Data sharing systems and methods
By combining multi-level devices and privacy computing modules, and utilizing quantum key management and multi-party secure computation technologies, the problem of insufficient data security in multi-party data aggregation business models is solved, achieving secure data transmission and privacy protection.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- CHINA TELECOM CORP LTD
- Filing Date
- 2022-12-21
- Publication Date
- 2026-06-30
AI Technical Summary
In multi-party data aggregation business models, existing technologies cannot effectively guarantee data security, and there is a risk of data leakage.
By employing a combination of multi-level devices, data exchange modules, key distribution networks, and privacy computing modules, and through a design that progressively reduces the level of access permissions, quantum key management, and multi-party secure computation technologies are utilized to achieve encrypted data transmission and privacy protection.
It improves the security of data transmission, reduces the risk of privacy violations, and ensures the security and privacy of data during transmission.
Smart Images

Figure CN115955305B_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of data security, and more specifically, to a data sharing system and method. Background Technology
[0002] The goal of privacy-preserving computation is to protect the privacy of both the computation process and its results while completing the computational task. However, in related technologies, data security cannot be guaranteed in business models involving the aggregation of data from multiple parties, leading to the risk of data leakage.
[0003] There is currently no effective solution to the above problems. Summary of the Invention
[0004] This application provides a data sharing system and method to at least solve the technical problem that data security cannot be guaranteed in the multi-party data aggregation business model in the prior art.
[0005] According to one aspect of the embodiments of this application, a data sharing system is provided, including: a multi-level device, a data exchange module, a key distribution network, and a privacy computing module, wherein the scope of permissions of devices at different levels in the multi-level device decreases sequentially; the data exchange module is used to share data among the multi-level devices; the key distribution network is used to distribute encryption keys for the data shared among the multi-level devices; and the privacy computing module is used for the upper-level device in the multi-level device to provide shared data resource services to the lower-level devices under its jurisdiction.
[0006] Optionally, the multi-level equipment includes: Level 1 equipment, Level 2 equipment, and Level 3 equipment, with Level 2 equipment belonging to Level 1 equipment and Level 3 equipment belonging to Level 2 equipment. There are multiple Level 2 and Level 3 equipment.
[0007] Optionally, the primary device is used to manage data from the secondary and tertiary devices.
[0008] Optionally, each level of the multi-level device includes a data exchange module, a key management module, and a privacy computing module. The data exchange module in the third-level device is used to communicate with the data exchange module in its subordinate second-level device, the data exchange module in the second-level device is used to communicate with the data exchange module in the first-level device, and the key management module is used to receive encryption keys distributed by the key distribution network.
[0009] Optionally, the data exchange module in the tertiary device is also used to communicate with the data exchange modules in other tertiary devices belonging to the same secondary device; the data exchange module in the secondary device is also used to communicate with the data exchange modules in all secondary devices; and the data exchange module in the primary device is used to communicate with the data exchange modules in all secondary devices.
[0010] Optionally, both the primary and secondary devices include a data aggregation module. The data aggregation module in the primary device is responsible for the data aggregation management of all secondary devices, and the data aggregation module in the secondary device is responsible for the data aggregation management of all tertiary units.
[0011] Optionally, the key management module is used to generate a binary random sequence based on a quantum random number generator; determine the encryption key based on the binary random sequence; and manage the lifecycle of the encryption key.
[0012] Optionally, the key management module in the secondary device is used to distribute the encryption key to each of the tertiary devices under its jurisdiction and to provide the encryption key to the data exchange module in the secondary device; the key management module in the tertiary device is used to receive the encryption key distributed by the secondary device and to provide the encryption key to the data exchange module in the tertiary device.
[0013] Optionally, the privacy computing module in the primary device is used to collect the data resource catalog reported by the secondary devices and provide shared data resource services to the secondary devices under the jurisdiction of the primary device; the privacy computing module in the secondary device is used to collect the data resource catalog reported by the tertiary devices under the jurisdiction of the secondary device and provide shared data resource services to the tertiary devices under the jurisdiction of the secondary device.
[0014] Optionally, the privacy computing module is further configured to query first data based on the data resource catalog, wherein the first data is encrypted data; determine second data from the first data that meets preset conditions, wherein the preset conditions are common data in the first data; and train an encryption model based on the second data.
[0015] Optionally, the encrypted model is trained as follows: the data provider receives a public key distributed by the collaborator, which is used to encrypt the data to be exchanged during training; the data providers transmit intermediate results in encrypted form, which are used to calculate gradient values; the data providers decrypt the intermediate results using their private keys to obtain decrypted data; the gradient values corresponding to the data providers are calculated based on the decrypted data; the gradient values are returned to the collaborators, and the model parameters returned by the collaborators are received, where the model parameters are calculated by the collaborators based on the gradient values; the model is iteratively trained based on the model parameters until the loss function of the trained model converges, thus obtaining the encrypted model.
[0016] Optionally, the primary device also includes a pre-processing module, which is used to isolate shared data.
[0017] According to another aspect of the embodiments of this application, a data sharing method is also provided, comprising: receiving shared data transmitted by a sending device, wherein the sending device is any one of a multi-level device, and the scope of permissions of devices at different levels in the multi-level device decreases sequentially; obtaining an encryption key from a key distribution network and encrypting the shared data according to the encryption key; and sending the encrypted data to a receiving device, wherein the receiving device is any one of the multi-level devices other than the sending device and has communication function with the sending device.
[0018] In this embodiment, a data sharing system is used, comprising multi-level devices, a data exchange module, a key distribution network, and a privacy computing module. The scope of permissions for devices at different levels within the multi-level system decreases sequentially. The data exchange module facilitates data sharing among the multi-level devices. The key distribution network distributes encryption keys for the shared data. The privacy computing module enables higher-level devices to provide shared data resource services to their subordinate devices, thereby encrypting data across the multi-level devices and ensuring data security. This improves data transmission security, reduces privacy violations, and solves the technical problem of data security in multi-party data aggregation business models in existing technologies. Attached Figure Description
[0019] The accompanying drawings, which are included to provide a further understanding of this application and form part of this application, illustrate exemplary embodiments and are used to explain this application, but do not constitute an undue limitation of this application. In the drawings:
[0020] Figure 1 This is a hardware structure block diagram of a computer terminal (or electronic device) for implementing a data sharing method according to an embodiment of this application;
[0021] Figure 2 This is a structural diagram of a data sharing system according to an embodiment of this application;
[0022] Figure 3 This is a schematic diagram of the structure of a data sharing and exchange system according to an embodiment of this application;
[0023] Figure 4 This is a flowchart of a data sharing method according to an embodiment of this application;
[0024] Figure 5 This is a structural diagram of a data sharing device according to an embodiment of this application. Detailed Implementation
[0025] To enable those skilled in the art to better understand the present application, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present application, and not all embodiments. Based on the embodiments in the present application, all other embodiments obtained by those of ordinary skill in the art without creative effort should fall within the scope of protection of the present application.
[0026] It should be noted that the terms "first," "second," etc., in the specification, claims, and accompanying drawings of this application are used to distinguish similar objects and are not necessarily used to describe a specific order or sequence. It should be understood that such data can be interchanged where appropriate so that the embodiments of this application described herein can be implemented in orders other than those illustrated or described herein. Furthermore, the terms "comprising" and "having," and any variations thereof, are intended to cover non-exclusive inclusion; for example, a process, method, system, product, or apparatus that comprises a series of steps or units is not necessarily limited to those steps or units explicitly listed, but may include other steps or units not explicitly listed or inherent to such processes, methods, products, or apparatus.
[0027] Data, as a new type of production factor, participates in distribution and is a key link in releasing the value of factors of production. The open sharing and exchange of data resources has become an important trend. The goal of privacy-preserving computation is to achieve privacy protection in both the data computation process and the data computation results, while completing the computational task. Privacy protection in the data computation process means that participants cannot obtain any additional information besides the computation result throughout the entire computation process; privacy protection in the data computation result means that participants cannot reverse-engineer the original input data and private information based on the computation result. From an algorithmic application perspective, privacy-preserving computation has gradually evolved into a rich array of algorithmic application scenarios. These applications often combine multiple privacy-preserving computation techniques to achieve specific computational objectives.
[0028] To ensure data security, data flow, and data privacy protection in certain special fields, this application provides a data sharing system that utilizes privacy computing technology and adopts the principle of "data is usable but not visible" to build a secure, private, efficient, and universal data transmission platform, which is described in detail below.
[0029] The data sharing method embodiments provided in this application can be executed on mobile terminals, computer terminals, or similar computing devices. Figure 1 A hardware block diagram of a computer terminal (or electronic device) for implementing a data sharing method is shown. Figure 1As shown, the computer terminal 10 (or electronic device 10) may include one or more processors (shown as 102a, 102b, ..., 102n in the figure) (the processor may include, but is not limited to, a microprocessor MCU or a programmable logic device FPGA, etc.), a memory 104 for storing data, and a transmission module 106 for communication functions. In addition, it may also include: a display, an input / output interface (I / O interface), a universal serial bus (USB) port (which may be included as one of the ports of the I / O interface), a network interface, a power supply, and / or a camera. Those skilled in the art will understand that... Figure 1 The structure shown is for illustrative purposes only and does not limit the structure of the aforementioned electronic device. For example, computer terminal 10 may also include... Figure 1 The more or fewer components shown, or having the same Figure 1 The different configurations shown.
[0030] It should be noted that the aforementioned one or more processors and / or other data processing circuits are generally referred to herein as "data processing circuits". These data processing circuits may be wholly or partially embodied in software, hardware, firmware, or any other combination thereof. Furthermore, the data processing circuit may be a single, independent processing module, or may be wholly or partially integrated into any other element within the computer terminal 10 (or electronic device). As involved in the embodiments of this application, the data processing circuit serves as a processor control mechanism (e.g., selection of a variable resistor termination path connected to an interface).
[0031] The memory 104 can be used to store software programs and modules of application software, such as the program instructions / data storage device corresponding to the data sharing method in this embodiment. The processor executes various functional applications and data processing by running the software programs and modules stored in the memory 104, thereby realizing the above-mentioned data sharing method. The memory 104 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some instances, the memory 104 may further include memory remotely located relative to the processor, and these remote memories can be connected to the computer terminal 10 via a network. Examples of such networks include, but are not limited to, the Internet, corporate intranets, local area networks, mobile communication networks, and combinations thereof.
[0032] The transmission module 106 is used to receive or send data via a network. Specific examples of the network described above may include a wireless network provided by the communication provider of the computer terminal 10. In one example, the transmission module 106 includes a Network Interface Controller (NIC), which can connect to other network devices via a base station to communicate with the Internet. In another example, the transmission module 106 may be a Radio Frequency (RF) module, used for wireless communication with the Internet.
[0033] The display may be, for example, a touchscreen liquid crystal display (LCD) that allows the user to interact with the user interface of the computer terminal 10 (or electronic device).
[0034] It should be noted here that, in some optional embodiments, the above... Figure 1 The computer device (or electronic device) shown may include hardware elements (including circuitry), software elements (including computer code stored on a computer-readable medium), or a combination of both hardware and software elements. It should be noted that... Figure 1 This is only one instance of a particular specific instance, and is intended to illustrate the types of components that may exist in the aforementioned computer equipment (or electronic equipment).
[0035] Figure 2 This is a structural diagram of a data sharing system according to an embodiment of this application, such as... Figure 2 As shown, the data sharing system 200 includes: a multi-level device 202, a data exchange module 204, a key distribution network 206, and a privacy computing module 208. The scope of permissions for devices at different levels within the multi-level device system decreases sequentially. The data exchange module is used to share data among the multi-level devices. The key distribution network is used to distribute encryption keys for the data shared among the multi-level devices. The privacy computing module is used for higher-level devices in the multi-level device system to provide shared data resource services to their subordinate lower-level devices.
[0036] In the aforementioned data sharing system, the multi-level device 202 includes: Level 1 device 2001, Level 2 device 2002, and Level 3 device 2003. The Level 2 device belongs to the Level 1 device, and the Level 3 device belongs to the Level 2 device. There are multiple Level 2 and Level 3 devices.
[0037] In the aforementioned data sharing system, Level 1 devices are used to manage the data of Level 2 and Level 3 devices.
[0038] In this application embodiment, the data sharing system is applied in a government data sharing and exchange scenario. This scenario involves multiple levels of units, each corresponding to a first-level device. Specifically, a first-level unit corresponds to a first-level device, a second-level unit to a second-level device, a third-level unit to a third-level device, and so on. This application applies to a three-level unit data sharing and exchange scenario. A first-level unit refers to a department with management authority over the entire system and the authority to collect and aggregate data from second- and third-level units. A second-level unit refers to a department subordinate to a first-level unit, and a third-level unit refers to a department subordinate to a second-level unit. Given these relationships among multiple levels of units, the corresponding devices also have corresponding relationships: first-level devices are used to collect and manage data from second- and third-level devices, second-level devices are subordinate to first-level devices, and third-level devices are subordinate to second-level devices.
[0039] In the aforementioned data sharing system, each level of the multi-level device includes a data exchange module 204, a key management module 210, and a privacy computing module 208. The data exchange module in the third-level device is used to communicate with the data exchange module in its subordinate second-level device, the data exchange module in the second-level device is used to communicate with the data exchange module in the first-level device, and the key management module is used to receive the encryption key distributed by the key distribution network.
[0040] In the aforementioned data sharing system, the data exchange module in the tertiary device is also used to communicate with the data exchange modules in other tertiary devices belonging to the same secondary device. The data exchange module in the secondary device is also used to communicate with the data exchange modules in all secondary devices. The data exchange module in the primary device is used to communicate with the data exchange modules in all secondary devices.
[0041] In this embodiment, the data exchange module functions as follows: The data exchange module is responsible for data transmission sharing and exchange. A data exchange module in a tertiary device can communicate with the data exchange modules in its subordinate tertiary devices, and also with the data exchange modules of other tertiary devices belonging to the same tertiary device. A data exchange module in a tertiary device can communicate with the data exchange modules of its subordinate tertiary devices, with all data exchange modules in tertiary devices, and with the data exchange modules in primary devices. A data exchange module in a primary device can communicate with the data exchange modules of all tertiary devices.
[0042] Communication between data exchange modules is based on general-purpose or dedicated networks. Existing communication protocols can be used to transmit data. During transmission, symmetric encryption algorithms (including but not limited to the Chinese national cryptographic algorithms SM1, SM4, SM7, and other common symmetric encryption algorithms) are used to encrypt the transmitted data. The keys used in these symmetric encryption algorithms are sourced from key distribution networks, such as quantum key distribution networks. This virtually eliminates the possibility of data being eavesdropped on or tampered with during transmission.
[0043] In the aforementioned data sharing system, both the primary and secondary devices include a data aggregation module 212. The data aggregation module in the primary device is responsible for the data aggregation management of all secondary devices, and the data aggregation module in the secondary device is responsible for the data aggregation management of all tertiary units.
[0044] In this embodiment, the main functions of the data aggregation module are as follows: The data aggregation module adopts general data aggregation technology, including metadata management, data lineage analysis, data quality management, data catalog management, data asset management, and other technical means, to realize the aggregation, analysis, and management of government data of the subordinate devices. The data aggregation module of the first-level device is responsible for the data aggregation management of all second-level devices, and the data aggregation module of the second-level device is responsible for the data aggregation management of all subordinate third-level devices.
[0045] In the aforementioned data sharing system, the key management module is used to generate a binary random sequence based on a quantum random number generator; to determine the encryption key based on the binary random sequence; and to manage the lifecycle of the encryption key.
[0046] In the aforementioned data sharing system, the key management module in the secondary device is used to distribute encryption keys to the various tertiary devices under its jurisdiction and to provide encryption keys to the data exchange module in the secondary device; the key management module in the tertiary device is used to receive the encryption keys distributed by the secondary device and to provide the encryption keys to the data exchange module in the tertiary device.
[0047] In this embodiment, the key management module mainly refers to the quantum key management module, whose functions are as follows: The quantum key management module is responsible for distributing quantum keys. Specifically, the quantum key management module uses quantum communication technology and a quantum random number generator to generate a truly random binary random sequence. It then uses a continuous n-bit random sequence (the value of n is determined according to the symmetric encryption algorithm used) to obtain a random symmetric encryption key. Independent quantum communication channels are established between the first-level and second-level devices, and between the second-level and third-level devices, to transmit the quantum key. The quantum key management module is responsible for generating the quantum key and managing its lifecycle. The quantum key management module in the second-level device is responsible for distributing the quantum key to each subordinate third-level device and providing the key used for the symmetric encryption algorithm to the data exchange module in the second-level device. The quantum key module in the third-level device is responsible for receiving the quantum key distributed by the upper-level second-level device and providing the key required for symmetric encryption to the data exchange module in the third-level device.
[0048] In the aforementioned data sharing system, the privacy computing module in the primary device is used to collect the data resource catalog reported by the secondary devices and provide shared data resource services to the secondary devices under the jurisdiction of the primary device; the privacy computing module in the secondary device is used to collect the data resource catalog reported by the tertiary devices under the jurisdiction of the secondary device and provide shared data resource services to the tertiary devices under the jurisdiction of the secondary device.
[0049] In the aforementioned data sharing system, the privacy computing module is also used to query first data based on the data resource catalog, wherein the first data is encrypted data; determine second data from the first data that meets preset conditions, wherein the preset conditions are data that is common to the first data; and train an encryption model based on the second data.
[0050] In this embodiment, the main functions of the privacy computation module are as follows: The privacy computation module uses general multi-party secure computation algorithms and federated learning techniques to achieve multi-party data querying and joint data modeling. The privacy computation module of a Level 1 device is responsible for collecting the data resource catalogs reported by Level 2 devices and providing shared data resource services to its subordinate Level 2 devices. The privacy computation module of a Level 2 device is responsible for collecting the data resource catalogs reported by its subordinate Level 3 devices and providing shared data resource services to its subordinate Level 3 devices. The privacy computation module in a Level 2 device can also obtain the data resource catalogs of its peer Level 2 devices provided by the Level 1 device through the data exchange module, and can use the obtained data resources to call general multi-party secure computation algorithms for secure multi-party queries, and can also call general federated learning techniques for secure joint data modeling. The privacy computation module of a Level 3 device can obtain the data resource catalogs of its peer Level 3 devices provided by its subordinate Level 2 devices through the data exchange module, and can use the obtained data resource services to call general multi-party secure computation algorithms for secure multi-party queries, and can also call general federated learning techniques for secure joint data modeling.
[0051] Because data transmission employs symmetric encryption technology based on quantum key distribution networks, the possibility of data being eavesdropped on or tampered with during transmission is greatly reduced. Multi-party secure computation and federated learning technologies utilize homomorphic encryption, obfuscated circuits, and zero-knowledge proofs to guarantee data privacy at the algorithmic level. Therefore, the privacy computation module can largely ensure data security and data privacy.
[0052] In the aforementioned data sharing system, the encrypted model is trained as follows: Data providers receive public keys distributed by collaborators, which are used to encrypt data to be exchanged during training; intermediate results are transmitted between data providers in encrypted form, whereby the intermediate results are used to calculate gradient values; each data provider decrypts the intermediate results using its private key to obtain decrypted data; gradient values corresponding to the data providers are calculated based on the decrypted data; the gradient values are returned to the collaborators, and model parameters are received from the collaborators, whereby the model parameters are calculated by the collaborators based on the gradient values; the model is iteratively trained based on the model parameters until the loss function of the trained model converges, resulting in the encrypted model.
[0053] In this application, "data provider" refers to a data provider in the government affairs sector capable of providing block data, strip data, and data from other sources. Block data includes cross-level government service data (including personnel data, emergency data, etc.) at the provincial, municipal, district, and county levels. "Data queryer" refers to government data applications in the government affairs sector, including data visualization, data-driven decision-making, data modeling, and data dashboards. Data providers upload various types of cross-level and cross-agency block data in the government affairs sector to a privacy-based computing-based data sharing system through a data resource center.
[0054] The training process of the above encryption model is explained below. Taking the linear regression model as an example, the training process can be divided into the following steps:
[0055] Step 1: Collaborator C distributes the public key to the data provider to encrypt the data that needs to be exchanged during training. The transmitted data is the intermediate result of the model's calculation and does not involve user privacy. The transmitted data is encrypted and is decrypted using the private key during model training.
[0056] Step 2: Data providers exchange intermediate results used for gradient calculation in encrypted form.
[0057] Step 3: The data providers each calculate their own gradient values based on the decrypted intermediate information (linear combination result). Then, the data providers upload the calculated gradient values to C, and C calculates the new parameters of the model based on the gradient values.
[0058] Step 4: C sends the four new parameters (i.e., the model parameters mentioned above) back to the data provider, which updates the model of the data provider for the new round of iteration.
[0059] Step 5: Iterate through the above steps until the loss function converges.
[0060] In the aforementioned data sharing system, the primary device also includes a pre-processing module 214, which is used to isolate the shared data.
[0061] In this embodiment, the main functions of the front-end processing module are as follows: Due to the special nature of government data, it is necessary to isolate the data using the front-end processing module. The front-end processing module includes a front-end database, a front-end machine, and a cryptographic service middleware. Data sharing and exchange are initiated by the data exchange and transmission software within the front-end machine. The cryptographic service middleware negotiates the session key with the quantum key service management platform by calling the hardware and software cryptographic media. The quantum key service management platform generates a quantum key and securely distributes the session key to the front-end machines at both ends of the communication through the protection of the pre-charged key. The sending front-end machine calls the cryptographic service middleware to decrypt the database table data and file data to be transmitted from ciphertext to plaintext in the front-end database. The sending front-end machine calls the cryptographic service middleware to encrypt the data to be transmitted using the session key, and forwards it to the receiving front-end machine after encryption. The receiving front-end machine calls the cryptographic service middleware and uses the session key to decrypt the received data, replaces the locally stored encryption key for encryption, and stores the encrypted data as ciphertext.
[0062] The data sharing system provided in this application embodiment performs encryption operations on data based on protocols such as homomorphic encryption, zero-knowledge proof, unintentional transmission, obfuscated circuits, secret sharing, and blind signatures. While ensuring data security, it enables multi-level device sharing and exchange of government data, government data analysis (privacy intersection, privacy summation, secure comparison, etc.), and collaborative modeling of government data (secure federated learning). This reconstructs privacy-sensitive business models and alleviates privacy violations in data circulation under multi-party data aggregation business models. The system has two applications: The first part includes applications such as privacy-based computation data querying, data visualization analysis, and data dashboards. Data is used to generate a privacy-based computation data catalog through this system. The data catalog mainly includes sub-modules such as list management, catalog management, catalog registration, catalog publishing, and catalog subscription. Data users can retrieve and query data through the privacy-based computation data catalog. The second part is a data modeling application based on federated learning. This system aligns encrypted samples. It identifies shared data without disclosing the data itself, and avoids exposing non-overlapping data to jointly model these features. After identifying the shared data, machine learning models can be trained using this data. To ensure data confidentiality during training, encrypted training is required with the help of a third-party collaborator. The training process has been described above and will not be repeated here. The system also includes performance incentives, which consider both privacy protection and effectiveness in collaborative modeling among multiple institutions, as well as rewarding institutions that contribute more data through a consensus mechanism.
[0063] Figure 3 This is a schematic diagram of the structure of a data sharing and exchange system according to an embodiment of this application. Figure 3 In the middle, the first-level unit can correspond to Figure 2 The first-level equipment and the second-level units can correspond to Figure 2 The secondary equipment and tertiary units in the system can correspond to Figure 2 The three levels of equipment in the system, namely the quantum key management module in the first level, the quantum key distribution module in the second level, and the quantum key module in the third level, all correspond to... Figure 2 The key management module in the secondary unit also includes a front-end database, the function of which has been described above and will not be repeated here. The tertiary unit also includes a front-end processing module, whose function is the same as that in the primary unit, and will not be repeated here. Figure 3 The quantum cryptography distribution network in the middle is equivalent to Figure 2 In the key distribution network, the data exchange service provides corresponding service support for the data exchange module, and the privacy computing service provides corresponding service support for the privacy computing module.
[0064] In the above operating environment, this application provides a data sharing method embodiment. It should be noted that the steps shown in the flowchart in the accompanying drawings can be executed in a computer system such as a set of computer-executable instructions. Also, although a logical order is shown in the flowchart, in some cases, the steps shown or described can be executed in a different order than that shown here.
[0065] Figure 4 This is a flowchart of a data sharing method according to an embodiment of this application, such as... Figure 4 As shown, the method includes the following steps:
[0066] Step S402: Receive shared data transmitted by the sending device, wherein the sending device is any one of the multi-level devices, and the scope of permissions of devices at different levels in the multi-level devices decreases sequentially.
[0067] Step S404: After obtaining the encryption key from the key distribution network, encrypt the shared data according to the encryption key;
[0068] Step S406: Send the encrypted data to the receiving device, wherein the receiving device is any device in the multi-level device system other than the sending device and which has communication function with the sending device.
[0069] It should be noted that, Figure 4 The data sharing method shown can be applied to Figure 2 The data sharing system shown, therefore, Figure 2 The relevant explanations and descriptions in the data sharing system also apply to this data sharing method, and will not be repeated here.
[0070] Figure 5 This is a structural diagram of a data sharing device according to an embodiment of this application, such as... Figure 5 As shown, the device includes:
[0071] The receiving module 502 is used to receive shared data transmitted by the sending device, wherein the sending device is any one of the multi-level devices, and the scope of permissions of devices at different levels in the multi-level devices decreases sequentially.
[0072] The encryption module 504 is used to encrypt shared data based on the encryption key obtained from the key distribution network.
[0073] The sending module 506 is used to send encrypted data to the receiving device, wherein the receiving device is any device in the multi-level device that has communication function with the sending device, other than the sending device.
[0074] It should be noted that, Figure 5 The data sharing device shown is used to perform Figure 4 The data sharing method shown also applies to Figure 2 The data sharing system shown, therefore, Figure 2 The relevant explanations and descriptions in the data sharing system also apply to this data sharing device, and will not be repeated here.
[0075] This application embodiment also provides a non-volatile storage medium, which includes a stored computer program. The device containing the non-volatile storage medium executes the following data sharing method by running the computer program: receiving shared data transmitted by a sending device, wherein the sending device is any one of a multi-level device, and the scope of permissions of devices at different levels in the multi-level device decreases sequentially; obtaining an encryption key from a key distribution network and encrypting the shared data according to the encryption key; and sending the encrypted data to a receiving device, wherein the receiving device is any one of the multi-level devices other than the sending device and has communication capabilities with the sending device.
[0076] The sequence numbers of the embodiments in this application are for descriptive purposes only and do not represent the superiority or inferiority of the embodiments.
[0077] In the above embodiments of this application, the descriptions of each embodiment have different focuses. For parts not described in detail in a certain embodiment, please refer to the relevant descriptions of other embodiments.
[0078] In the several embodiments provided in this application, it should be understood that the disclosed technical content can be implemented in other ways. The device embodiments described above are merely illustrative; for example, the division of units can be a logical functional division, and in actual implementation, there may be other division methods. For instance, multiple units or components may be combined or integrated into another system, or some features may be ignored or not executed. Furthermore, the displayed or discussed mutual coupling, direct coupling, or communication connection may be through some interfaces; the indirect coupling or communication connection between units or modules may be electrical or other forms.
[0079] The units described as separate components may or may not be physically separate. The components shown as units may or may not be physical units; that is, they may be located in one place or distributed across multiple units. Some or all of the units can be selected to achieve the purpose of this embodiment according to actual needs.
[0080] Furthermore, the functional units in the various embodiments of this application can be integrated into one processing unit, or each unit can exist physically separately, or two or more units can be integrated into one unit. The integrated unit can be implemented in hardware or as a software functional unit.
[0081] If the integrated unit is implemented as a software functional unit and sold or used as an independent product, it can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of this application, in essence, or the part that contributes to the prior art, or all or part of the technical solution, can be embodied in the form of a software product. This computer software product is stored in a storage medium and includes several instructions to cause a computer device (which may be a personal computer, server, or network device, etc.) to execute all or part of the steps of the methods described in the various embodiments of this application. The aforementioned storage medium includes various media capable of storing program code, such as USB flash drives, read-only memory (ROM), random access memory (RAM), portable hard drives, magnetic disks, or optical disks.
[0082] The above description is only a preferred embodiment of this application. It should be noted that for those skilled in the art, several improvements and modifications can be made without departing from the principle of this application, and these improvements and modifications should also be considered within the scope of protection of this application.
Claims
1. A data sharing system, characterized in that, include: The system comprises a multi-level device, a data exchange module, a key distribution network, and a privacy computing module, wherein the scope of permissions of devices at different levels within the multi-level device decreases sequentially. The data exchange module is used to share data among the multi-level devices; The key distribution network is used to distribute encryption keys for data shared among the multi-level devices; The privacy computing module is used by the higher-level device in the multi-level device to provide shared data resource services to the lower-level devices under its jurisdiction. The multi-level equipment includes: a first-level equipment, a second-level equipment, and a third-level equipment. The second-level equipment belongs to the first-level equipment, and the third-level equipment belongs to the second-level equipment. There are multiple second-level equipment and multiple third-level equipment. The primary device is used to manage the data of the secondary and tertiary devices; Each level of the multi-level device includes the data exchange module, the key management module, and the privacy computing module. The data exchange module in the third-level device is used to communicate with the data exchange module in its corresponding second-level device. The data exchange module in the second-level device is used to communicate with the data exchange module in the first-level device. The key management module is used to receive the encryption key distributed by the key distribution network. The data exchange module in the third-level device is also used to communicate with the data exchange modules in other third-level devices belonging to the same second-level device. The data exchange module in the second-level device is also used to communicate with the data exchange modules in all second-level devices. The data exchange module in the first-level device is used to communicate with the data exchange modules in all second-level devices.
2. The system according to claim 1, characterized in that, Both the primary and secondary devices include a data aggregation module. The data aggregation module in the primary device is responsible for the data aggregation management of all secondary devices, and the data aggregation module in the secondary device is responsible for the data aggregation management of all tertiary units.
3. The system according to claim 1, characterized in that, The key management module is used to generate a binary random sequence based on a quantum random number generator; determine the encryption key based on the binary random sequence; and manage the lifecycle of the encryption key.
4. The system according to claim 1, characterized in that, The key management module in the secondary device is used to distribute the encryption key to each of the tertiary devices under its jurisdiction, and to provide the encryption key to the data exchange module in the secondary device; the key management module in the tertiary device is used to receive the encryption key distributed by the secondary device, and to provide the encryption key to the data exchange module in the tertiary device.
5. The system according to claim 1, characterized in that, The privacy computing module in the primary device is used to collect the data resource catalog reported by the secondary device and provide shared data resource services to the secondary devices under the jurisdiction of the primary device; the privacy computing module in the secondary device is used to collect the data resource catalog reported by the tertiary devices under the jurisdiction of the secondary device and provide shared data resource services to the tertiary devices under the jurisdiction of the secondary device.
6. The system according to claim 5, characterized in that, The privacy computing module is further configured to query first data based on the data resource catalog, wherein the first data is encrypted data; determine second data from the first data that meets preset conditions, wherein the preset conditions are common data in the first data; and train an encryption model based on the second data.
7. The system according to claim 6, characterized in that, The encrypted model is trained as follows: Data providers receive a public key distributed by collaborators, which is used to encrypt data to be exchanged during training; intermediate results are transmitted between data providers in encrypted form, whereby the intermediate results are used to calculate gradient values; each data provider decrypts the intermediate results using its private key to obtain decrypted data; gradient values corresponding to each data provider are calculated based on the decrypted data; the gradient values are returned to the collaborators, and model parameters are received from the collaborators, whereby the model parameters are calculated by the collaborators based on the gradient values; the model is iteratively trained based on the model parameters until the loss function of the trained model converges, thus obtaining the encrypted model.
8. The system according to claim 1, characterized in that, The primary device also includes a pre-processing module, which is used to isolate the shared data.
9. A data sharing method, characterized in that, include: Receive shared data transmitted by a sending device, wherein the sending device is any one of the multi-level devices, and the scope of permissions of the devices at different levels in the multi-level devices decreases sequentially. After obtaining the encryption key from the key distribution network, the shared data is encrypted using the encryption key. The encrypted data is sent to the receiving device, wherein the receiving device is any one of the multi-level devices other than the sending device and has communication function with the sending device; The multi-level equipment includes: a first-level equipment, a second-level equipment, and a third-level equipment. The second-level equipment belongs to the first-level equipment, and the third-level equipment belongs to the second-level equipment. There are multiple second-level equipment and multiple third-level equipment. The primary device is used to manage the data of the secondary and tertiary devices; Each level of the multi-level device includes a data exchange module, a key management module, and a privacy computing module. The data exchange module in the third-level device is used to communicate with the data exchange module in its corresponding second-level device. The data exchange module in the second-level device is used to communicate with the data exchange module in the first-level device. The key management module is used to receive the encryption key distributed by the key distribution network. The data exchange module in the third-level device is also used to communicate with the data exchange modules in other third-level devices belonging to the same second-level device. The data exchange module in the second-level device is also used to communicate with the data exchange modules in all second-level devices. The data exchange module in the first-level device is used to communicate with the data exchange modules in all second-level devices.