for the trusted zone group composed of the multiple trusted zones. Yes, save the signature information of the multiple trusted regions and the public-private key pair as the group information of the trusted region group.
  • the trusted zone group authorization system 140 can store group information of multiple trusted zone groups, and different trusted zone groups can be responsible for different data sharing tasks.
  • the device 110 of each data provider preparing to start the same data sharing task can obtain the group information corresponding to the data sharing task from the trusted area group authorization system 140. It should be noted that the device 110 of the data provider obtains The group information lacks the group private key.
  • the device 110 of each data provider may encrypt the information to be encrypted with the public key in the group information, and upload the encryption result to the device 120 having a trusted area corresponding to a certain signature information in the group information.
  • the identification information of the trusted zone may include the hash value of the code expected to run in the trusted zone.
  • the device with the trusted area in the group Before each trusted area in the trusted area group executes the data sharing task (running code), the device with the trusted area in the group can initiate remote authentication to the trusted area group authorization system 140, and then perform data sharing after the remote authentication is passed. Task.
  • the device with the trusted zone in the group can submit the hash value of the code running in the trusted zone to the trusted zone group authorization system 140, and the trusted zone group authorization system 140 obtains the pre-stored group information
  • the hash value of the code in the trusted area can be compared with the two hash values to verify whether the expected code will run in the trusted area. If the hash values are inconsistent, the remote authentication fails.
  • the trusted zone group authorization system 140 may send the public and private key pair in the group information to each trusted zone in the corresponding trusted zone group after the remote authentication is passed.
  • the network 150 connects the various components of the system 100 so that communication between the various components can be carried out.
  • the network 150 between the various parts in the system 100 may include a wired network and/or a wireless network.
  • the network 150 may include a cable network, a wired network, an optical fiber network, a telecommunications network, an internal network, the Internet, a local area network (LAN), a wide area network (WAN), a wireless local area network (WLAN), a metropolitan area network (MAN), public One or any combination of switched telephone network (PSTN), Bluetooth network, ZigBee network (ZigBee), near field communication (NFC), intra-device bus, intra-device wiring, cable connection, etc.
  • the network connection between each two parts can be in one of the above-mentioned ways, or in multiple ways.
  • Fig. 2 is an exemplary flowchart of a data transmission method according to some embodiments of the present specification.
  • the process 200 may be executed by the device 110 of the data provider. As shown in Figure 2, the process 200 may include:
  • Step 210 Obtain to-be-processed data, where the to-be-processed data is used to be processed into target data according to the data processing flow in one or more trusted regions in the trusted region group (denoted as E).
  • step 210 may be implemented by the to-be-processed data acquisition module 610.
  • the data to be processed is the private data of the data provider.
  • the to-be-processed data may include private feature data and/or label data held by the data provider.
  • the target data may include sample data (including data from all parties).
  • Step 220 Obtain a secret key used to encrypt at least part of the target data.
  • step 220 may be implemented by the secret key acquisition module 620.
  • the secret key is used to encrypt at least part of the target data to prevent the at least part of the target data from being misused. Accordingly, the holder of the decryption key can decrypt the at least part of the target data for use.
  • the secret key may include a public key from a data provider and/or a public key from a third-party device 130.
  • the secret key for encrypting at least part of the target data may be the public key of a certain data provider or the public key from the third-party device 130.
  • the device 110 of the data provider or the third-party device 130 can use the local private key to decrypt the at least part of the target data for use.
  • a device with a trusted zone 120 may refuse to perform the data sharing task, and may feedback the task execution failure to the data provider.
  • the device 120 with the trusted zone may continue to perform the data sharing task based on the received secret key used to encrypt the at least part of the target data.
  • the target data can be split into multiple parts, and each part can be used by a designated party.
  • the secret key may include public keys from multiple parties, and the public key from any party corresponds to part of the target data.
  • the device 120 with the trusted area can split the target data into multiple parts and use the public keys from multiple parties. The key respectively encrypts the corresponding part of the target data.
  • either party can use the local private key to decrypt part of the target data for use.
  • the device 120 with a trusted region can split the model into multiple sub-models, and encrypt each sub-model with the public key from each feature party, where each feature party holds Some characteristic data are different.
  • any feature party can use the local private key to decrypt the sub-model for use, that is, each feature party can perform multi-party joint prediction based on the sub-model decrypted by each feature party.
  • Step 230 Obtain information to be encrypted based on the data to be processed and the secret key.
  • step 230 may be implemented by the first to-be-encrypted information obtaining module 630.
  • the first to-be-encrypted information obtaining module 630 may perform data packaging on the to-be-processed data and the secret key to obtain the to-be-encrypted information.
  • Step 240 Obtain the group public key (denoted as Pk_E) from the trusted zone group authorization system 140, and the group public key Pk_E corresponds to the trusted zone group E.
  • step 240 may be implemented by the group public key acquisition module 640.
  • Step 250 Use the group public key Pk_E to encrypt the information to be encrypted, and send the encryption result to the device 120 having a certain trusted zone in the trusted zone group E.
  • step 250 may be implemented by the first encryption module 650.
  • Fig. 3 is an exemplary flowchart of a data processing method according to some embodiments of the present specification.
  • the process 300 is executed in a certain trusted zone in the trusted zone group (denoted as E).
  • a certain trusted zone here can be recorded as the current trusted zone.
  • the process 300 may include:
  • Step 310 Receive the ciphertext.
  • step 310 may be implemented by the first receiving module 710.
  • Step 320 Obtain the group public key (denoted as Pk_E) and the group private key (denoted as Pr_E) from the trusted zone group authorization system 140.
  • the group public key Pk_E and the group private key Pr_E correspond to the trusted zone group E.
  • step 320 may be implemented by the group public and private key acquisition module 720.
  • Step 330 Decrypt the ciphertext using the group private key Pr_E to obtain the data to be processed and the secret key used to encrypt at least part of the target data.
  • step 320 may be implemented by the first decryption module 730.
  • the ciphertext may come from the device 110 of the data provider, and the corresponding plaintext includes the data to be processed (ie, private data) from the data provider and a secret key used to encrypt at least part of the target data.
  • the ciphertext may come from other trusted regions in the trusted region group E, such as the previous trusted region responsible for data processing.
  • the secret key may include a public key from a data provider and/or a public key from a third-party device 130.
  • Step 340 Perform a data processing procedure on the to-be-processed data to obtain result data.
  • step 340 may be implemented by the data processing module 740.
  • the result data may refer to the processing result obtained by the data processing process in a certain trusted area (hereinafter referred to as the intermediate result data) before the target data is obtained, or it may refer to the data in a certain trusted area
  • the intermediate result data may refer to the data in a certain trusted area
  • the processing result obtained by the processing process as the target data.
  • the data processing procedure in any trusted area may include a data fusion procedure, and the data fusion procedure may be used to merge the to-be-processed data from multiple data providers.
  • the data fusion process can be used to fuse the feature data and label data of all parties.
  • the data fusion process can be used to fuse the characteristic data of all parties.
  • the data processing procedure in any trusted region may include a model training procedure, and the model training procedure may be used to train the model using sample data.
  • the model training process may use various model training algorithms, for example, linear regression algorithm, logistic regression algorithm, XGBoost (eXtreme Gradient Boosting, extreme gradient boosting) algorithm, gradient descent algorithm, etc., or any combination thereof.
  • the data processing procedure can also be other processing procedures that have nothing to do with the machine learning model, which is not limited in this specification.
  • Step 350 Obtain information to be encrypted based on the result data and the secret key.
  • step 350 may be implemented by the second to-be-encrypted information obtaining module 750.
  • the second to-be-encrypted information obtaining module 750 may perform data packaging on the result data and the secret key to obtain the to-be-encrypted information.
  • Step 360 Use the group public key Pk_E to encrypt the information to be encrypted, and send the encryption result to other trusted areas in the trusted area group E.
  • step 360 may be implemented by the second encryption module 760.
  • the result data is intermediate result data, and the second encryption module 760 may send the encryption result from the current trusted zone to the next trusted zone in the trusted zone group E that is responsible for data processing.
  • the result data is target data, and the second encryption module 760 may send the encryption result from the current trusted zone to the trusted zone in the trusted zone group E that is responsible for data authorization.
  • the trusted zone group E responsible for the data sharing task contains three trusted zones (trusted zone E1, trusted zone E2, and trusted zone E3).
  • the processed data data_A and the to-be-processed data data_B from the data provider B are processed according to the data processing procedures in the trusted area E1 and the trusted area E2 to obtain the target data S.
  • the trusted area E3 can be responsible for the release of the target data for
  • the secret key of the encrypted target data S is the public key PubKey_S from the third-party device 130, and the group public key and the group private key corresponding to the trusted zone group E are PubKey_E and PriKey_E, respectively.
  • the secure transmission process of data in the trusted zone group E may include: 1.
  • receiving the ciphertext M1 from the data provider A, and the plaintext corresponding to the ciphertext M1 includes the plaintext from the data provider A.
  • the to-be-processed data data_A and the public key PubKey_S from the third-party device 130 receive the ciphertext M2 from the data provider B.
  • the plaintext corresponding to the ciphertext M2 contains the to-be-processed data data_B from the data provider B and the third-party device 130
  • the public key PubKey_S where the ciphertext M1 and ciphertext M2 are both encrypted with the group public key PubKey_E, so decrypt the ciphertext M1 and ciphertext M2 with the group private key PriKey_E to obtain the data to be processed data_A, the data to be processed data_B, and
  • the public key PubKey_S, the data to be processed data_A and data_B are processed to obtain the intermediate result data data_M.
  • the ciphertext M3 and M3 are obtained.
  • the ciphertext M4 can obtain the target data data_S and the public key PubKey_S, the target data data_S is encrypted with the public key PubKey_S to obtain the ciphertext M5, and the ciphertext M5 is output.
  • the third-party device 130 can decrypt the ciphertext M5 with the private key that matches the public key PubKey_S stored locally, and obtain the target data data_S for use.
  • Fig. 5 is an exemplary flowchart of a data authorization method according to some embodiments of the present specification.
  • the process 500 is executed in a certain trusted zone in the trusted zone group (denoted as E).
  • a certain trusted zone here may be referred to as a target trusted zone.
  • the process 500 may include:
  • Step 510 receive the ciphertext.
  • step 510 may be implemented by the second receiving module 810.
  • Step 520 Obtain a group private key (denoted as Pr_E) from the trusted zone group authorization system 140, and the group private key Pr_E corresponds to the trusted zone group E.
  • step 520 may be implemented by the group private key acquisition module 820.
  • Step 530 Use the group private key Pr_E to decrypt the ciphertext to obtain the data to be processed and the secret key used to encrypt at least part of the target data.
  • step 530 may be implemented by the second decryption module 830.
  • the ciphertext can come from other trusted zones in the trusted zone group E, and the corresponding plaintext includes the trusted zone from the other trusted zone.
  • the data to be processed ie the result data
  • the secret key used to encrypt at least part of the target data.
  • the ciphertext is obtained by encrypting the plaintext with the group public key Pk_E corresponding to the trusted zone group E. Therefore, the second decryption module 830 can decrypt the ciphertext with the group private key Pr_E corresponding to the trusted zone group E, Obtain the data to be processed and use the secret key.
  • Step 540 Obtain target data based on the to-be-processed data.
  • step 540 may be implemented by the target data obtaining module 840.
  • the to-be-processed data decrypted in the target trusted area may be target data.
  • the target data data_S can be decrypted in the trusted area E3 responsible for data authorization. That is, the target data obtaining module 830 may directly determine the to-be-processed data as target data.
  • the to-be-processed data decrypted in the target trusted area may be intermediate result data, and the target data obtaining module 830 may perform a data processing procedure on the to-be-processed data to obtain the target data.
  • the target data may include a model and/or model information obtained through sample data training, where the sample data may be obtained by fusing feature data and/or label data from various data providers, and the model
  • the information may include information related to the model, such as model performance parameters, gradient information, and so on.
  • Step 550 Use the secret key to encrypt at least part of the target data.
  • step 550 may be implemented by the third encryption module 850.
  • Step 560 Output at least part of the encrypted target data.
  • step 560 may be implemented by the output module 860.
  • the secret key is used to encrypt at least part of the target data, that is, a party capable of using the at least part of the target data should hold the corresponding decryption key to decrypt the at least part of the target data.
  • the secret key may include a public key from a data provider and/or a public key from a third-party device 130.
  • the secret key may include public keys from multiple parties.
  • the third encryption module 850 may split the target data into multiple parts, and use public keys from multiple parties to respectively encrypt corresponding parts of the target data. Taking the target data as a splittable model as an example, the third encryption module 850 may split the complete model into multiple sub-models, and each sub-model may correspond to a feature party (each feature party holds different feature data). For each sub-model, the third encryption module 850 can encrypt the sub-model corresponding to the feature party with the public key from the feature party. In this way, after each feature party obtains the encrypted sub-model, it can use the local private key to decrypt its corresponding sub-model for use.
  • Fig. 6 is an exemplary block diagram of a data transmission system according to some embodiments of the present specification.
  • the system 600 may be implemented on the device 110 of the data provider.
  • the system 600 may include a to-be-processed data acquisition module 610, a secret key acquisition module 620, a first to-be-encrypted information acquisition module 630, a group public key acquisition module 640, and a first encryption module 650.
  • the to-be-processed data acquisition module 610 may be used to acquire the to-be-processed data, which is used for data processing in one or more trusted regions in the trusted region group (denoted as E) The process is processed into target data.
  • the secret key obtaining module 620 may be used to obtain a secret key used to encrypt at least part of the target data.
  • the first to-be-encrypted information obtaining module 630 may be configured to obtain the to-be-encrypted information based on the to-be-processed data and the secret key.
  • the group public key acquisition module 640 may be used to acquire the group public key (denoted as Pk_E) from the trusted zone group authorization system 140, and the group public key Pk_E corresponds to the trusted zone group E.
  • the first encryption module 650 may be used to encrypt the information to be encrypted using the group public key Pk_E, and send the encryption result to the device 120 having a certain trusted zone in the trusted zone group E.
  • Fig. 7 is an exemplary block diagram of a data processing system according to some embodiments of the present specification.
  • the system 700 can be implemented in a certain trusted zone in the trusted zone group (denoted as E).
  • the system 700 may include a first receiving module 710, a group public and private key acquisition module 720, a first decryption module 730, a data processing module 740, a second to-be-encrypted information acquisition module 750, and a second encryption module 760.
  • the first receiving module 710 may be used to receive ciphertext.
  • the group public and private key acquisition module 720 may be used to obtain the group public key (denoted as Pk_E) and the group private key (denoted as Pr_E) from the trusted zone group authorization system 140, the group public key Pk_E and the group private key.
  • the key Pr_E corresponds to the trusted zone group E.
  • the first decryption module 730 may be used to decrypt the ciphertext using the group private key Pr_E to obtain the data to be processed and the secret key used to encrypt at least part of the target data.
  • the data processing module 740 may be used to perform a data processing procedure on the to-be-processed data to obtain result data.
  • the second to-be-encrypted information obtaining module 750 may be used to obtain the to-be-encrypted information based on the result data and the secret key.
  • the second encryption module 760 may be used to encrypt the information to be encrypted using the group public key Pk_E, and send the encryption result to other trusted areas in the trusted area group E.
  • Fig. 8 is an exemplary block diagram of a data authorization system according to some embodiments of the present specification.
  • the system 800 can be implemented in a certain trusted zone in the trusted zone group (denoted as E).
  • the system 800 may include a second receiving module 810, a group private key acquisition module 820, a second decryption module 830, a target data acquisition module 840, a third encryption module 850, and an output module 860.
  • the second receiving module 810 may be used to receive ciphertext.
  • the group private key obtaining module 820 may be used to obtain the group private key (denoted as Pr_E) from the trusted zone group authorization system 140, and the group private key Pr_E corresponds to the trusted zone group E.
  • Pr_E group private key
  • the second decryption module 830 may be used to decrypt the ciphertext using the group private key Pr_E to obtain the data to be processed and the secret key used to encrypt at least part of the target data.
  • the target data obtaining module 840 may obtain target data based on the to-be-processed data.
  • the third encryption module 850 may use the secret key to encrypt at least part of the target data.
  • the output module 860 may be used to output at least part of the encrypted target data.
  • system 100 e.g. system 100, system 140, system 600, system 700, system 800, etc.
  • system 800 e.g., system 100, system 140, system 600, system 700, system 800, etc.
  • the system and its components can be implemented by hardware, software, or a combination of software and hardware.
  • the hardware can be implemented using dedicated logic; the software can be stored in a memory and executed by an appropriate instruction execution system, such as a microprocessor or dedicated design hardware.
  • processor control codes for example on a carrier medium such as a disk, CD or DVD-ROM, such as a read-only memory (firmware Such codes are provided on a programmable memory or a data carrier such as an optical or electronic signal carrier.
  • the system and its components in this specification can include not only hardware circuits such as very large-scale integrated circuits or gate arrays, semiconductors such as logic chips, transistors, etc., or programmable hardware devices such as field programmable gate arrays, programmable logic devices, etc.
  • the implementation may also be implemented by software executed by various types of processors, or may be implemented by a combination of the above-mentioned hardware circuit and software (for example, firmware).
  • the first to-be-encrypted information obtaining module 630 and the first encryption module 650 disclosed in FIG. 6 may be two modules, or may be combined into one module.
  • the encryption module and the decryption module in any system implemented in the trusted zone are two modules, or they can be combined into one module.
  • the encryption module and decryption module in any system implemented in the trusted zone can be packaged into an easy-to-use SDK (Software Development Kit, software development kit). Such deformations are all within the protection scope of this specification.
  • the possible beneficial effects of the embodiments of this specification include, but are not limited to: (1) Before the data to be processed or the result data is safely transmitted to the trusted region in the trusted region group, the secret key from the designated party is always carried. Encrypted together, the secret key is used to encrypt at least part of the target data, so that only the designated party can decrypt the at least part of the target data for use, which can prevent the target data from being abused; (2) Anything that will be implemented in the trusted zone
  • the encryption module and decryption module in one system are packaged into SDK, which is easier for users who write code to use. It should be noted that different embodiments may have different beneficial effects. In different embodiments, the possible beneficial effects may be any one or a combination of the above, or any other beneficial effects that may be obtained.
  • the computer storage medium may contain a propagated data signal containing a computer program code, for example on a baseband or as part of a carrier wave.
  • the propagated signal may have multiple manifestations, including electromagnetic forms, optical forms, etc., or a suitable combination.
  • the computer storage medium may be any computer readable medium other than the computer readable storage medium, and the medium may be connected to an instruction execution system, device, or device to realize communication, propagation, or transmission of the program for use.
  • the program code located on the computer storage medium can be transmitted through any suitable medium, including radio, cable, fiber optic cable, RF, or similar medium, or any combination of the above medium.
  • the computer program codes required for the operations of the various parts of the embodiments of this specification can be written in any one or more programming languages, including object-oriented programming languages such as Java, Scala, Smalltalk, Eiffel, JADE, Emerald, C++, C#, VB.NET , Python, etc., conventional programming languages such as C language, VisualBasic, Fortran2003, Perl, COBOL2002, PHP, ABAP, dynamic programming languages such as Python, Ruby and Groovy, or other programming languages, etc.
  • the program code can run entirely on the user's computer, or as an independent software package on the user's computer, or partly on the user's computer and partly on a remote computer, or entirely on the remote computer or processing equipment.
  • the remote computer can be connected to the user's computer through any network form, such as a local area network (LAN) or a wide area network (WAN), or connected to an external computer (for example, via the Internet), or in a cloud computing environment, or as a service Use software as a service (SaaS).
  • LAN local area network
  • WAN wide area network
  • SaaS service Use software as a service

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

Conformément à des modes de réalisation, la présente invention concerne un procédé de transmission, de traitement et d'autorisation de données, et un système associé. Des données privées de différentes parties peuvent être traitées en données cibles selon un processus de traitement de données dans une ou plusieurs zones de confiance d'un groupe de zones de confiance, des données à traiter ou des données de résultat transportent toujours une clé provenant d'une partie spécifiée avant d'être transmises de manière sécurisée aux zones de confiance, les deux sont chiffrées ensemble, lorsqu'une zone de confiance du groupe de zones de confiance acquiert les données cibles et la clé déchiffrée à partir de la partie spécifiée, au moins certaines des données cibles sont chiffrées à l'aide de la clé, et la ou les certaines données cibles parmi les données cibles chiffrées à l'aide de la clé sont ensuite délivrées. Ainsi, la confidentialité des données des différentes parties est efficacement protégée.
PCT/CN2021/086900 2020-04-17 2021-04-13 Transmission, traitement et autorisation de données Ceased WO2021208906A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202010307601.2 2020-04-17
CN202010307601.2A CN111628966B (zh) 2020-04-17 2020-04-17 数据传输方法、系统、装置及数据授权方法、系统、装置

Publications (1)

Publication Number Publication Date
WO2021208906A1 true WO2021208906A1 (fr) 2021-10-21

Family

ID=72260956

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/086900 Ceased WO2021208906A1 (fr) 2020-04-17 2021-04-13 Transmission, traitement et autorisation de données

Country Status (2)

Country Link
CN (1) CN111628966B (fr)
WO (1) WO2021208906A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117473324A (zh) * 2023-11-16 2024-01-30 北京熠智科技有限公司 基于SGX和XGBoost的模型训练方法、系统及存储介质

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111628966B (zh) * 2020-04-17 2021-09-24 支付宝(杭州)信息技术有限公司 数据传输方法、系统、装置及数据授权方法、系统、装置
CN112769786B (zh) * 2020-12-29 2022-11-01 杭州趣链科技有限公司 基于不经意传输规则的数据传输方法、装置和计算机设备
CN116010970A (zh) * 2021-05-20 2023-04-25 浙江网商银行股份有限公司 基于遥感数据的数据处理方法及装置
CN113392421B (zh) * 2021-08-16 2021-10-29 华控清交信息科技(北京)有限公司 一种数据处理方法、装置和用于数据处理的装置
CN114611129A (zh) * 2022-03-18 2022-06-10 蚂蚁区块链科技(上海)有限公司 一种数据隐私保护方法和系统
CN114615070B (zh) * 2022-03-21 2024-04-19 中国人民解放军国防科技大学 基于可信执行环境的网络安全事件捕获方法和装置

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106851351A (zh) * 2015-12-03 2017-06-13 国家新闻出版广电总局广播科学研究院 一种支持数字版权管理(drm)的媒体网关/终端实现方法及其设备
US9722775B2 (en) * 2015-02-27 2017-08-01 Verizon Patent And Licensing Inc. Network services via trusted execution environment
CN109657479A (zh) * 2017-10-11 2019-04-19 厦门雅迅网络股份有限公司 数据防泄漏方法及计算机可读存储介质
CN110968743A (zh) * 2019-12-13 2020-04-07 支付宝(杭州)信息技术有限公司 针对隐私数据的数据存储、数据读取方法及装置
CN111628966A (zh) * 2020-04-17 2020-09-04 支付宝(杭州)信息技术有限公司 数据传输、处理、授权方法及其系统

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10936723B2 (en) * 2019-03-27 2021-03-02 Intel Corporation Fast and secure protocol to bootstrap a blockchain by restoring the blockchain state using trusted execution environment
CN110162981B (zh) * 2019-04-18 2020-10-02 阿里巴巴集团控股有限公司 数据处理方法及装置
CN110995737B (zh) * 2019-12-13 2022-08-02 支付宝(杭州)信息技术有限公司 联邦学习的梯度融合方法及装置和电子设备

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9722775B2 (en) * 2015-02-27 2017-08-01 Verizon Patent And Licensing Inc. Network services via trusted execution environment
CN106851351A (zh) * 2015-12-03 2017-06-13 国家新闻出版广电总局广播科学研究院 一种支持数字版权管理(drm)的媒体网关/终端实现方法及其设备
CN109657479A (zh) * 2017-10-11 2019-04-19 厦门雅迅网络股份有限公司 数据防泄漏方法及计算机可读存储介质
CN110968743A (zh) * 2019-12-13 2020-04-07 支付宝(杭州)信息技术有限公司 针对隐私数据的数据存储、数据读取方法及装置
CN111628966A (zh) * 2020-04-17 2020-09-04 支付宝(杭州)信息技术有限公司 数据传输、处理、授权方法及其系统

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117473324A (zh) * 2023-11-16 2024-01-30 北京熠智科技有限公司 基于SGX和XGBoost的模型训练方法、系统及存储介质
CN117473324B (zh) * 2023-11-16 2024-08-09 北京熠智科技有限公司 基于SGX和XGBoost的模型训练方法、系统及存储介质

Also Published As

Publication number Publication date
CN111628966A (zh) 2020-09-04
CN111628966B (zh) 2021-09-24

Similar Documents

Publication Publication Date Title
WO2021208906A1 (fr) Transmission, traitement et autorisation de données
US9674158B2 (en) User authentication over networks
US20220114249A1 (en) Systems and methods for secure and fast machine learning inference in a trusted execution environment
JP6382272B2 (ja) ある装置を使用して別の装置をアンロックする方法
US10601801B2 (en) Identity authentication method and apparatus
WO2025036394A1 (fr) Procédé et appareil de traitement de données, et support lisible et dispositif électronique
WO2021022701A1 (fr) Procédé et appareil de transmission d'informations, terminal client, serveur et support d'informations
US10609070B1 (en) Device based user authentication
CN110535641B (zh) 密钥管理方法和装置、计算机设备和存储介质
US12244691B2 (en) Secure installation of application keys
US20200344075A1 (en) Secure provisioning of keys
TW202031010A (zh) 資料儲存方法、裝置及設備
WO2023169409A1 (fr) Procédé et appareil d'invocation de modèle, et support de stockage
US11785005B2 (en) Secure tunneling with implicit device identification
US11637704B2 (en) Method and apparatus for determining trust status of TPM, and storage medium
CN114389790B (zh) 一种安全多方计算方法及装置
CN119483915A (zh) 一种远程证明方法、装置及相关设备
WO2016029668A1 (fr) Procédé, dispositif, et système de connexion sécurisée, et support de stockage informatique
CN116170209B (zh) 通讯系统、方法、装置、设备以及存储介质
HK40036426B (en) Data transmission method, system, device and data authorization method, system and device
HK40036426A (en) Data transmission method, system, device and data authorization method, system and device
KR20090106799A (ko) 저장매체의 안전한 데이터 관리를 위한 단말 장치, 메모리및 그 방법
TW202544672A (zh) 用於與積體記憶體裝置之記憶體中處理器電路交換通信之安全通道
CN120150967A (zh) 激活方法、云平台、通信组件及计算机可读存储介质
CN109977664A (zh) 系统刷新方法及电子设备

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21789320

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21789320

Country of ref document: EP

Kind code of ref document: A1