Business processing method, apparatus, device, and computer-readable storage medium
By associating user accounts with physical identifiers in the federal service system and using a pre-defined mapping table to verify the legitimacy of user accounts and devices, the problem of insufficient data privacy protection in big data sharing platforms is solved, achieving efficient federal cooperation and information security.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- WEBANK (CHINA)
- Filing Date
- 2021-01-28
- Publication Date
- 2026-06-23
AI Technical Summary
Existing big data sharing platforms are unable to effectively protect user data privacy, lack monitoring and management of user accounts, resulting in insufficient data security.
By associating user accounts and physical identifiers in the federal service system, and using a pre-defined mapping table to verify the legitimacy of user accounts and devices, the legitimacy and permissions of business requests are ensured, achieving dual verification of accounts and devices, determining the participating device to which business resources belong, and forwarding requests to the legitimate participating device.
It effectively enhances the information security of federal services, quickly identifies and excludes malicious users, ensures the legitimacy and permissions of participating devices, and achieves efficient federal cooperation and data privacy protection.
Smart Images

Figure CN112861084B_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of artificial intelligence, and includes, but is not limited to, a business processing method, apparatus, device, computer-readable storage medium, and program product. Background Technology
[0002] With the rapid development of fintech, especially internet fintech, more and more technologies are being applied to the financial field. Among them, federated learning technology, based on the protection of user privacy and data security, is gradually receiving more and more attention.
[0003] Existing big data sharing platforms can physically manage, monitor, and track the system modules and component services they provide. However, the lack of monitoring of user accounts using these platforms fails to truly protect user data privacy. Summary of the Invention
[0004] This application provides a business processing method, apparatus, device, computer-readable storage medium, and program product that can associate physical identifiers with user accounts, truly protect data privacy, provide a secure and reliable data cooperation federation, and manage and serve each partner in the federation service system.
[0005] The technical solution of this application embodiment is implemented as follows:
[0006] This application provides a service processing method applied to a federated service system including at least two participating devices. The method includes: receiving a service request sent by a first participating device carrying a first user account, the service request being used to request service resources in the federated service system; responding to the service request, performing an association verification between the first participating device and the first user account to obtain a verification result; when the verification result indicates that the association verification is successful, determining at least one participating device to which the service resource in the federated service system belongs; determining a second participating device from the at least one participating device to which the service resource belongs; and forwarding the service request to the second participating device so that the second participating device responds to the service request.
[0007] This application embodiment provides a business processing apparatus, the apparatus comprising:
[0008] A receiving module is configured to receive a service request carrying a first user account sent by a first participating device; the service request is used to request service resources in the federated service system; a first verification module is configured to, in response to the service request, perform association verification between the first participating device and the first user account, and obtain a verification result; a first determining module is configured to, when the verification result indicates that the association verification is passed, determine at least one participating device to which the service resource in the federated service system belongs; a second determining module is configured to, from the at least one participating device to which the service resource belongs, determine a second participating device; and a forwarding module is configured to, forward the service request to the second participating device, so that the second participating device responds to the service request.
[0009] This application provides a computer device, including: a memory for storing executable instructions; and a processor for executing the executable instructions stored in the memory to implement the method provided in this application.
[0010] This application provides a computer-readable storage medium storing executable instructions that, when executed by a processor, implement the method provided in this application.
[0011] This application provides a computer program product, including a computer program that, when executed by a processor, implements the method provided in this application.
[0012] In the business processing method provided in this application embodiment, firstly, the federated service system receives a business request carrying a first user account from a first participating device. It can quickly identify malicious users by verifying the legitimacy of the first user account. Then, it verifies the association between the first participating device and the first user account, utilizing the verification stored in the federated service system to confirm whether the first user account is logged in on the bound first participating device. This dual verification of account and device effectively enhances the information security of the federated service. Secondly, when the verification result indicates that the association verification is successful, at least one participating device to which the business resources belong is determined, effectively identifying at least one participating device capable of providing the business resources needed by the first participating device. Next, a second participating device can be determined based on the legitimacy and permissions of the participating device, effectively ensuring that all participants and devices involved in federated learning are legally registered and not malicious members. Finally, the business request is sent to the second participating device, enabling efficient and legal identification of all participating parties in the federated cooperation, effectively improving the information security of the federated service. Attached Figure Description
[0013] Figure 1 This application provides a schematic diagram illustrating the implementation flow of a business processing method according to an embodiment of the present application.
[0014] Figure 2 This application provides a schematic diagram illustrating the implementation flow of a business processing method according to an embodiment of the present application.
[0015] Figure 3 This application provides a schematic diagram illustrating the implementation flow of a business processing method according to an embodiment of the present application.
[0016] Figure 4 A schematic diagram illustrating the implementation flow of another business processing method provided for embodiments of this application;
[0017] Figure 5 This is a schematic diagram of the composition structure of a business processing device provided in an embodiment of this application;
[0018] Figure 6 This is a schematic diagram of a hardware entity provided for an embodiment of this application. Detailed Implementation
[0019] To make the objectives, technical solutions, and advantages of this application clearer, the application will be further described in detail below with reference to the accompanying drawings. The described embodiments should not be regarded as limitations on this application. All other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of this application.
[0020] In the following description, references are made to “some embodiments,” which describe a subset of all possible embodiments. However, it is understood that “some embodiments” may be the same subset or different subsets of all possible embodiments and may be combined with each other without conflict.
[0021] In the following description, the terms "first, second, third" are used only to distinguish similar objects and do not represent a specific ordering of objects. It is understood that "first, second, third" may be interchanged in a specific order or sequence where permitted, so that the embodiments of this application described herein can be implemented in an order other than that illustrated or described herein.
[0022] Unless otherwise defined, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. The terminology used herein is for the purpose of describing embodiments of this application only and is not intended to limit this application.
[0023] Before providing a further detailed description of the embodiments of this application, the nouns and terms involved in the embodiments of this application will be explained, and the nouns and terms involved in the embodiments of this application shall be interpreted as follows.
[0024] 1) Federated Learning is an emerging foundational technology for artificial intelligence. Its design goal is to conduct efficient machine learning among multiple collaborators or computing nodes while ensuring information security during big data exchange, protecting terminal data and personal data privacy, and ensuring legality and compliance.
[0025] 2) The Federated Services System (also known as the Federated Learning Cloud Service Platform) can be used to bring together different data partners to form a secure federated learning network for secure data collaboration based on federated learning. The management of the federated network and the users of different partners are the cornerstones of secure federated collaboration and privacy management.
[0026] 3) Federated members (also known as partners in federated learning): In the case of federated learning collaboration, each partner installs and deploys a federated learning client locally (including federated learning algorithm services, business operation console, etc.). Each partner uses the client's business operation console to initiate federated collaboration, check progress, and manage business information. These operations rely on the client's underlying algorithm services.
[0027] This application provides a business processing method applied to a federated service system comprising at least two participating devices, such as... Figure 1 As shown, the method includes:
[0028] Step S101: Receive a service request carrying a first user account sent by the first participating device. The service request is used to request service resources in the federated service system.
[0029] Participants can be members of a federated learning system, and their devices can be the devices where the clients of participating members log in. The first participant can be any member of the federated system, and its device can be the device where its client logs in. The federated service system can be used to unite different federated members to form a secure federated learning network for secure data collaboration based on federated learning.
[0030] The first user account can be the one registered during the federal learning registration process. During implementation, the first user uses their own account to log into the federal service system, view and select data resources provided by other federal members, and apply for their use.
[0031] The business request includes the requested data resource information, which may be data resource information provided by other federation members or parameters used to train the model.
[0032] Step S102: In response to the service request, verify the association between the first participating device and the first user account, and obtain the verification result;
[0033] In some embodiments, the federated service system can associate and store registered user accounts with corresponding devices that have login permissions. Before establishing federated learning, the stored associations between user accounts and corresponding devices with login permissions are used for verification to confirm the legitimacy of the user accounts and devices.
[0034] During implementation, when the Federal Service System responds to a business request sent by the first participating device, it first needs to verify whether the first participating device and the first user account meet the preset mapping relationship stored in the Federal Service System.
[0035] Step S103: When the verification result indicates that the correlation verification is passed, determine at least one participating device to which the business resource in the federated service system belongs;
[0036] If the Federal Service System verifies that the association between the first participating device and the first user account conforms to the preset mapping relationship stored in the Federal Service System, the Federal Service System needs to determine, based on the business request of the first participating device, at least one participating device in the Federal System that is different from the first participating device that can provide the business resources.
[0037] Step S104: Determine the second participating device from at least one participating device to which the business resource belongs;
[0038] In some embodiments, a second participating device may be determined based on the participating device's participation permissions.
[0039] In other embodiments, a second participating device can be determined based on the online user permissions of the participating device.
[0040] Step S105: Forward the service request to the second participating device so that the second participating device responds to the service request.
[0041] During implementation, the Federal Service System sends business requests to the second participating device to achieve joint cooperation involving at least two participating devices.
[0042] In this embodiment, firstly, the federated service system receives a service request carrying a first user account from a first participating device. It can quickly identify malicious users by verifying the legitimacy of the first user account. Then, it verifies the association between the first participating device and the first user account, utilizing the verification stored in the federated service system to confirm whether the first user account is logged in on the bound first participating device. This dual verification of account and device effectively enhances the information security of the federated service. Secondly, when the verification result indicates that the association verification is successful, at least one participating device is identified as belonging to the service resource, effectively determining at least one participating device capable of providing the service resources needed by the first participating device. Next, a second participating device can be determined based on the legitimacy and permissions of the participating device, effectively ensuring that all participants and devices involved in federated learning are legally registered and not malicious members. Finally, the service request is sent to the second participating device, enabling efficient and legal identification of all participants in the federated cooperation, effectively improving the information security of the federated service.
[0043] This application provides a business processing method applied to a federated service system including at least two participating party devices. The method includes:
[0044] Step S111: Receive a service request carrying a first user account sent by the first participating device. The service request is used to request service resources in the federated service system.
[0045] Step S112: In response to the service request, obtain the physical identifier of the first client, wherein the first client is a client installed on the device of the first participant;
[0046] Generally, federated members install and deploy a federated learning client locally. This client includes a federated learning algorithm service and a business operation console. Each federated member uses the client's business operation console to initiate federated services, check progress, and manage business information. These operations rely on the client's underlying algorithm service. During implementation, the first participating party can initiate a federated cooperation request through the client's business operation console to send the business request to the federated service system.
[0047] In some embodiments, the federated service system assigns a unique physical identifier to each client participating in federated learning.
[0048] Step S113: Verify the association between the physical identifier of the first client and the first user account to obtain a verification result. The verification result is used to indicate whether the association between the physical identifier of the first client and the first user account conforms to the association in the preset mapping table.
[0049] Before conducting federated learning with different participants, the federated service system needs to verify the association between the first user account and the physical identifier, obtaining the verification result. This result indicates the association between the first client's physical identifier and the first user account. During implementation, if the first user account and the first client's physical identifier conform to the mapping relationship in the preset mapping table, the first and second participants jointly implement the federated service. This effectively improves the information security of federated cooperation.
[0050] During implementation, two methods for creating a preset mapping table are provided, where method one includes steps A1 to A4, and method two includes steps B1 to B4:
[0051] Method 1, including steps A1 to A4:
[0052] Step A1: Assign user accounts and registration codes to federal members participating in federal services, and assign the physical identifier to the client corresponding to each participating party's device;
[0053] The Federal Service System, acting as the federal administrator, assigns registration codes and user accounts to federal members wishing to join the federal network. The registration code, assigned by the Federal Service System, is used by federal members during registration and is sent to the Federal Service System to verify the legitimacy of the registration and to determine the permissions they possess within the federal network.
[0054] Federation members install and deploy federated learning clients in their local network domains. The federated learning clients include federated learning algorithm services, business services, and operation consoles. The federated service system also needs to assign physical identifiers to the clients.
[0055] Step A2: When the federal member logs into the client of the participating device using their own user account, obtain the registration information sent by the client of the participating device, wherein the registration information includes the user account, the physical identifier and the registration code;
[0056] Federal members log in to the client on the participating device using the user account assigned by the Federal Service System, then register and activate the client using the registration code, and register the local system component information corresponding to the client to the Federal Service System.
[0057] Step A3: If the physical identifier, the user account, and the registration code are verified, bind the physical identifier and the user account to obtain a mapping relationship;
[0058] Step A4: Write the mapping relationship into the preset mapping table.
[0059] If the physical identifier, the user account, and the registration code all match the physical identifier, user account, and registration code assigned by the Federal Service System, the physical identifier and user account are bound and written into the mapping table to complete the registration of the federal member.
[0060] Method one involves first assigning physical identifiers and user accounts to federal members wishing to participate in federal cooperation. Then, when federal members register with the federal government using these physical identifiers and user accounts, the user account and the corresponding physical identifier are linked. During implementation, since user accounts can log in to different clients, one user account can correspond to multiple physical identifiers. Similarly, one client can provide login services for different user accounts, so one physical identifier can also correspond to multiple user accounts.
[0061] Method 2, including steps B1 to B4:
[0062] Step B1: Associate at least one physical identifier with at least one user account to obtain the preset mapping table;
[0063] The federal service system first associates at least one physical identifier with at least one user account to obtain a preset mapping table.
[0064] Step B2: Assign at least one mapping relationship to the federation members participating in the business processing from the preset mapping table;
[0065] The Federal Services system, acting as the federal administrator, assigns at least one set of mappings to federal members who wish to join the federal network. These mappings are between physical identifiers and user accounts.
[0066] Step B3: When the federal member logs into the client of the participating device using their own user account, obtain the registration information sent by the client of the participating device, wherein the registration information includes the user account, the physical identifier, and the registration code;
[0067] Step B4: Verify whether the physical identifier and the user account conform to the mapping relationship in the preset mapping table.
[0068] Method 2 involves first creating a mapping relationship between physical identifiers and user accounts, then assigning the mapping relationship to federated members who wish to participate in federated learning. When federated members register for federated learning, the system verifies whether the physical identifiers and user accounts conform to the preset mapping relationship.
[0069] Step S114: When the verification result indicates that the correlation verification is passed, verify whether the first client has the authority to participate in the business processing based on the physical identifier of the first client.
[0070] Since physical identifiers are used to identify clients participating in federated cooperation, the client that the first participant logs in can be determined based on the physical identifier of the first client.
[0071] The federated service system can store the physical identifiers of registered clients. By comparing the physical identifier of the first client with the stored physical identifiers of registered clients, it can be determined whether the client logged in by the first participant has the authority to participate in the federated service.
[0072] During implementation, if the physical identifier of the first client matches the physical identifier stored in the federated service system, then it can be determined that the first client has the authority to participate in the federated service; if the physical identifier of the first client does not match the physical identifier stored in the federated service system, then it can be determined that the first client does not have the authority to participate in the federated service.
[0073] Step S115: After verifying that the first client has the authority to participate in the business processing, determine at least one participating device to which the business resources in the federated service system belong;
[0074] During implementation, once the first client's permissions are verified, the federated service system determines at least one participating device to which the business resources in the federated service system belong, based on the business request.
[0075] Step S116: Determine the second participating device from at least one participating device to which the business resource belongs;
[0076] Step S117: Forward the service request to the second participating device so that the second participating device responds to the service request.
[0077] In this embodiment, before the participating parties engage in federated cooperation, the federated service system provides two implementation methods. These methods allow the federated service system to bind the user accounts of participating federated members to the physical identifiers of the clients the members log into, and establish a preset mapping table. Thus, when the federated service system creates a federated learning session, it can use the preset mapping table stored in the federated service system to verify the association between the user accounts participating in the federated learning and their corresponding physical identifiers.
[0078] This application provides a business processing method applied to a federated service system comprising at least two participating devices, such as... Figure 2 As shown, the method includes:
[0079] Step S201: Receive a service request carrying a first user account sent by the first participating device. The service request is used to request service resources in the federated service system.
[0080] Step S202: In response to the service request, verify the association between the first participating device and the first user account, and obtain the verification result;
[0081] Step S203: When the verification result indicates that the correlation verification is passed, obtain the physical identifier of the second client, where the second client is a client installed on the device of the second participant.
[0082] Step S204: Obtain the second user account logged into the second client;
[0083] Step S205: Verify the association between the physical identifier of the second client and the second user account, and if the verification is successful, trigger the operation of determining at least one participating device to which the business resource in the federated service system belongs;
[0084] During implementation, the federal service system needs to verify the association between the physical identifier of the second client participating in federal cooperation and the second user account. The verification method is still based on whether the association relationship conforms to the preset mapping table.
[0085] Step S206: When the verification result indicates that the correlation verification has passed, obtain the type of the business resource;
[0086] In some embodiments, the type of business resource may be, for example, training a customer credit reporting model by jointly training different bank federation members.
[0087] Step S207: Determine at least one participating device based on the type of the business resource;
[0088] During implementation, the Federal Service System can identify at least one participating device in the online client based on the different types of business resources.
[0089] Step S208: Determine the second participating device from at least one participating device to which the service resource belongs;
[0090] Step S209: Forward the service request to the second participating device so that the second participating device responds to the service request;
[0091] Step S210: Using the physical identifier installed on the first client, monitor the underlying federation service of the first participating party's device;
[0092] In a federated network, all federated collaboration requires the federated service system to monitor the underlying federated algorithm services and business operations of each client logged in by a federated member, thus associating the physical underlying federated algorithm services with business information. During implementation, the physical identifier of the first client can be used to manage and monitor the underlying federated services of the collaborating first client. For example, the federated service system can use the physical identifier of the first client to monitor the client's underlying federated learning algorithm and system services.
[0093] Step S211: Using the physical identifier installed on the second client, monitor the underlying federation service of the second participating party's device;
[0094] During implementation, the federal service system can use the physical identifier of the second client to manage and monitor whether the underlying federal service of the client providing federal services to the second client is functioning properly.
[0095] Step S212: Use the first user account and the second user account to complete the reconciliation and settlement of the business process.
[0096] After completing the federal service, the federal service system needs to reconcile and settle accounts between the first user account and the second user account that used the federal service. The reconciliation and settlement of the federal service can be completed using the first user account and the second user account.
[0097] In this embodiment, when both the first user account and physical identifier, and the second user account and physical identifier are verified, the federated service system, in conjunction with the first and second participating parties, implements federated services. In this way, the federated service system verifies both the physical identifier and user account of the first client, and the second user account and physical identifier, which helps to quickly troubleshoot and locate business or system problems in the network, and rapidly identify malicious members or customers, effectively improving the information security of federated cooperation.
[0098] In this embodiment, the physical identifier of the first client is used to manage and monitor the underlying federated services of the first client, thereby enabling the management of communication information, federated cooperative forwarding, and monitoring of underlying federated learning algorithms and system services of the first client. Similarly, the physical identifier of the second client is used to manage and monitor the underlying federated services of the second client, enabling the management of communication information, federated cooperative forwarding, and monitoring of underlying federated learning algorithms and system services of the second client. By using the first user account and the second user account to complete the reconciliation and settlement of federated services, clear business reconciliation with each federated member can be effectively achieved using the first user account and the second user account.
[0099] This application provides a business processing method applied to a federated service system comprising at least two participating devices, such as... Figure 3As shown, the method includes:
[0100] Step S301: Receive a service request carrying a first user account sent by the first participating device. The service request is used to request service resources in the federated service system.
[0101] Step S302: In response to the service request, verify the association between the first participating device and the first user account, and obtain the verification result;
[0102] Step S303: When the verification result indicates that the correlation verification is passed, at least one user account is determined based on the business resources;
[0103] During implementation, when the verification result indicates that the correlation verification is successful, the Federal Service System can determine at least one online user account that can provide the business resources requested by the first participant.
[0104] Step S304: Determine the at least one participating device based on the at least one user account and the preset mapping table;
[0105] Because the federal service system stores the mapping relationship between user accounts and physical identifiers when federal members register, the federal service system can determine at least one online client based on the user account and the preset mapping table. The physical identifier of the client matches the user account in the preset mapping table, and at least one participating device can be determined based on the client.
[0106] Step S305: Determine the second participating device from at least one participating device to which the business resource belongs;
[0107] Step S306: Forward the service request to the second participating device so that the second participating device responds to the service request.
[0108] In this embodiment, the federal service system first determines at least one user account based on the business resources, which can effectively identify user accounts that can provide the business resources; then, it determines at least one participating device based on the at least one user account and the preset mapping table, which can ensure that the determined participating device is legitimate and valid.
[0109] This application provides a business processing method applied to a federated service system including at least two participating party devices. The method includes:
[0110] Step S311: Receive a service request carrying a first user account sent by the first participating device. The service request is used to request service resources in the federated service system.
[0111] Step S312: In response to the service request, verify the association between the first participating device and the first user account, and obtain the verification result;
[0112] Step S313: When the verification result characterizes the correlation verification as passed, and the business resource is a training sample or model parameter used to train the federated learning model, obtain the identifier of the federated learning model.
[0113] Step S314: Based on the identifier of the federated learning model, determine at least one user account;
[0114] During implementation, business resources can be encrypted samples used by users to train federated learning models, or model parameters. The federated service system can identify at least one user account that can provide business resources based on the identifier of the federated learning model.
[0115] Step S315: Determine the at least one participating device based on the at least one user account and the preset mapping table;
[0116] Step S316: Determine the second participating device from at least one participating device to which the business resource belongs;
[0117] Step S317: Forward the service request to the second participating device so that the second participating device responds to the service request.
[0118] In this embodiment of the application, when the verification result indicates that the correlation verification is passed and the business resource is a training sample or model parameter used to train the federated learning model, the federated service system can effectively determine at least one user account that can provide business resources based on the identifier of the federated learning model.
[0119] Each partner in a federated collaboration can initiate, check progress, and manage business information on the client's business operation console. These operations rely on the client's underlying algorithm services.
[0120] In a federated network, all federated collaborations require the federated service system to monitor and manage the underlying federated algorithm services and business of each collaborator, linking the physical underlying federated algorithm services with business information, and accurately locating the collaborator's physical identifier and user account.
[0121] The federated service system assigns physical identifiers to clients participating in federated learning. This facilitates the system's location and management of users based on these identifiers, as well as monitoring the underlying algorithm services of the corresponding physical devices to ensure their proper functioning. User accounts describe user information and are used to locate the actual data user within the federation. These accounts manage each user's business information (such as which data partner was selected, which federated services were initiated, and the service tasks generated), facilitating auditing, reconciliation, and access and privacy controls. Most importantly, linking physical identifiers to user accounts is essential to truly protect data privacy, provide a secure and reliable data collaboration federation, and manage and serve each partner within the federation.
[0122] Figure 4 Another implementation flowchart of the business processing method provided in the embodiments of this application is shown below. Figure 4 As shown, the business processing method includes the following steps:
[0123] Step S401: The Federal Service system assigns physical Federal Service physical information, user accounts, and registration codes to partners who wish to join the Federal Network;
[0124] The Federal Service System, acting as the federal administrator, assigns user accounts and registration codes to federal members who wish to join the federal network.
[0125] Assign physical federation service physical information to the client that logs in to the partner. The federation service physical information includes physical identifier, network configuration, service address and other information.
[0126] Step S402: Federation members log in to the client using their user accounts, register and activate the client using their physical identifier and registration code;
[0127] Federation members install and deploy the federated learning client in their local network domain. The client includes federated learning algorithm services, business services, and an operation console. Federation members log in to the client using their user accounts, and then register and activate the client using the federated service physical identifier and registration code, registering the local system component information to the federated service system.
[0128] Step S403: The Federation Service System receives the registration code, user account, and physical identifier of the login client from the Federation member, binds the physical identifier and the user account, and writes the bound mapping relationship into a preset mapping table.
[0129] The federal service system receives the registration code, user account, and physical identifier of the login client from the federal member, approves and binds the physical identifier and user account, and writes the bound mapping relationship into a preset mapping table. Alternatively, it may first bind the physical identifier and user account in step S402, write the bound mapping relationship into a preset mapping table, and then approve based on the received physical identifier and user account.
[0130] Step S404: Federal members log in to the Federal Service System using their user accounts, view and select data resource information provided by other federal members, and apply for its use;
[0131] Step S405: The Federal Service System approves the business application information of federal members, wherein the business application information includes data resource information provided by other federal members;
[0132] Step S406: If the requested data resource information is approved, the federal member shall conduct federal cooperation on the local client using the requested data resource information and the local data resource information.
[0133] All federal collaborations are linked through market resources. The initiation and operation of federal collaborations require dual verification of both the client's physical identifier and the user account; both permissions must be valid for normal collaboration. Each federal member can only have one user account within a federal network, but can correspond to multiple client physical identifiers; that is, one user account can log in on different clients.
[0134] The Federal Service System initiates federal cooperation by approving user accounts and managing business permissions based on data resource information, linking federal members. For example, if A applies for market resource S, which can be provided by B, A and B form an implicit federal cooperation relationship through market resource S. In A's federal cooperation request, the provider of data resource S is B, i.e., the user account used by B. The platform determines B's physical service information, such as network configuration and service address, based on the association information between B's user account and physical service identifier. The Federal Service System forwards A's request to B. All federal cooperation network interactions between the two parties are achieved in this way, truly realizing secure federal cooperation that protects privacy.
[0135] Step S407: The Federation Service System uses the physical identification information of the client to manage and monitor whether the underlying federation services of the federation members' clients are operating normally.
[0136] Step S408: The Federal Service System uses user accounts to conduct business reconciliation and settlement with different federal members.
[0137] In this embodiment, a federated network based on federated learning assigns physical identifier information and a corresponding real customer user account to each member of the federated network. This eliminates the need for physical contact or point-to-point physical configuration between members; once a member joins the federated network, they can participate in multiple federated collaborations, monetize data resources, and seek partnerships. The federated service system only needs to allocate federated service physical information and user accounts and associate these two information to manage communication information between federations, forward federated collaborations, and monitor and manage the underlying federated learning algorithms and system services.
[0138] In this embodiment, the association between the federal service system and the federal physical service information and user accounts of federal members helps to quickly identify and locate business and system problems in the network, and rapidly identify malicious members or customers. This provides federal members with dual authentication of physical information identification and user identity in cross-network federal cooperation, effectively improving information security in federal cooperation.
[0139] In this embodiment of the application, by associating physical identifiers and user accounts, the system services in each network domain are monitored, the network communications of the federal partners are managed, and the specific business and system services of each partner are managed and business reconciliation is carried out.
[0140] Based on the foregoing embodiments, this application provides a business processing device, which includes various modules and units included in each module, and can be implemented by a processor in a computer device; of course, it can also be implemented by specific logic circuits.
[0141] Figure 5 This is a schematic diagram of the composition structure of a service processing device provided in an embodiment of this application, as shown below. Figure 5 As shown, the service processing device 500 includes:
[0142] The receiving module 501 is used to receive a service request carrying a first user account sent by the first participating party device; the service request is used to request service resources in the federated service system.
[0143] The first verification module 502 is used to verify the association between the first participating device and the first user account in response to the business request, and obtain the verification result;
[0144] The first determining module 503 is used to determine at least one participating device to which the business resource in the federated service system belongs when the verification result characterizes the correlation verification as passed.
[0145] The second determining module 504 is used to determine the second participating device from at least one participating device to which the business resource belongs;
[0146] The forwarding module 505 is used to forward the service request to the second participating device, so that the second participating device can respond to the service request.
[0147] In some embodiments, the first verification module includes:
[0148] The first acquisition unit is used to acquire the physical identifier of the first client in response to the service request, wherein the first client is a client installed on the device of the first participant.
[0149] The first verification unit is used to verify the association between the physical identifier of the first client and the first user account, and obtain a verification result. The verification result is used to indicate whether the association between the physical identifier of the first client and the first user account conforms to the association in a preset mapping table.
[0150] In some embodiments, the apparatus further includes:
[0151] The first allocation module is used to allocate user accounts and registration codes to federal members participating in federal services, and to allocate the physical identifier to the client corresponding to each participating party's device;
[0152] The first acquisition module is used to acquire registration information sent by the client of the participating device when the federation member logs in to the client of the participating device using its own user account, wherein the registration information includes the user account, the physical identifier and the registration code;
[0153] The binding module is used to bind the physical identifier and the corresponding user account to obtain a mapping relationship when the physical identifier, the user account, and the registration code are verified.
[0154] The writing module is used to write the mapping relationship into the preset mapping table.
[0155] In some embodiments, the apparatus further includes:
[0156] The association module is used to associate at least one physical identifier with at least one user account to obtain the preset mapping table;
[0157] The second allocation module is used to allocate at least one set of mapping relationships to federal members participating in federal services from the preset mapping table;
[0158] The second acquisition module is used to acquire the registration information sent by the client of the participating device when the federation member logs in to the client of the participating device using its own user account, wherein the registration information includes the user account, the physical identifier and the registration code;
[0159] The second verification module is used to verify whether the physical identifier and the user account conform to the mapping relationship in the preset mapping table.
[0160] In some embodiments, the first determining module includes:
[0161] The second verification unit is used to verify whether the first client has the authority to participate in the federated service based on the physical identifier of the first client when the verification result indicates that the correlation verification is passed.
[0162] The first determining unit is configured to, upon verifying that the first client has the authority to participate in the federated service, determine at least one participating device to which the business resources in the federated service system belong.
[0163] In some embodiments, the first determining module includes:
[0164] The third acquisition unit is used to acquire the type of the business resource when the verification result characterizes the correlation verification as passed; the second determination unit is used to determine at least one participating device according to the type of the business resource.
[0165] In some embodiments, the first determining module includes:
[0166] The third determining unit is used to determine at least one user account based on the business resources when the verification result indicates that the correlation verification is passed.
[0167] The fourth determining unit is used to determine the at least one participating device based on the at least one user account and the preset mapping table.
[0168] In some embodiments, the third determining unit is configured to: obtain the identifier of the federated learning model when the verification result indicates that the correlation verification has passed, and when the business resource is a training sample or model parameter used to train the federated learning model; and determine at least one user account based on the identifier of the federated learning model.
[0169] In some embodiments, the apparatus further includes:
[0170] The third acquisition module is used to acquire the physical identifier of the second client when the verification result characterizes the correlation verification as passed. The second client is a client installed on the device of the second participant.
[0171] The fourth acquisition module is used to acquire the second user account logged into the second client;
[0172] The third verification module is used to verify the association between the physical identifier of the second client and the second user account; when the verification is successful, the forwarding module is triggered.
[0173] In some embodiments, the apparatus further includes:
[0174] The first listening module is used to listen to the underlying federated services of the first participating party's device using the physical identifier installed on the first client.
[0175] The second listening module is used to listen to the underlying federated services of the second participating party's device using the physical identifier installed on the second client;
[0176] The reconciliation module is used to complete the reconciliation and settlement of the federal services using the first user account and the second user account.
[0177] The descriptions of the above device embodiments are similar to those of the above method embodiments, and have similar beneficial effects. For technical details not disclosed in the device embodiments of this application, please refer to the descriptions of the method embodiments of this application for understanding. It should be noted that in the embodiments of this application, if the above business processing method is implemented as a software functional module and sold or used as an independent product, it can also be stored in a computer storage medium. Based on this understanding, the technical solution of the embodiments of this application, in essence or the part that contributes to the related technology, can be embodied in the form of a software product. This computer software product is stored in a computer storage medium and includes several instructions to cause a computer device to execute all or part of the methods described in the various embodiments of this application.
[0178] It should be noted that, in the embodiments of this application, if the above-mentioned business processing method is implemented in the form of a software functional module and sold or used as an independent product, it can also be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the embodiments of this application, or the part that contributes to the related technology, can be embodied in the form of a software product. This computer software product is stored in a storage medium and includes several instructions to cause a computer device (which may be a laptop, desktop computer, server, etc.) to execute all or part of the methods described in the various embodiments of this application. The aforementioned storage medium includes various media capable of storing program code, such as USB flash drives, portable hard drives, read-only memory (ROM), magnetic disks, or optical disks. Thus, the embodiments of this application are not limited to any specific hardware and software combination.
[0179] Correspondingly, embodiments of this application provide a computer-readable storage medium storing a computer program thereon, which, when executed by a processor, implements the steps in the business processing method provided in the above embodiments.
[0180] Correspondingly, embodiments of this application provide a computer device. Figure 6 A schematic diagram of a hardware entity provided for an embodiment of this application, such as... Figure 6 As shown, the hardware entity of the device 600 includes a memory 601 and a processor 602. The memory 601 stores a computer program that can run on the processor 602. When the processor 602 executes the program, it implements the steps in the method provided in the above embodiments.
[0181] The memory 601 is configured to store instructions and applications executable by the processor 602, and can also cache data to be processed or already processed by the processor 602 and the various modules in the device 600 (e.g., image data, audio data, voice communication data and video communication data), which can be implemented by flash memory or random access memory (RAM).
[0182] It should be noted that the descriptions of the storage medium and device embodiments above are similar to the descriptions of the method embodiments above, and have similar beneficial effects. For technical details not disclosed in the storage medium and device embodiments of this application, please refer to the descriptions of the method embodiments of this application for understanding.
[0183] It should be understood that the phrase "one embodiment" or "an embodiment" throughout the specification means that a specific feature, structure, or characteristic related to the embodiment is included in at least one embodiment of this application. Therefore, "in one embodiment" or "in an embodiment" appearing throughout the specification does not necessarily refer to the same embodiment. Furthermore, these specific features, structures, or characteristics can be combined in any suitable manner in one or more embodiments. It should be understood that in the various embodiments of this application, the sequence numbers of the above-described processes do not imply a sequential order of execution; the execution order of each process should be determined by its function and internal logic, and should not constitute any limitation on the implementation process of the embodiments of this application. The sequence numbers of the above-described embodiments are merely descriptive and do not represent the superiority or inferiority of the embodiments.
[0184] It should be noted that, in this document, the terms "comprising," "including," or any other variations thereof are intended to cover non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements includes not only those elements but also other elements not expressly listed, or elements inherent to such a process, method, article, or apparatus. Unless otherwise specified, an element defined by the phrase "comprising one..." does not exclude the presence of other identical elements in the process, method, article, or apparatus that includes that element.
[0185] In the several embodiments provided in this application, it should be understood that the disclosed devices and methods can be implemented in other ways. The device embodiments described above are merely illustrative. For example, the division of units is only a logical functional division, and in actual implementation, there may be other division methods, such as: multiple units or components can be combined, or integrated into another system, or some features can be ignored or not executed. In addition, the coupling, direct coupling, or communication connection between the various components shown or discussed can be through some interfaces, and the indirect coupling or communication connection between devices or units can be electrical, mechanical, or other forms.
[0186] The units described above as separate components may or may not be physically separate. The components shown as units may or may not be physical units. They may be located in one place or distributed across multiple network units. Some or all of the units may be selected to achieve the purpose of this embodiment according to actual needs.
[0187] In addition, each functional unit in the various embodiments of this application can be integrated into one processing unit, or each unit can be a separate unit, or two or more units can be integrated into one unit; the integrated unit can be implemented in hardware or in the form of hardware plus software functional units.
[0188] Those skilled in the art will understand that all or part of the steps of the above method embodiments can be implemented by hardware related to program instructions. The aforementioned program can be stored in a computer-readable storage medium. When the program is executed, it performs the steps of the above method embodiments. The aforementioned storage medium includes various media that can store program code, such as mobile storage devices, read-only memory (ROM), magnetic disks, or optical disks.
[0189] Alternatively, if the integrated units described above are implemented as software functional modules and sold or used as independent products, they can also be stored in a computer-readable storage medium. Based on this understanding, the technical solutions of the embodiments of this application, or the parts that contribute to related technologies, can be embodied in the form of a software product. This computer software product is stored in a storage medium and includes several instructions to cause a computer device to execute all or part of the methods described in the various embodiments of this application. The aforementioned storage medium includes various media capable of storing program code, such as mobile storage devices, ROMs, magnetic disks, or optical disks.
[0190] The methods disclosed in the several method embodiments provided in this application can be arbitrarily combined to obtain new method embodiments without conflict. The features disclosed in the several product embodiments provided in this application can be arbitrarily combined to obtain new product embodiments without conflict. The features disclosed in the several method or device embodiments provided in this application can be arbitrarily combined to obtain new method embodiments or device embodiments without conflict.
[0191] The above description is merely an embodiment of this application, but the scope of protection of this application is not limited thereto. Any variations or substitutions that can be easily conceived by those skilled in the art within the scope of the technology disclosed in this application should be included within the scope of protection of this application. Therefore, the scope of protection of this application should be determined by the scope of the claims.
Claims
1. A service processing method characterized by, Applied to federal service systems that include devices from at least two participating parties. The method includes: The system receives a service request from a first participating device, carrying a first user account. The service request is used to request service resources in the federated service system. In response to the business request, the association between the first participating device and the first user account is verified, and the verification result is obtained; When the verification result indicates that the correlation verification is passed, at least one participating device in the federated service system is identified as belonging to the business resource. From at least one participating device to which the business resources belong, determine the second participating device; The service request is forwarded to the second participating device, so that the second participating device responds to the service request; The process includes verifying the association between the first participating device and the first user account, and obtaining the verification results, including: In response to the service request, obtain the physical identifier of the first client, which is a client installed on the device of the first participating party; The physical identifier of the first client and the first user account are associated with each other to obtain a verification result. The verification result is used to indicate whether the association between the physical identifier of the first client and the first user account conforms to the association in a preset mapping table. The method further includes: Assign user accounts and registration codes to federal members participating in federal services, and assign the physical identifier to the client corresponding to each participating party's device; When a federal member logs into the client of the participating device using their own user account, the registration information sent by the client of the participating device is obtained, wherein the registration information includes the user account, the physical identifier, and the registration code; The physical identifier is bound to the corresponding user account to obtain a mapping relationship; Write the mapping relationship into the preset mapping table.
2. The method of claim 1, wherein, The method further includes: The preset mapping table is obtained by associating at least one physical identifier with at least one user account; From the preset mapping table, at least one mapping relationship is assigned to the federal members participating in the federal service; When a federal member logs into the client of the participating device using their own user account, the registration information sent by the client of the participating device is obtained, wherein the registration information includes the user account, the physical identifier, and the registration code; Verify whether the physical identifier and the user account match the mapping relationship in the preset mapping table.
3. The method as described in claim 1, characterized in that, When the verification result indicates that the correlation verification is passed, determining at least one participating device to which the business resource belongs in the federated service system includes: When the verification result indicates that the correlation verification is successful, the system verifies whether the first client has the authority to participate in the federated service based on the physical identifier of the first client. If the first client is verified to have the authority to participate in the federated service, at least one participating device in the federated service system is identified as belonging to the business resource.
4. The method as described in claim 1, characterized in that, When the verification result indicates that the correlation verification is passed... When determining the at least one participating device to which the business resource belongs in the federal service system, the method includes: when the verification result characterizes the correlation verification as passed, obtaining the type of the business resource; Based on the type of the business resource, at least one participating device is identified.
5. The method as described in claim 1, characterized in that, When the verification result indicates that the correlation verification is passed, determining at least one participating device to which the business resource belongs in the federated service system includes: When the verification result indicates that the correlation verification is successful, at least one user account is determined based on the business resources; and at least one participating device is determined based on the at least one user account and the preset mapping table.
6. The method as described in claim 5, characterized in that, The step of determining at least one user account based on the business resources includes: When the business resource is a training sample or model parameter used to train a federated learning model, obtain the identifier of the federated learning model; Based on the identifier of the federated learning model, at least one user account is identified.
7. The method according to any one of claims 1 to 6, characterized in that, After verifying the association between the first participating device and the first user account and obtaining the verification result, the method further includes: When the verification result indicates that the correlation verification is passed, the physical identifier of the second client is obtained, and the second client is the client installed on the device of the second participant. Obtain the second user account logged into the second client; The physical identifier of the second client is associated with the second user account. Upon successful verification, an operation is triggered to determine the ownership of at least one participating device of the business resource in the federated service system.
8. The method according to any one of claims 1 to 6, characterized in that, The method further includes: Using the physical identifier installed on the first client, monitor the underlying federated services of the first participating party's device; Using the physical identifier installed on the second client, the underlying federation service of the second participating party's device is monitored; the reconciliation and settlement of the federation service are completed using the first user account and the second user account.
9. A business processing device, characterized in that, The device includes: The receiving module is used to receive a service request carrying a first user account sent by the first participating party device; the service request is used to request service resources in the federated service system. The first verification module is used to verify the association between the first participating device and the first user account in response to the business request, and obtain the verification result. The first determining module is used to determine at least one participating device to which the business resource in the federated service system belongs when the verification result characterizes the correlation verification as passed. The second determining module is used to determine the second participating device from at least one participating device to which the business resource belongs; A forwarding module is used to forward the service request to the second participating party device, so that the second participating party device can respond to the service request; The first verification module is further configured to: in response to the business request, obtain the physical identifier of the first client, wherein the first client is a client installed on the device of the first participant; perform association verification on the physical identifier of the first client and the first user account to obtain a verification result, wherein the verification result is used to indicate whether the association relationship between the physical identifier of the first client and the first user account conforms to the association relationship in a preset mapping table; The device further includes: The first allocation module is used to allocate user accounts and registration codes to federal members participating in federal services, and to allocate the physical identifier to the client corresponding to each participating party's device; The first acquisition module is used to acquire registration information sent by the client of the participating device when the federation member logs in to the client of the participating device using its own user account, wherein the registration information includes the user account, the physical identifier and the registration code; The binding module is used to bind the physical identifier and the corresponding user account to obtain a mapping relationship when the physical identifier, the user account, and the registration code are verified. The writing module is used to write the mapping relationship into the preset mapping table.
10. A computer device, characterized in that, The device includes: a memory for storing executable instructions; and a processor for implementing the method according to any one of claims 1 to 8 when executing the executable instructions stored in the memory.