Data processing method and device, equipment, storage medium and program product

By receiving authentication and permission information from functional units to perform identity authentication and access permission settings, the privacy and security issues caused by inconsistencies in storage systems in privacy computing are resolved. This enables secure data caching and access control, improving data security and management efficiency.

CN116305246BActive Publication Date: 2026-06-05CHINA MOBILE INFORMATION TECHNOLOGY CO LTD +1

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
CHINA MOBILE INFORMATION TECHNOLOGY CO LTD
Filing Date
2023-01-13
Publication Date
2026-06-05

AI Technical Summary

Technical Problem

In privacy computing, the inconsistent storage systems used by different companies for their underlying infrastructure and functional modules lead to privacy and security issues in data storage and retrieval, increasing project development and communication costs, and lacking data access restrictions and auditing mechanisms.

Method used

By receiving authentication and permission information from functional units, identity authentication is performed and access permissions for target data are set. Only legitimate functional units with matching permissions can read or store data. A storage protocol proxy service is used for protocol conversion to achieve secure data caching and access control.

Benefits of technology

It improves the privacy and security of functional units, prevents units with mismatched permissions from reading data, reduces the cost of changing storage protocols, and enables access control and audit tracking for data.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN116305246B_ABST
    Figure CN116305246B_ABST
Patent Text Reader

Abstract

The application discloses a data processing method, device, equipment, storage medium and program product. The method comprises the following steps: receiving a first service request sent by a first function unit, the first service request being used for requesting to cache target data, the first service request comprising first authentication information and permission information of the target data; in response to the first service request, performing identity authentication on the first function unit according to the first authentication information; in the case that the identity authentication of the first function unit is passed, setting an access permission of the target data according to the permission information, and caching the target data. The security of the private data of the function unit is improved.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application belongs to the field of data security technology, and in particular relates to a data processing method, apparatus, device, storage medium and program product. Background Technology

[0002] With the development of the big data industry, we have now entered the era of data security, and the most advanced data security technology is privacy computing. Privacy computing has moved from a stage where each company develops its own system to a stage of interconnectivity and decoupling. For example, consider a base with n pluggable functional modules. The base and functional modules may come from different companies, and the functional modules themselves may also come from different companies. However, the base and each functional module rely on a storage system to share data. Because the storage systems used by different companies' bases and functional modules are inconsistent, privacy and security issues arise in the data storage and retrieval between modules. Summary of the Invention

[0003] This application provides a data processing method, apparatus, device, storage medium, and program product that can improve data security.

[0004] In a first aspect, embodiments of this application provide a data processing method, the method comprising:

[0005] Receive a first service request sent by a first functional unit, the first service request being used to request cached target data, the first service request including first authentication information and permission information of the target data;

[0006] In response to the first service request, the first functional unit is authenticated based on the first authentication information;

[0007] If the first functional unit's identity authentication is successful, the access permissions for the target data are set according to the permission information, and the target data is cached.

[0008] Secondly, embodiments of this application provide a data processing apparatus, the apparatus comprising:

[0009] The first receiving module is configured to receive a first service request sent by the first functional unit. The first service request is used to request cached target data. The first service request includes first authentication information and permission information of the target data.

[0010] The first authentication module is used to respond to the first service request and authenticate the identity of the first functional unit based on the first authentication information.

[0011] The first caching module is used to set access permissions for the target data according to the permission information and cache the target data when the identity authentication of the first functional unit is successful.

[0012] Thirdly, embodiments of this application provide a data processing device, the device including: a processor and a memory storing computer program instructions;

[0013] The processor implements the above data processing method when executing computer program instructions.

[0014] Fourthly, embodiments of this application provide a computer storage medium storing computer program instructions, which, when executed by a processor, implement the data processing method described above.

[0015] Fifthly, embodiments of this application provide a computer program product, the computer program product including computer program instructions, which, when executed by a processor, implement the data processing method described above.

[0016] The data processing method provided in this application can receive a first service request sent by a first functional unit. The first service request requests the caching of target data and includes first authentication information and permission information for the target data. In response to the first service request, the method authenticates the first functional unit based on the first authentication information. If the first functional unit's authentication is successful, the method sets the access permissions for the target data based on the permission information and caches the target data. Therefore, when the first functional unit sends a data caching request, it can authenticate the first functional unit. If the authentication is successful, the method sets the access permissions for the target data based on the permission information and caches the target data. Consequently, functional units with permissions incompatible with the target data will be unable to read the target data, improving the security of the functional units' privacy data. Attached Figure Description

[0017] To more clearly illustrate the technical solutions of the embodiments of this application, the drawings used in the embodiments of this application will be briefly introduced below. Obviously, the drawings described below are only some embodiments of this application. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

[0018] Figure 1 This is a schematic diagram of a data processing flow provided in an embodiment of this application;

[0019] Figure 2 This is a schematic diagram of a storage system structure provided in an embodiment of this application;

[0020] Figure 3This is a schematic flowchart of a data processing method provided in another embodiment of this application;

[0021] Figure 4 This is a schematic flowchart of a data processing method provided in another embodiment of this application;

[0022] Figure 5 This is a schematic diagram of the structure of a data processing apparatus provided in an embodiment of this application;

[0023] Figure 6 This is a schematic diagram of the structure of a data processing device provided in an embodiment of this application. Detailed Implementation

[0024] The features and exemplary embodiments of various aspects of this application will be described in detail below. To make the objectives, technical solutions, and advantages of this application clearer, the application will be further described in detail below with reference to the accompanying drawings and specific embodiments. It should be understood that the specific embodiments described herein are only intended to explain this application and not to limit it. For those skilled in the art, this application can be implemented without some of these specific details. The following description of the embodiments is merely to provide a better understanding of this application by illustrating examples of this application.

[0025] It should be noted that, in this document, relational terms such as "first" and "second" are used merely to distinguish one entity or operation from another, and do not necessarily require or imply any such actual relationship or order between these entities or operations. Furthermore, the terms "comprising," "including," or any other variations thereof are intended to cover non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements includes not only those elements but also other elements not expressly listed, or elements inherent to such a process, method, article, or apparatus. Without further limitations, an element defined by the phrase "comprising..." does not exclude the presence of additional identical elements in the process, method, article, or apparatus that includes the element.

[0026] It should be noted that, unless otherwise specified, the embodiments and features described in this application can be combined with each other.

[0027] With the development of the big data industry, we have now entered the era of data security. Currently, the leading data security technology is privacy computing. Privacy computing has moved from a stage where each company develops its own system to a stage of interconnectivity and decoupling. For example, it might involve one base and n pluggable functional modules, where the base and functional modules may come from different companies, and the functional modules themselves may also come from different companies. However, both the base and the functional modules rely on a storage system to share data. Because the storage systems used by different companies' bases and functional modules are inconsistent, the following solutions are currently mainly used for storage sharing in privacy computing:

[0028] Using a single enterprise's storage system as the standard (typically the platform enterprise), other module enterprises adopt the agreed-upon standard storage system's protocol, modify their storage protocols, and connect to the storage system. In a privacy-preserving computing scenario with one platform and n functional modules, the storage system enterprise may or may not be the platform or other functional module enterprises. Therefore, the platform and functional module enterprises need to integrate storage services to provide data access and sharing between the platform and other functional modules. The existing integration solutions described above have the following drawbacks:

[0029] 1. Different companies require different storage system protocols or customized development for the storage systems used by the underlying system, increasing project development and communication costs.

[0030] 2. Based on the current storage system sharing scheme, there are no access restrictions on data. The base and functional modules (as long as they are services deployed within the privacy computing system) can access any file in the storage.

[0031] 3. Which module uploaded or downloaded the file? Auditing is lacking.

[0032] To address the problems of the prior art, embodiments of this application provide a data processing method, apparatus, device, storage medium, and program product. The data processing method provided in this application embodiment will be described first below.

[0033] Figure 1 A flowchart illustrating a data processing method according to an embodiment of this application is shown. The method includes the following steps S101 to S103:

[0034] S101, Receive the first service request sent by the first functional unit.

[0035] The first service request is used to request cached target data, and the first service request includes first authentication information and permission information for the target data.

[0036] Specifically, when the first functional unit needs to store target data, it sends a first service request to the storage unit to request the storage of the target data. The service request also includes the authentication information of the first functional unit and the permission information of the target data to be stored, that is, the permissions set for the target data.

[0037] S102, in response to the first service request, authenticate the identity of the first functional unit based on the first authentication information.

[0038] Specifically, upon receiving a first service request, the storage unit can authenticate the first functional unit based on the first authentication information in the first service request to determine that the first functional unit is a legitimate functional unit. Here, the first functional unit can pre-register its identity information in the storage unit, and the storage unit will issue a corresponding account and password to the first functional unit. Optionally, access permissions can also be set for the first functional unit to allow it to read storage data that matches its permissions.

[0039] S103, if the first functional unit's identity authentication is successful, set the access permissions for the target data according to the permission information and cache the target data.

[0040] The successful authentication of the first functional unit here can be attributed to the validity and accuracy of the authentication information in the first service request. For example, if the authentication information is a username and password, the storage unit, after obtaining the username and password from the first service request, verifies that the username and password match correctly, thus passing the verification. After successful authentication, the target data and its corresponding storage permissions from the first service request are obtained, and these storage permissions are set as the permissions for the target data. This means that only functional modules with the required storage permissions can read the target data, and only the first functional unit can access and modify the target data. Therefore, functional units with permissions that do not match the target data will be unable to read the target data, thereby improving the data security of the target data.

[0041] The data processing method provided in this application can receive a first service request sent by a first functional unit. The first service request requests the caching of target data and includes first authentication information and permission information for the target data. In response to the first service request, the method authenticates the first functional unit based on the first authentication information. If the first functional unit's authentication is successful, the method sets the access permissions for the target data based on the permission information and caches the target data. Therefore, when the first functional unit sends a data caching request, it can authenticate the first functional unit. If the authentication is successful, the method sets the access permissions for the target data based on the permission information and caches the target data. Consequently, functional units with permissions incompatible with the target data will be unable to read the target data, improving the security of the functional units' privacy data.

[0042] In some embodiments, the above data processing method may further include the following steps:

[0043] Receive a second service request sent by the second functional unit. The second service request is used to request to read target data and includes second authentication information.

[0044] In response to the second service request, the second functional unit is authenticated based on the second authentication information;

[0045] If the second functional unit's identity authentication is successful, determine the permission level of the second functional unit;

[0046] If the permission level of the second functional unit matches the access permission of the target data, the target data is sent to the second functional unit.

[0047] Specifically, when the second functional unit needs to read the target data, it can send a second service request to the storage unit. The storage unit authenticates the second functional unit based on the second authentication information in the second service request. If the second functional unit is successfully authenticated and its permissions match the access permissions of the target data, then the second functional unit is allowed to read the target data, and the target data can be sent to the second functional unit.

[0048] In this embodiment, when the second functional unit reads the target data stored by the first functional unit, the second functional unit first needs to be authenticated. After successful authentication, it is confirmed whether the permissions of the second functional unit match the access permissions set for the target data. If they do not match, the read request from the first functional unit is rejected; if they match, the target data can be read. The access permissions for the target data are set according to the permission information in the first service request sent by the first functional unit when storing the target data. This prevents the data stored by the first functional unit from being accessed by units without the required access permissions, thus improving the security of privacy data.

[0049] In some embodiments, authentication includes detecting the account, password, and storage permissions of the first functional unit. If the account, password, and storage permissions are correct, the first functional unit is allowed to store the target data.

[0050] Specifically, each functional unit has a unique storage account and corresponding password, and each functional unit has corresponding permissions. The user can set the permissions of the specific functional unit himself, and this application does not limit it.

[0051] In some embodiments, after S103 above, the following steps may also be included:

[0052] Generate unique identification information, which is used to indicate the target data;

[0053] Based on the first authentication information and the unique identification information, a storage record for the first functional unit is generated.

[0054] Specifically, after the first functional unit stores the target data, a unique identifier is generated for the storage behavior of the first functional unit, and the authentication information of the first functional unit and the corresponding unique identifier are stored and recorded, that is, the storage record of the target data is maintained so as to monitor the access of the target data.

[0055] Similarly, after the second functional unit reads the target data, the reading behavior of the second functional unit can be recorded to monitor the readability of the target data and ensure data security.

[0056] In some embodiments, the above data processing method may further include the following steps:

[0057] Receive a third service request sent by the third functional unit. The third service request is used to request access permissions to modify the target data. The third service request includes third authentication information and permission modification information.

[0058] In response to a third service request, the third functional unit is authenticated based on the third authentication information to obtain the authentication result;

[0059] If the authentication result indicates that the third functional unit and the first functional unit are the same functional unit, modify the access permissions of the target data according to the permission modification information.

[0060] Specifically, access permissions for already stored target data can also be modified. When the storage unit receives a third service request from the third functional unit, requesting modification of access permissions for target data already stored in the storage unit, it first obtains the third authentication information of the third functional unit. If the third functional unit's identity is legitimate, and it is confirmed that the third functional unit and the first functional unit storing the data are the same functional unit (i.e., the authentication account and password of the first functional unit and the third functional unit are the same), the access permissions for the target data are modified according to the permission modification information in the third service request.

[0061] In this embodiment, the first functional unit that stores the target data can modify the storage permissions of the target data.

[0062] In some embodiments, the above-mentioned cached target data may include the following steps:

[0063] Obtain the storage protocol of the first functional unit;

[0064] If the storage protocol of the first functional unit is inconsistent with the preset storage protocol, the target data shall be stored according to the preset storage protocol.

[0065] Specifically, the first functional unit can store the target data in the storage unit according to its own set storage protocol. If the storage protocol of the first functional unit is inconsistent with the preset storage protocol, the storage unit can store the target data according to the preset storage protocol, that is, convert the storage protocol of the target data into the preset storage protocol for storage. Thus, each functional unit does not need to use a unified storage protocol to store data, making data storage more convenient.

[0066] To facilitate understanding of the data processing method provided in this embodiment, a practical application of the above data processing method is provided for illustration, as shown in the following example:

[0067] like Figure 2 As shown, this application embodiment provides a storage system 200, including a storage protocol proxy service 201, a data permission module 202, and a storage module 203.

[0068] Storage system 200 provides storage services to the base and other functional units within the privacy computing system; storage protocol proxy service 201 provides storage protocol conversion services; data permission module 202 provides access permissions for operating files; storage module 203 provides storage for actual deployment, including HDFS, MiniIO, etc.

[0069] The storage protocol proxy module 202 is divided into three layers: storage protocol receiver, which is used to receive the storage protocols of the base and other functional units; storage permission authentication, which is used to identify whether the corresponding storage operation permission is available; and storage protocol conversion and distribution, which uses the storage protocol corresponding to the storage to perform the actual storage operation.

[0070] like Figures 3 to 4 As shown, when a functional unit performs data access, it includes the following steps:

[0071] Preliminary preparations:

[0072] 1. The storage system enables account and password login, so an account and password login is required when connecting to the storage protocol proxy service.

[0073] 2. Establish permission levels within the storage system, which can be categorized by function, such as: gateway module, algorithm modeling module, etc.

[0074] 3. When each functional module (i.e., functional unit) is added to the privacy computing system, it is categorized in the storage system, such as belonging to the gateway module or the algorithm modeling module. Each functional module is then assigned a login account and password to the storage system, and this account / password is mapped to its corresponding permission level.

[0075] Definition of noun:

[0076] Audit information storage: This is a place used to store information about some operations of the storage system, such as hard drive, MySQL, Redis, etc.

[0077] Data storage:

[0078] like Figure 3 As shown, the data storage steps are as follows:

[0079] 3.1. The docking station or functional module connects to the storage protocol receiver using the storage protocol originally used by each company. For example, Company A uses FastDFS, and Company B uses HDFS. During connection login, the docking station or functional module uses the account and password issued in step 3 of the pre-preparation.

[0080] 3.2. The storage permission authentication module stores the logged-in accounts in the audit information storage.

[0081] 3.3. The storage permission authentication module determines whether the account and password are correct and whether the user has permission to log in to the storage system. If the account and password are incorrect or the user does not have permission to log in to the storage system, the user is directly denied access.

[0082] 3.4. The base or functional module uses the original storage protocol to write files through the storage protocol receiver. The storage permission authentication module calls the storage protocol conversion and distribution layer to perform the actual storage writing. Minio or other storage protocols can be used here. Since it is inside the storage system, the choice of storage and protocol will not affect the overall privacy computing system.

[0083] 3.5. After the write operation is complete, the storage returns a fileid that uniquely identifies the file.

[0084] 3.6. The storage permission authentication module finds the corresponding permission level through the account and password of this connection, records and saves the corresponding permission level, account and fileid information of the file to be written, and writes it into the audit information storage.

[0085] 3.7. The storage service returns the fileid to the caller of the base or functional module.

[0086] 3.8. The base or functional module calls the interface of the data permission module, passing in its own account password, the fileid returned in step 3.6, and the permission level allowed to access this file, such as the gateway or algorithm modeling module, or the gateway and algorithm modeling module, etc.

[0087] 3.9. The data permission module writes the account, the fileid for modifying data permissions, and the modified permission content into the audit information storage.

[0088] 3.10. The data permission module internally checks whether the account password is correct. If it is incorrect, it returns failure directly.

[0089] 3.11. The data permissions module internally determines whether the input fileid was written by the current account based on the information recorded in step 3.6, in order to determine whether the user has permission to modify the data permissions. If the fileid was not written by the current account, it may be that another user is trying to tamper with the data permissions of this file, and the module will directly return failure.

[0090] 3.12. The data permission module writes the access permission level of the corresponding fileid into the storage service (it can be written to MySQL, Redis or memory, depending on the project), and returns a success message.

[0091] Data reading:

[0092] like Figure 4 As shown, the data reading steps are as follows:

[0093] 4.1. The docking station or functional module connects to the storage protocol receiver using the storage protocol originally used by each company. For example, Company A uses FastDFS, and Company B uses HDFS. During connection login, the docking station or functional module uses the account and password issued in step 3 of the pre-preparation.

[0094] 4.2. The storage permission authentication module stores the logged-in accounts in the audit information storage.

[0095] 4.3. The storage permission authentication module determines whether the account and password are correct and whether the user has permission to log in to the storage system. If the account and password are incorrect or the user does not have permission to log in to the storage system, the user is directly denied access.

[0096] 4.4. The base station or functional module uses the original storage protocol to read files through the storage protocol receiver. The storage permission authentication module obtains the logged-in account when reading the file and, based on the mapping relationship in step 3 of the pre-preparation, obtains the permission level corresponding to this account. It then obtains the fileid from the file read request and stores the account, permission level, fileid, and read operation in the audit information storage. Next, based on the fileid, it obtains the authorized permission level for this fileid using the information saved in step 3.12 of the file write process. It compares the permission level corresponding to this account with the authorized permission level of the fileid to determine if the account's permission level is within the authorized permission levels. If not, it returns an error.

[0097] 4.5. The storage permission authentication module calls the storage protocol conversion and distribution layer to perform the actual storage reading. Miniio or other storage protocols can be used here. Since it is inside the storage system, the choice of storage and protocol will not affect the overall privacy computing system.

[0098] 4.6. The read file data is returned to the base station or functional module according to the original link.

[0099] It may also include auditing steps:

[0100] By reading the records in the audit information storage, the audit trail of the storage system operation records can be completed.

[0101] The above specific steps realize a solution for a privacy computing system that shares storage with one base and n functional modules. This includes the base and functional modules not needing to switch storage protocols, secure access to stored data files, and tracking of storage system operation records.

[0102] In this embodiment, the storage protocol receiver and storage protocol conversion and distribution enable the integration of the base and functional modules within the privacy computing system without changing the storage protocol. The storage system incorporates access control functionality, including access level concepts to categorize application storage services, such as gateways and algorithm modeling modules. Different account passwords are issued to different functional modules, and these accounts and passwords belong to specific access levels to differentiate account categories. Finally, data read security is ensured. Access level, account, and operation level storage system logs meet auditing requirements.

[0103] Based on the data processing method provided in the above embodiments, this application also provides specific implementations of a data processing apparatus. Please refer to the following embodiments.

[0104] First see Figure 5 The data processing apparatus 500 provided in this application embodiment includes the following modules:

[0105] The first receiving module 501 is used to receive a first service request sent by the first functional unit. The first service request is used to request cached target data. The first service request includes first authentication information and permission information of the target data.

[0106] The first authentication module 502 is used to authenticate the identity of the first functional unit based on the first authentication information in response to the first service request.

[0107] The first caching module 503 is used to set access permissions for the target data according to the permission information and cache the target data when the first functional unit's identity authentication is successful.

[0108] In some embodiments, the device 500 may further include:

[0109] The second receiving module is used to receive a second service request sent by the second functional unit. The second service request is used to request to read target data and includes second authentication information.

[0110] The second authentication module is used to authenticate the identity of the second functional unit based on the second authentication information in response to the second service request.

[0111] The first determining module is used to determine the permission level of the second functional unit if the second functional unit's identity authentication is successful.

[0112] The first sending module is used to send the target data to the second functional unit when the permission level of the second functional unit matches the access permission of the target data.

[0113] In some embodiments, the device 500 may further include:

[0114] The first generation module is used to generate unique identification information, which is used to indicate the target data.

[0115] The second generation module is used to generate the storage record of the first functional unit based on the first authentication information and the unique identification information.

[0116] In some embodiments, the data processing apparatus 500 described above may further include:

[0117] The third receiving module is used to receive the third service request sent by the third functional unit. The third service request is used to request access permissions to modify the target data. The third service request includes third authentication information and permission modification information.

[0118] The third authentication module is used to respond to a third service request, authenticate the identity of the third functional unit based on the third authentication information, and obtain the authentication result.

[0119] The modification module is used to modify the access permissions of the target data based on the permission modification information when the authentication result indicates that the third functional unit and the first functional unit are the same functional unit.

[0120] In some embodiments, the first cache module 503 is specifically used for:

[0121] Obtain the storage protocol of the first functional unit;

[0122] If the storage protocol of the first functional unit is inconsistent with the preset storage protocol, the target data shall be stored according to the preset storage protocol.

[0123] In some embodiments, authentication includes detecting the account, password, and storage permissions of the first functional unit. The first authentication module 502 is specifically used for:

[0124] If the account, password, and storage permissions are correct, the first functional unit is allowed to store the target data.

[0125] Figure 6 A schematic diagram of the hardware structure of the data processing device provided in an embodiment of this application is shown.

[0126] The data processing device may include a processor 601 and a memory 602 storing computer program instructions.

[0127] Specifically, the processor 601 may include a central processing unit (CPU), an application-specific integrated circuit (ASIC), or one or more integrated circuits that can be configured to implement the embodiments of this application.

[0128] Memory 602 may include mass storage for data or instructions. For example, and not limitingly, memory 602 may include a hard disk drive (HDD), floppy disk drive, flash memory, optical disk, magneto-optical disk, magnetic tape, or Universal Serial Bus (USB) drive, or a combination of two or more of these. Where appropriate, memory 602 may include removable or non-removable (or fixed) media. Where appropriate, memory 602 may be internal or external to the integrated gateway disaster recovery device. In a particular embodiment, memory 602 is non-volatile solid-state memory.

[0129] Memory may include read-only memory (ROM), random access memory (RAM), disk storage media devices, optical storage media devices, flash memory devices, and electrical, optical, or other physical / tangible memory storage devices. Therefore, typically, memory includes one or more tangible (non-transitory) computer-readable storage media (e.g., memory devices) encoded with software including computer-executable instructions, and when the software is executed (e.g., by one or more processors), it is operable to perform the operations described with reference to the methods according to one aspect of this disclosure.

[0130] The processor 601 implements any of the data processing methods described in the above embodiments by reading and executing computer program instructions stored in the memory 602.

[0131] In one example, the data processing device may further include a communication interface 603 and a bus 610. As shown in Figure 8, the processor 601, memory 602, and communication interface 603 are connected via the bus 610 and communicate with each other.

[0132] The communication interface 603 is mainly used to realize communication between various modules, devices, units and / or equipment in the embodiments of this application.

[0133] Bus 610 includes hardware, software, or both, that couples components of a data processing device together. For example, and not limitingly, the bus may include an Accelerated Graphics Port (AGP) or other graphics bus, an Enhanced Industry Standard Architecture (EISA) bus, a Front Side Bus (FSB), HyperTransport (HT) interconnect, an Industry Standard Architecture (ISA) bus, an Infinite Bandwidth Interconnect, a Low Pin Count (LPC) bus, a memory bus, a Microchannel Architecture (MCA) bus, a Peripheral Component Interconnect (PCI) bus, a PCI-Express (PCI-X) bus, a Serial Advanced Technology Attachment (SATA) bus, a Video Electronics Standards Association Local (VLB) bus, or other suitable buses, or combinations of two or more of these. Where appropriate, bus 610 may include one or more buses. Although specific buses are described and illustrated in embodiments of this application, this application contemplates any suitable bus or interconnect.

[0134] The data processing device can be based on the above embodiments to achieve the combination Figures 1 to 4 The data processing methods and apparatus described.

[0135] Furthermore, in conjunction with the data processing methods in the above embodiments, this application embodiment can provide a computer storage medium for implementation. This computer storage medium stores computer program instructions; when these computer program instructions are executed by a processor, they implement any of the data processing methods in the above embodiments and achieve the same technical effect. To avoid repetition, further details are omitted here. The aforementioned computer-readable storage medium may include non-transitory computer-readable storage media, such as read-only memory (ROM), random access memory (RAM), magnetic disks, or optical disks, etc., and is not limited thereto.

[0136] In addition, this application also provides a computer program product, including computer program instructions, which, when executed by a processor, can implement the steps and corresponding content of the aforementioned method embodiments.

[0137] It should be clarified that this application is not limited to the specific configurations and processes described above and shown in the figures. For the sake of brevity, detailed descriptions of known methods are omitted here. In the above embodiments, several specific steps are described and shown as examples. However, the method process of this application is not limited to the specific steps described and shown. Those skilled in the art can make various changes, modifications, and additions, or change the order of steps, after understanding the spirit of this application.

[0138] The functional blocks shown in the above block diagram can be implemented as hardware, software, firmware, or a combination thereof. When implemented in hardware, they can be, for example, electronic circuits, application-specific integrated circuits (ASICs), appropriate firmware, plug-ins, function cards, etc. When implemented in software, the elements of this application are programs or code segments used to perform the required tasks. Programs or code segments can be stored on a machine-readable medium or transmitted over a transmission medium or communication link via data signals carried on a carrier wave. "Machine-readable medium" can include any medium capable of storing or transmitting information. Examples of machine-readable media include electronic circuits, semiconductor memory devices, ROM, flash memory, erasable ROM (EROM), floppy disks, CD-ROMs, optical disks, hard disks, fiber optic media, radio frequency (RF) links, etc. Code segments can be downloaded via computer networks such as the Internet, intranets, etc.

[0139] It should also be noted that the exemplary embodiments mentioned in this application describe methods or systems based on a series of steps or apparatus. However, this application is not limited to the order of the above steps; that is, the steps can be performed in the order mentioned in the embodiments, or in a different order, or several steps can be performed simultaneously.

[0140] The aspects of this disclosure have been described above with reference to flowchart illustrations and / or block diagrams of methods, apparatus, and computer program products according to embodiments of this disclosure. It should be understood that each block in the flowchart illustrations and / or block diagrams, and combinations of blocks in the flowchart illustrations and / or block diagrams, can be implemented by computer program instructions. These computer program instructions can be provided to a processor of a general-purpose computer, a special-purpose computer, or other programmable data processing apparatus to produce a machine such that these instructions, executable via the processor of the computer or other programmable data processing apparatus, enable the implementation of the functions / actions specified in one or more blocks of the flowchart illustrations and / or block diagrams. Such a processor can be, but is not limited to, a general-purpose processor, a special-purpose processor, a special application processor, or a field-programmable logic circuit. It is also understood that each block in the block diagrams and / or flowcharts, and combinations of blocks in the block diagrams and / or flowcharts, can also be implemented by special-purpose hardware performing the specified functions or actions, or can be implemented by a combination of special-purpose hardware and computer instructions.

[0141] The above are merely specific embodiments of this application. Those skilled in the art will clearly understand that, for the sake of convenience and brevity, the specific working processes of the systems, modules, and units described above can be referred to the corresponding processes in the foregoing method embodiments, and will not be repeated here. It should be understood that the protection scope of this application is not limited thereto. Any person skilled in the art can easily conceive of various equivalent modifications or substitutions within the technical scope disclosed in this application, and these modifications or substitutions should all be covered within the protection scope of this application.

Claims

1. A data processing method, characterized in that, The method includes: Receive a first service request sent by a first functional unit, the first service request being used to request cached target data, the first service request including first authentication information and permission information of the target data; In response to the first service request, the first functional unit is authenticated based on the first authentication information; If the first functional unit's identity authentication is successful, the access permissions for the target data are set according to the permission information, the target data is cached, and the proprietary storage protocol of the first functional unit is obtained. In the case where the proprietary storage protocol of the first functional unit is inconsistent with the system's preset storage protocol, the target data is stored according to the preset storage protocol. The proprietary storage protocol of the first functional unit writes the target data through the storage protocol receiver, calls the storage protocol conversion and distribution layer to perform the actual storage write, and returns the identifier of the unique identifier file after the actual storage write is completed. The data processing method is applied to a distributed storage sharing scenario in a privacy computing system, where one base station and n cross-enterprise pluggable functional units are used, and the first functional unit is a privacy computing functional unit from different enterprises with independent storage protocols.

2. The method according to claim 1, characterized in that, The method further includes: Receive a second service request sent by the second functional unit, the second service request being used to request to read the target data, the second service request including second authentication information; In response to the second service request, the second functional unit is authenticated based on the second authentication information; If the second functional unit's identity authentication is successful, determine the permission level of the second functional unit; If the permission level of the second functional unit matches the access permission of the target data, the target data is sent to the second functional unit.

3. The method according to claim 1, characterized in that, After the first functional unit's identity authentication is successful, and after setting the access permissions for the target data according to the permission information and caching the target data, the method further includes: Generate unique identification information, which is used to indicate the target data; Based on the first authentication information and the unique identifier information, a storage record for the first functional unit is generated.

4. The method according to claim 3, characterized in that, The method further includes: Receive a third service request sent by a third functional unit, the third service request being used to request access permissions to modify the target data, the third service request including third authentication information and permission modification information; In response to the third service request, the third functional unit is authenticated based on the third authentication information to obtain an authentication result; If the authentication result indicates that the third functional unit and the first functional unit are the same functional unit, the access permissions of the target data are modified according to the permission modification information.

5. The method according to claim 1, characterized in that, The identity authentication includes detecting the account, password, and storage permissions of the first functional unit. If the account, password, and storage permissions are correct, the first functional unit is allowed to store the target data.

6. A data processing apparatus, characterized in that, The device includes: The first receiving module is configured to receive a first service request sent by the first functional unit. The first service request is used to request cached target data. The first service request includes first authentication information and permission information of the target data. The first authentication module is used to respond to the first service request and authenticate the identity of the first functional unit based on the first authentication information. The first caching module is used to set the access permissions of the target data according to the permission information and obtain the proprietary storage protocol of the first functional unit when the identity authentication of the first functional unit is successful; when the proprietary storage protocol of the first functional unit is inconsistent with the system's preset storage protocol, the target data is stored according to the preset storage protocol. The proprietary storage protocol of the first functional unit writes the target data through the storage protocol receiver, calls the storage protocol conversion and distribution layer to perform the actual storage write, and returns the identifier of the unique identifier file after the actual storage write is completed. The data processing device is applied to a distributed storage sharing scenario in a privacy computing system, where one base and n cross-enterprise pluggable functional units are used, and the first functional unit is a privacy computing functional unit from different enterprises with independent storage protocols.

7. An electronic device, characterized in that, The device includes: a processor and a memory storing computer program instructions; When the processor executes the computer program instructions, it implements the steps of the data processing method as described in any one of claims 1-5.

8. A computer-readable storage medium, characterized in that, The computer-readable storage medium stores computer program instructions, which, when executed by a processor, implement the steps of the data processing method as described in any one of claims 1-5.

9. A computer program product, characterized in that, When the instructions in the computer program product are executed by the processor of the electronic device, the electronic device causes the electronic device to perform the steps of the data processing method as described in any one of claims 1-5.