A joint modeling method and apparatus
By receiving and executing operation requests within a virtual space pre-established by the data provider, the problem of data leakage in the fusion of data from multiple companies is solved, enabling secure multi-party data fusion and modeling, and ensuring data security.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- BEIJING BAIDU NETCOM SCI & TECH CO LTD
- Filing Date
- 2019-08-21
- Publication Date
- 2026-06-30
AI Technical Summary
When data is merged across multiple companies, it can easily lead to data leakage. Existing technologies use dedicated lines or VPNs to send data to an independent third party for merging, but this poses a data security risk.
It receives encrypted data uploaded by at least two data providers, and after authentication, executes operation requests within a virtual space pre-established by the data providers to achieve secure fusion and modeling of encrypted data and prevent data leakage.
It achieves security in the fusion of multi-party data, effectively avoids data leakage, and ensures the security of data from all parties.
Smart Images

Figure CN110471908B_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of network technology, and in particular to a joint modeling method and apparatus. Background Technology
[0002] In the current technology, with the rapid development of Internet finance, companies or institutions need to understand more and more data resources. Since no company or institution can currently master all the data required for risk control, joint modeling that can achieve multi-party data integration has emerged.
[0003] Joint modeling refers to the process of establishing a data model for an information system using formal data modeling techniques based on data from multiple domain systems. Data fusion refers to the process of extracting, fusing, and organizing relevant data from multiple data sources into an analytical dataset with the goal of generating decision intelligence.
[0004] Currently, because multiple companies are prone to data leakage when merging data, they often use dedicated lines or VPNs (Virtual Private Networks) to send data to an independent third party. The data from multiple parties is then merged and relayed through this independent third party. Summary of the Invention
[0005] This application presents a joint modeling method and apparatus.
[0006] In a first aspect, this application provides a joint modeling method, which includes: receiving encrypted data uploaded by at least two data providers to obtain an encrypted data group;
[0007] Receive operation requests for encrypted data groups; if the requester submitting the operation request is the data provider that has uploaded the encrypted data, execute the operation indicated in the operation request.
[0008] In some embodiments, the requester submitting the operation request is determined to be the data provider that has uploaded encrypted data through the following steps: detecting the permission setting information of the feature fields in each encrypted data of the encrypted data group, wherein the feature fields are used to represent the feature information of different dimensions of the encrypted data; authenticating the requester submitting the operation request based on the permission setting information; and confirming that the requester submitting the operation request is the data provider that has uploaded encrypted data if the authentication is successful.
[0009] In some embodiments, in response to the requester submitting the operation request being a data provider that has uploaded encrypted data, performing the operation indicated by the operation request includes: in response to the requester submitting the operation request being a data provider that has uploaded encrypted data, performing the operation indicated by the operation request within a virtual space pre-established by the data provider.
[0010] In some embodiments, performing the operation indicated by the operation request includes: when performing the operation indicated by the operation request, retrieving encrypted data from the encrypted array and presenting the encrypted data in the encrypted data group to the requester who submitted the operation request in the following manner: presenting the requester with an example of encrypted data uploaded by the requester and encrypted data not uploaded by the requester.
[0011] In some embodiments, the operation includes a modeling operation, and in response to the requester submitting the operation request being a data provider that has uploaded encrypted data, performing the operation indicated by the operation request includes: in response to the requester submitting the operation request being a data provider that has uploaded encrypted data, performing the modeling operation indicated by the operation request, obtaining a model trained based on the encrypted data set, and sending a notification message to the requester of the operation request that the modeling operation has been completed.
[0012] In some embodiments, in response to the requester submitting the operation request being a data provider that has uploaded encrypted data, performing the operation indicated by the operation request further includes: in response to the model export request submitted by the requester based on the notification message, exporting the model trained on the encrypted data set and returning the model trained on the encrypted data to the requester of the operation request.
[0013] Secondly, this application provides a data security co-modeling apparatus, comprising: a receiving unit configured to receive encrypted data uploaded by at least two data providers to obtain an encrypted data group; a requesting unit configured to receive an operation request for the encrypted data group; and an execution unit configured to execute the operation indicated by the operation request in response to the requesting party submitting the operation request being a data provider that has uploaded encrypted data.
[0014] In some embodiments, the requester submitting the operation request in the execution unit is determined to be the data provider that has uploaded encrypted data through the following steps: detecting the permission setting information of the feature fields in each encrypted data of the encrypted data group, wherein the feature fields are used to represent the feature information of different dimensions of the encrypted data; authenticating the requester submitting the operation request based on the permission setting information; and confirming that the requester submitting the operation request is the data provider that has uploaded encrypted data if the authentication is successful.
[0015] In some embodiments, the execution unit is further configured to: in response to a requester submitting an operation request who is a data provider that has uploaded encrypted data, perform the operation indicated by the operation request within a virtual space pre-established by the data provider.
[0016] In some embodiments, the execution unit is further configured to: when performing the operation indicated by the operation request, invoke the encrypted data in the encrypted array and present the encrypted data in the encrypted data set to the requester who submitted the operation request in the following manner: present the encrypted data uploaded by the requester and an example of encrypted data not uploaded by the requester to the requester who submitted the operation request.
[0017] In some embodiments, the operations performed by the execution unit include a modeling operation, and the execution unit is further configured to: in response to the requester submitting the operation request being a data provider that has uploaded encrypted data, perform the modeling operation indicated by the operation request, obtain a model trained based on the encrypted data set, and send a notification message to the requester of the operation request that the modeling operation has been completed.
[0018] In some embodiments, the execution unit is further configured to: in response to a model export request submitted by a requester based on a notification message, which receives an operation request, export the model trained on the encrypted data set and return the model trained on the encrypted data to the requester of the operation request.
[0019] Thirdly, this application provides an electronic device, which includes one or more processors and a storage device storing one or more programs thereon, wherein when the one or more programs are executed by the one or more processors, the one or more processors enable a method for joint modeling of data security.
[0020] Fourthly, this application provides a computer-readable medium having a computer program stored thereon, which, when executed by a processor, enables a method for joint modeling of data security.
[0021] The data security joint modeling method and apparatus provided in this application obtains an encrypted data group by receiving encrypted data uploaded by at least two data providers; receives an operation request for the encrypted data group; and, in response to the requesting party submitting the operation request being a data provider that has uploaded encrypted data, executes the operation indicated by the operation request. This enables one of the at least two data providers to complete the multi-party data fusion, effectively preventing data leakage to the requesting party submitting the operation request outside of the data providers, and ensuring the security of the data of all parties. Attached Figure Description
[0022] Figure 1 This is an exemplary system architecture diagram to which this application can be applied;
[0023] Figure 2 This is a flowchart of an embodiment of the joint modeling method according to this application;
[0024] Figure 3 This is a schematic diagram of an application scenario of the joint modeling method according to this application;
[0025] Figure 4 This is a flowchart of yet another embodiment of the joint modeling method according to this application;
[0026] Figure 5 This is a schematic diagram of a structure of one embodiment of the joint modeling apparatus according to this application;
[0027] Figure 6 This is a schematic diagram of the structure of a computer system suitable for implementing the server embodiments of this application. Detailed Implementation
[0028] The present application will now be described in further detail with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and not intended to limit it. Furthermore, it should be noted that, for ease of description, only the parts relevant to the invention are shown in the accompanying drawings.
[0029] It should be noted that, unless otherwise specified, the embodiments and features described in this application can be combined with each other. This application will now be described in detail with reference to the accompanying drawings and embodiments.
[0030] Figure 1 An exemplary system architecture 100 is shown, which can be applied to an embodiment of a joint modeling method of this application.
[0031] like Figure 1 As shown, system architecture 100 may include terminal device 101, network 102, and servers 103, 104, and 105. Servers 103, 104, and 105 may be backend servers used to provide cloud services. Network 102 represents the medium providing communication links between terminal device 101 and servers 103, 104, and 105. Network 104 may include various connection types, such as wired or wireless communication links, or fiber optic cables, etc.
[0032] Servers 103, 104, and 105 interact with terminal device 101 via network 104 to receive encrypted data uploaded by the data provider's technical personnel through the display interface of terminal device 101, as well as operations performed on the encrypted data by the data provider's technical personnel. Terminal device 101 may have various communication client applications installed, such as web browser applications, instant messaging tools, and email clients.
[0033] Terminal device 101 can be hardware or software. When terminal device 101 is hardware, it can be various electronic devices with a display screen and supporting communication with a cloud server, including but not limited to smartphones, tablets, laptops, and desktop computers. When terminal device 101 is software, it can be installed in the electronic devices listed above. It can be implemented as multiple software programs or software modules, or as a single software program or software module. No specific limitations are made here.
[0034] Servers 103, 104, and 105 can be servers that provide various services, such as the aforementioned server with a joint modeling method. Servers 103, 104, and 105 can receive encrypted data uploaded by the data provider's technical personnel through the display interface of terminal device 101 and receive operations performed on the encrypted data by the data provider's technical personnel.
[0035] Servers 103, 104, and 105 can be either hardware or software. When servers 103, 104, and 105 are hardware, they can be implemented as a distributed server cluster consisting of multiple servers, or as a single server. When servers are software, they can be implemented as multiple software programs or software modules, or as a single software program or software module. No specific limitations are made here.
[0036] It should be noted that the joint modeling method provided in this application embodiment is generally executed by server 103, 104, 105 or terminal device 101, and correspondingly, the joint modeling device is generally set in server 103, 104, 105 or terminal device 101.
[0037] It should be understood that Figure 1 The number of terminal devices 101, network 104, and servers 103, 104, and 105 shown in the diagram is merely illustrative. Any number of terminal devices, networks, and servers can be included depending on implementation requirements.
[0038] Figure 2 A flowchart 200 illustrates an embodiment of the joint modeling method applicable to this application. The joint modeling method includes the following steps:
[0039] Step 201: Receive encrypted data uploaded by at least two data providers to obtain an encrypted data group.
[0040] In this embodiment, the executing entity of the joint modeling method (e.g. Figure 1The servers 103, 104, 105 or terminal 101 shown can be operating platforms provided by any one of at least two data providers. The executing entity can interact with the technical personnel of each data provider through the terminal interface. The technical personnel of each data provider can use the terminal interface to upload encrypted data and perform subsequent processing on the encrypted data.
[0041] The encrypted data provided by at least two sample providers can include sample identifiers for multiple encrypted sample data. Here, the sample identifier is used to distinguish different sample data in the encrypted data and is unique, such as an ID card number, account number, or code.
[0042] The remaining parties among at least two encrypted data providers can act as feature information providers. The encrypted data they provide can be feature information of sample data that corresponds one-to-one with the encrypted feature identifiers and the sample identifiers of the sample data provided by the sample providers, such as age, gender, education level, etc.
[0043] The feature identifiers provided by the feature information provider can be obtained by mapping the sample identifiers of the sample data provided by the sample provider. To ensure data security, the sample identifiers provided by the sample provider can be encrypted before the mapping process to obtain the feature identifiers of the feature information.
[0044] Here, the encrypted data provided by each data provider can be encrypted using existing or future-developed encryption algorithms. For example, the encryption algorithm can be a symmetric encryption algorithm using the same encryption and decryption keys, an asymmetric encryption algorithm using different encryption and decryption keys, a hash algorithm that does not require a key, etc., and this application does not limit this. Common symmetric encryption algorithms include DES (Data Encryption Standard), 3DES (Triple Data Encryption Standard), and AES (Advanced Encryption Standard); common asymmetric encryption algorithms include DSA (Digital Signature Algorithm) and ECC (Elliptic Curve Cryptography). Common hash algorithms include SHA-1 (Secure Hash Algorithm 1) and MD5 (Message-digest algorithm 5).
[0045] The executing entity receives encrypted data uploaded by the technical personnel of each encrypted data provider through the terminal interface, and combines the encrypted data uploaded by the technical personnel of each encrypted data provider into an encrypted data group.
[0046] It should be noted that the executing entity can receive encrypted data using existing or future technologies, and this application does not limit this. For example, the terminal interface of the executing entity can provide a data input box to receive encrypted data uploaded by technical personnel from various data providers, and the terminal interface can also provide an import button to receive encrypted data uploaded by technical personnel from various data providers. In a specific example, when the technical personnel of the data provider click the import button on the terminal interface, they can select a file to import from their local machine, thus importing the file containing encrypted data. The file type can be any file type found in existing or future technologies, and this application does not limit this. For example, the file type can be a pre-defined format such as Excel or TXT.
[0047] Step 202: Receive an operation request for the encrypted data group.
[0048] In this embodiment, the aforementioned executing entity may receive an operation request for the encrypted data group after receiving the encrypted data and obtaining the encrypted data group, or it may detect whether an operation request for the encrypted data has been received from a technician of the operation request submitter before receiving the encrypted data and obtaining the encrypted data group. This application does not limit this.
[0049] The method by which the technical personnel of the requesting party submits the operation request can be any of the existing or future methods, and this application does not limit this. For example, the method of submitting the operation request can be: the technical personnel of the requesting party clicks on the option to submit the operation request displayed on the terminal interface of the executing entity; or the technical personnel of the requesting party enters a predefined shortcut command in the command bar of the terminal interface of the executing entity to submit the operation request.
[0050] Step 203: In response to the requester submitting the operation request being the data provider that has uploaded encrypted data, perform the operation indicated in the operation request.
[0051] In this embodiment, when determining whether the requester submitting the operation request is the data provider that has uploaded encrypted data, the executing entity can determine whether the authentication information of the requester is consistent with the authentication information reserved by the data provider. If they are consistent, the requester can be identified as the data provider that has uploaded encrypted data. Here, authentication information refers to the information used by a terminal or user to verify identity or permissions during the execution of a specific service by the target application. The authentication information can be any existing or future technology used for verifying identity or permissions, and this application does not limit its use. For example, authentication information can be one or more combinations of static passwords, dynamic passwords, biometric information, and field information.
[0052] If the requester submitting the operation request verifies that it is the data provider that has uploaded encrypted data, then the executing entity will perform the operation indicated in the operation request. The operation indicated in the operation request can be a data processing method using existing or future technologies, including but not limited to data modeling, data mining, data visualization analysis, etc.
[0053] In some alternative methods, the requester submitting the operation request is identified as the data provider that has uploaded encrypted data through the following steps: detecting the permission setting information of the feature fields in each encrypted data of the encrypted data group, where the feature fields are used to represent different dimensions of feature information of the encrypted data; authenticating the requester submitting the operation request based on the permission setting information; and confirming that the requester submitting the operation request is the data provider that has uploaded encrypted data if the authentication is successful.
[0054] In this implementation, feature fields are used to represent different dimensions of characteristic information of the encrypted data, such as age, gender, and education level. The executing entity authenticates the operation requester by checking the permission settings information of the feature fields in each encrypted data group.
[0055] The permission settings for feature fields refer to the permission information that authorizes viewing permissions for multiple forms in the database based on the form field values. For example, if the selected form type in the database is "Employee Personal Information," and its form field values are "Salary," "Age," and "Education Level," then the system can control the viewing permissions of different personal information forms for employees separately, such as allowing viewing of age and education level, but disallowing viewing of salary.
[0056] If the permission settings of the executing entity match the preset permission settings, the verification passes, confirming that the requester submitting the operation request is the data provider that has uploaded the encrypted data. Authenticating the requester through permission settings in the feature field further prevents encrypted data from being leaked to any other requester submitting the operation request besides the data provider.
[0057] In some alternative approaches, performing the operation indicated by the operation request includes: when performing the operation indicated by the operation request, retrieving the encrypted data in the encrypted array and presenting the encrypted data in the encrypted data group to the requester who submitted the operation request in the following manner: presenting the requester with an example of the encrypted data uploaded by the requester and the encrypted data not uploaded by the requester.
[0058] In this implementation, the executing entity only presents samples of the encrypted data uploaded by the requesting party and the encrypted data uploaded by the non-requesting party to the technical personnel of the requesting party who submitted the operation request, and does not present the encrypted data uploaded by the non-requesting party. This can restrict the access of the technical personnel of the requesting party to the encrypted data, thereby protecting the encrypted data uploaded by the non-requesting party from being leaked.
[0059] Here, the way the executing entity restricts the access of the technical personnel of the operation requesting party to the encrypted data can be by using permission settings in existing or future technologies, such as fields, data, etc., and this application does not limit this.
[0060] In some alternative approaches, the operation includes a modeling operation, and in response to the requester submitting the operation request being a data provider that has uploaded encrypted data, performing the operation indicated by the operation request includes: in response to the requester submitting the operation request being a data provider that has uploaded encrypted data, performing the modeling operation indicated by the operation request, obtaining a model trained based on the encrypted data set, and sending a notification message to the requester of the operation request that the modeling operation has been completed.
[0061] In this implementation, the executing entity responds to the requester who submitted the operation request, which is the data provider that has uploaded encrypted data, by performing the modeling operation indicated in the operation request. This modeling operation may include data decryption, data fusion, feature engineering, model training, and model validation.
[0062] Here, data decryption is primarily used to decrypt encrypted data from an encrypted data set to obtain decrypted data. Data fusion is mainly used to analyze and process the decrypted data to form new data. Feature engineering is mainly used for feature classification and filtering of new data to remove irrelevant features and reduce the difficulty of model training and machine learning tasks.
[0063] Model training is primarily used to build models based on new data. Model training involves setting target and dependent variables, where the target variable is the purpose of building the model, and the dependent variable is the data features related to building the model.
[0064] For example, the purpose of a technical professional building a model is to determine a person's creditworthiness based on their basic data. The relevant features for creditworthiness include age, occupation, salary, and spending history. Therefore, when building a model, the technical professional can set creditworthiness as the target variable and age, occupation, salary, and spending history as the dependent variables.
[0065] The modeling process may include determining the first sample data corresponding to the target variable, determining the second sample data corresponding to the dependent variable, inputting the first sample data and the second sample data into a preset model for training to determine the model parameters, and using the preset model with the determined model parameters as the established model.
[0066] Model validation is primarily used to verify the established model. During the modeling process, the data provider can set the proportion of sample data used for model building, for example, 70%, with the remaining proportion used for model validation. In model validation, the data corresponding to the target variable in the remaining proportion can be designated as the first sample data, and the data corresponding to the dependent variable as the second sample data. These first and second sample data are then input into the established model. The output results are compared with the actual results. If the comparison result is less than the set error range, the established model is considered to have passed validation.
[0067] Upon receiving the model trained on the encrypted data set, the executing entity sends a notification message to the technical personnel of the requesting party that the modeling operation has been completed, thus realizing joint modeling of encrypted data from multiple parties and ensuring data security during the modeling process.
[0068] In some alternative approaches, the requester responding to the submission of the operation request is the data provider that has uploaded the encrypted data, and the operation indicated by the operation request also includes: in response to the model export request submitted by the requester based on the notification message, exporting the model trained on the encrypted data set and returning the model trained on the encrypted data to the requester of the operation request.
[0069] In this implementation, the executing entity responds to the model export request submitted by the requesting party's technical personnel based on the notification message, exports the model trained on the encrypted data set, and returns the model trained on the encrypted data to the requesting party. The model can be stored as a file on a file cluster, and by setting permissions on the file cluster, it is ensured that the file cluster can only be operated by the technical personnel of the requesting party who generated the model, thus guaranteeing the security of the generated model.
[0070] Furthermore, when exporting the model, the executing entity can initiate a manual review upon receiving a request for manual review from the technical personnel who requested the model's creation. This involves displaying the trained model through a user interface for manual inspection. If the executing entity receives a positive result from the manual review, it then publishes the file as a model SDK (Software Development Kit).
[0071] See also Figure 3 , Figure 3 This is a schematic diagram of an application scenario of the joint modeling method according to this embodiment. Figure 3 The application scenario is in the credit field, where user data provided by banking institutions and user data provided by internet platforms are jointly modeled to assess user creditworthiness. To ensure data security during the modeling process, dedicated lines or VPNs are required, and the data must be integrated on a dedicated server in a data center. Furthermore, professional data entry is necessary.
[0072] exist Figure 3 The application scenario illustrates a scenario where server clusters 305, 306, and 307 running a collaborative modeling system receive first encrypted data uploaded by technical personnel from a first data provider (bank institution, 301) via a terminal interface displayed on terminal device 303, and second encrypted data uploaded by technical personnel from a second data provider (internet platform, 302) via a terminal interface displayed on terminal device 304. The first encrypted data can be a user's ID number, age, education level, etc., while the second encrypted data can be a user's search data, social data, etc. In response to receiving the first and second encrypted data, server clusters 305, 306, and 307 detect whether to accept an operation request from the requesting technical personnel regarding the encrypted data group, such as receiving a click operation from the requesting technical personnel on the modeling operation option displayed on the terminal interface of terminal device 303 or terminal device 304. Server clusters 305, 306, and 307 respond to received operation requests by authenticating the requester based on appropriate permission settings. For example, they detect instructions entered by technical personnel through the terminal interface displayed on terminal device 303 or 304. If the requester is a banking institution or internet platform, they accept the modeling operation performed on the encrypted data group by the technical personnel and export the generated model. Furthermore, during model export, server clusters 305, 306, and 307 can also respond to settings requiring manual review by the technical personnel of the banking institution or internet platform, exporting the model only after receiving approval from the manual reviewer.
[0073] The joint modeling method provided in the embodiments of this disclosure obtains an encrypted data group by receiving encrypted data uploaded by at least two data providers; receives an operation request for the encrypted data group; and, in response to the requesting party submitting the operation request being a data provider that has uploaded encrypted data, executes the operation indicated by the operation request. This enables one of the at least two data providers to complete the fusion of multi-party data and effectively avoids data leakage to the requesting party submitting the operation request outside the data providers, thus ensuring the security of the data of all parties.
[0074] Further reference Figure 4 This illustrates a flow 400 of another embodiment of the joint modeling method. Flow 400 of the joint modeling method includes the following steps:
[0075] Step 401: Receive encrypted data uploaded by at least two data providers to obtain an encrypted data group.
[0076] In this embodiment, the implementation details and technical effects of step 401 can be found in the description of step 201, and will not be repeated here.
[0077] Step 402: Receive an operation request for the encrypted data group.
[0078] In this embodiment, the implementation details and technical effects of step 402 can be found in the description of step 202, and will not be repeated here.
[0079] Step 403: In response to the requester submitting the operation request being the data provider that has uploaded encrypted data, the operation indicated in the operation request is executed within the virtual space established by the data provider.
[0080] In this embodiment, the executing entity responds to the requester who submitted the operation request, which is the data provider that has uploaded encrypted data. The entity performs the operation on the encrypted data group indicated by the operation request within a virtual space pre-established by the data provider. The virtual space can be set as a virtual machine, and there can be multiple virtual spaces. The virtual spaces are dynamically created and recycled and have no absolute correspondence with the physical address of the physical server. All data will be deleted after the operation is completed to avoid data leakage due to data residue.
[0081] Here, the executing entity can store encrypted data groups in a data storage cluster. A data storage cluster aggregates storage space from multiple storage devices into a storage pool that provides a unified access and management interface for application servers. Virtual machines can transparently access and utilize the disks on all storage devices through this access interface, fully leveraging the performance of storage devices and disk utilization.
[0082] In addition, to ensure the security of encrypted data in the data storage cluster, access permissions can be set for the data storage cluster, such as IP access permissions, so that the data storage cluster can only be accessed by the virtual space established by the data provider.
[0083] The above embodiments of this application, in response to the requester submitting the operation request being the data provider that has uploaded encrypted data, execute the operation indicated by the operation request within the virtual space established by the data provider. The virtual machine is dynamically created and recycled, and all data is deleted after the operation is completed, avoiding data leakage due to data residue, and further ensuring the security of data of all parties in the data fusion process.
[0084] Further reference Figure 5 As an implementation of the methods shown in the above figures, this application provides an embodiment of a joint modeling apparatus, which is consistent with... Figure 2 Corresponding to the method embodiments shown, this device can be specifically applied to various electronic devices.
[0085] like Figure 5 As shown, the joint modeling device 500 in this embodiment includes: a receiving unit 501, a requesting unit 502, and an execution unit 503.
[0086] The receiving unit 501 can be configured to receive encrypted data uploaded by at least two data providers to obtain an encrypted data group.
[0087] The request unit 502 can be configured to receive an operation request for an encrypted data group.
[0088] The execution unit 503 can be configured to perform the operation indicated by the operation request in response to a data provider that has uploaded encrypted data and submitted an operation request.
[0089] In some optional implementations of this embodiment, the requester submitting the operation request is determined to be the data provider that has uploaded encrypted data through the following steps: detecting the permission setting information of the feature fields in each encrypted data of the encrypted data group, where the feature fields are used to represent different dimensions of feature information of the encrypted data; authenticating the requester submitting the operation request based on the permission setting information; and confirming that the requester submitting the operation request is the data provider that has uploaded encrypted data if the authentication is successful.
[0090] In some optional implementations of this embodiment, performing the operation indicated by the operation request includes: when performing the operation indicated by the operation request, calling the encrypted data in the encrypted array, and presenting the encrypted data in the encrypted data group to the requester who submitted the operation request in the following manner: presenting the requester with an example of the encrypted data uploaded by the requester and the encrypted data not uploaded by the requester.
[0091] In some optional embodiments of this example, the operation includes a modeling operation, and in response to the requester submitting the operation request being a data provider that has uploaded encrypted data, the operation indicated by the operation request includes: in response to the requester submitting the operation request being a data provider that has uploaded encrypted data, performing the modeling operation indicated by the operation request, obtaining a model trained based on the encrypted data set, and sending a notification message to the requester of the operation request that the modeling operation has been completed.
[0092] In some optional embodiments of this example, in response to the requester submitting the operation request being the data provider that has uploaded encrypted data, the operation indicated by the operation request further includes: in response to the model export request submitted by the requester based on the notification message, exporting the model trained on the encrypted data set and returning the model trained on the encrypted data to the requester of the operation request.
[0093] Those skilled in the art will understand that the aforementioned joint modeling apparatus 500 also includes other well-known structures, such as processors and memory. To avoid unnecessarily obscuring the embodiments of this disclosure, these well-known structures are... Figure 5 Not shown in the image.
[0094] The following is for reference. Figure 6 It shows a schematic diagram of the structure of a computer system 600 suitable for implementing a client device or server in the embodiments of this application.
[0095] like Figure 6 As shown, the computer system 600 includes a processor (e.g., a central processing unit, CPU) 601, which can perform various appropriate actions and processes based on a program stored in read-only memory (ROM) 602 or a program loaded from storage section 608 into random access memory (RAM) 603. The RAM 603 also stores various programs and data required for the operation of the system 600. The CPU 601, ROM 602, and RAM 603 are interconnected via a bus 604. An input / output (I / O) interface 605 is also connected to the bus 604.
[0096] The following components are connected to I / O interface 605: an input section 606 including a keyboard, mouse, etc.; an output section 607 including a cathode ray tube (CRT), liquid crystal display (LCD), etc., and speakers, etc.; a storage section 608 including a hard disk, etc.; and a communication section 609 including a network interface card such as a LAN card, modem, etc. The communication section 609 performs communication processing via a network such as the Internet. A drive 610 is also connected to I / O interface 605 as needed. A removable medium 611, such as a disk, optical disk, magneto-optical disk, semiconductor memory, etc., is installed on drive 610 as needed so that computer programs read from it can be installed into storage section 608 as needed.
[0097] In particular, according to embodiments of this disclosure, the processes described above with reference to the flowcharts can be implemented as computer software programs. For example, embodiments of this disclosure include a computer program product comprising a computer program tangibly embodied on a machine-readable medium, the computer program containing program code for performing the methods shown in the flowcharts. In such embodiments, the computer program can be downloaded and installed from a network via communication section 609, and / or installed from removable medium 611.
[0098] The flowcharts and block diagrams in the accompanying drawings illustrate the architecture, functionality, and operation of possible implementations of systems, methods, and computer program products according to various embodiments of this application. In this regard, each block in a flowchart or block diagram may represent a module, segment, or portion of code containing one or more executable instructions for implementing a specified logical function. It should also be noted that in some alternative implementations, the functions indicated in the blocks may occur in a different order than those indicated in the drawings. For example, two consecutively indicated blocks may actually be executed substantially in parallel, and they may sometimes be executed in reverse order, depending on the functions involved. It should also be noted that each block in the block diagrams and / or flowcharts, and combinations of blocks in the block diagrams and / or flowcharts, can be implemented using a dedicated hardware-based system that performs the specified function or operation, or using a combination of dedicated hardware and computer instructions.
[0099] The modules described in the embodiments of this application can be implemented in software or hardware. The described modules can also be housed in a processor; for example, a processor can be described as including a receiving unit, a requesting unit, and an execution unit. The names of these units do not necessarily limit the specific unit; for example, the receiving unit can also be described as a "unit for receiving encrypted data."
[0100] In another aspect, this application also provides a non-volatile computer storage medium, which may be the non-volatile computer storage medium included in the apparatus of the above embodiments; or it may be a standalone non-volatile computer storage medium not assembled into the client device. The aforementioned non-volatile computer storage medium stores one or more programs, which, when executed by a device, cause the device to: receive encrypted data uploaded by at least two data providers to obtain an encrypted data group; receive an operation request for the encrypted data group; and, in response to the requester submitting the operation request being a data provider that has uploaded encrypted data, execute the operation indicated by the operation request.
[0101] The above description is merely a preferred embodiment of this application and an explanation of the technical principles employed. Those skilled in the art should understand that the scope of the invention involved in this application is not limited to technical solutions formed by specific combinations of the above-described technical features, but should also cover other technical solutions formed by arbitrary combinations of the above-described technical features or their equivalents without departing from the inventive concept. For example, technical solutions formed by substituting the above features with (but not limited to) technical features with similar functions disclosed in this application.
Claims
1. A joint modeling method, the method comprising: The system receives encrypted data uploaded by at least two data providers to obtain an encrypted data group. The at least two data providers include a sample provider and a feature information provider. The encrypted data provided by the sample provider includes sample identifiers of multiple encrypted sample data. The encrypted data provided by the feature information provider includes encrypted feature information. The sample identifiers of the multiple encrypted sample data correspond one-to-one with the feature identifiers of the encrypted feature information. The feature identifiers are obtained by encrypting and mapping the sample identifiers. Receive an operation request for the encrypted data group; In response to the requester submitting the operation request being a data provider that has uploaded encrypted data, the operation indicated by the operation request is executed within a virtual space pre-established by the data provider.
2. The method according to claim 1, wherein the requester submitting the operation request is the data provider that has uploaded encrypted data, determined through the following steps: The permission setting information of the feature fields in each encrypted data of the encrypted data group is detected. The feature fields are used to represent the feature information of the encrypted data in different dimensions. The requester submitting the operation request is authenticated based on the permission settings information. If the verification is successful, it confirms that the requester who submitted the operation request is the data provider that has uploaded encrypted data.
3. The method according to claim 1, wherein performing the operation indicated by the operation request includes: When performing the operation indicated by the operation request, the encrypted data in the encrypted array is retrieved, and the encrypted data in the encrypted data group is presented to the requester who submitted the operation request in the following manner: Present the requester with an example of encrypted data uploaded by the requester and an example of encrypted data not uploaded by the requester.
4. The method according to claim 1, wherein the operation includes a modeling operation, and in response to a requester submitting the operation request being a data provider that has uploaded encrypted data, performing the operation indicated by the operation request includes: In response to the requester submitting the operation request being a data provider that has uploaded encrypted data, the modeling operation indicated by the operation request is executed to obtain a model trained based on the encrypted data set, and a notification message indicating that the modeling operation has been completed is sent to the requester of the operation request.
5. The method according to claim 4, wherein the requester responding to the submission of the operation request is a data provider that has uploaded encrypted data, and performing the operation indicated by the operation request further includes: In response to the requester's model export request submitted based on the notification message, the model trained on the encrypted data set is exported and the model trained on the encrypted data is returned to the requester of the operation request.
6. A co-modeling apparatus, the apparatus comprising: The receiving unit is configured to receive encrypted data uploaded by at least two data providers to obtain an encrypted data group. The at least two data providers include a sample provider and a feature information provider. The encrypted data provided by the sample provider includes sample identifiers of multiple encrypted sample data. The encrypted data provided by the feature information provider includes encrypted feature information. The sample identifiers of the multiple encrypted sample data correspond one-to-one with the feature identifiers of the encrypted feature information. The feature identifiers are obtained by encrypting and mapping the sample identifiers. The request unit is configured to receive an operation request for the encrypted data group; The execution unit is configured to, in response to a requester submitting the operation request being a data provider that has uploaded encrypted data, execute the operation indicated by the operation request within a virtual space pre-established by the data provider.
7. The apparatus according to claim 6, wherein the requester submitting the operation request in the execution unit is the data provider that has uploaded encrypted data, determined through the following steps: The permission setting information of the feature fields in each encrypted data of the encrypted data group is detected. The feature fields are used to represent the feature information of the encrypted data in different dimensions. The requester submitting the operation request is authenticated based on the permission settings information. If the verification is successful, it confirms that the requester who submitted the operation request is the data provider that has uploaded encrypted data.
8. The apparatus according to claim 6, wherein the execution unit is further configured to: When performing the operation indicated by the operation request, the encrypted data in the encrypted array is retrieved, and the encrypted data in the encrypted data group is presented to the requester who submitted the operation request in the following manner: Present the encrypted data uploaded by the requester to the requester who submitted the operation request. Examples of encrypted data uploaded by non-requesting parties.
9. The apparatus of claim 6, wherein the operation performed by the execution unit includes a modeling operation, and the execution unit is further configured to: in response to the requester submitting the operation request being a data provider that has uploaded encrypted data, execute the modeling operation indicated by the operation request, obtain a model trained based on the encrypted data set, and send a notification message to the requester of the operation request that the modeling operation has been completed.
10. The apparatus of claim 9, wherein the execution unit is further configured to: in response to a model export request submitted by a requester based on the notification message, which receives the operation request, export the model trained on the encrypted data set and return the model trained on the encrypted data to the requester of the operation request.
11. A server, comprising: One or more processors; A storage device having one or more programs stored thereon, which, when executed by the one or more processors, cause the one or more processors to implement the method as described in any one of claims 1-5.
12. A computer-readable storage medium having a computer program stored thereon, characterized in that, When the program is executed by the processor, it implements the method as described in any one of claims 1-5.