Abstract: Techniques and architecture are described for reusing QoS policy instances for groups of software defined wide area network (SDWAN)-based transport locators (TLOCs) sharing the same attributes. For example, the attributes may include subscriber transport bandwidth (e.g., a transport bandwidth based on a user profile), QoS policy template profile information, transport locator color, etc. All of this information may be shared across the SDWAN fabric and may be available in the overlay management protocol (OMP) TLOC database.

Abstract: Embodiments of this specification provide a user authentication information-based registration method and apparatus and a user authentication information-based query method and apparatus. The registration method includes: User equipment receives authentication information submitted by a first user in a process of registering with a server; obtains a public-private key pair by using a key generation algorithm and based on the random number r and a public parameter pp; performs a hash operation based on at least the password pwd, to obtain a user key value user_key; obtains a registration ciphertext Cregister by using an encryption algorithm and based on the public key pk and the user key value user_key; obtains, based on the private key sk and the registration ciphertext Cregister, a determining trapdoor tdregister that matches the registration ciphertext Cregister; and uploads the registration ciphertext Cregister and the determining trapdoor tdregister to the server.

Abstract: Implementations of this specification provide query optimization methods, apparatuses, and systems for secure multi-party databases. In an implementation, a method includes: receiving a current query associated with a plurality of target database of a multi-party database system, generating a plurality of execution plans for the current query, determining, for each execution plan, a respective cost computation formula of a plurality of cost computation values for computing an execution cost of jointly executing the execution plan by the plurality of target databases, receiving a secure computation result from each of a plurality of query engines corresponding to the plurality of target databases, and determining an optimal execution plan having a lowest cost value in the plurality of cost computation formulas based on the secure computation result.

Abstract: This specification provides a multi-party database including a central node and a plurality of databases. The central node has a disclosed first interface. Each of a plurality of query engines corresponding to the plurality of databases includes a second interface configured to interact with the first interface. The central node can determine a plurality of target databases related to a query request from the plurality of databases based on the query request; and send a query indication to a plurality of target query engines corresponding to the plurality of target databases through the first interface. The plurality of target query engines can receive the query indication from second interfaces in the plurality of target query engines, and execute the query indication to obtain a query result; and send the query result to the first interface in the central node through the second interfaces.

Abstract: Embodiments of this specification provide a differential privacy-based feature processing method and apparatus. The method relates to a first party and a second party, the first party stores a first feature portion of a plurality of samples, the second party stores a plurality of binary classification labels corresponding to the plurality of samples, and the method includes: The second party separately encrypts the plurality of binary classification labels corresponding to the plurality of samples, to obtain a plurality of encrypted labels. The first party determines, based on the plurality of encrypted labels and a differential privacy noise, a positive sample encrypted noise addition quantity and a negative sample encrypted noise addition quantity corresponding to each bin in a plurality of bins. The plurality of bins are obtained by performing binning processing on the plurality of samples for a feature in the first feature portion.

Abstract: Methods, systems, and apparatuses, including computer programs encoded on computer storage media, for data communication with differentially private intersection dataset. On example method includes: determining a plurality of bias parameters based on a parameter for establishing a differential privacy (DP) data protection; determining an intersection dataset based on client data from a client device and server data from the server device; updating the intersection dataset based on the client data and the plurality of bias parameters; and returning the updated intersection data having the DP data protection to the client device.

Abstract: Implementations of this specification provide query optimization methods, apparatuses, and systems for secure multi-party databases. In an implementation, a method includes: receiving a current query associated with a plurality of target database of a multi-party database system, generating a plurality of execution plans for the current query, determining, for each execution plan, a respective cost computation formula of a plurality of cost computation values for computing an execution cost of jointly executing the execution plan by the plurality of target databases, receiving a secure computation result from each of a plurality of query engines corresponding to the plurality of target databases, and determining an optimal execution plan having a lowest cost value in the plurality of cost computation formulas based on the secure computation result.

Abstract: This specification provides example data query methods, apparatuses, and systems for a multi-party secure database. In an example computer-implemented method, a central node receives a data query request from a data requester, where the data query request relates to one or more pieces of target data stored at one or more data providers. The central node determines whether the data query request satisfies respective security requirements of the one or more pieces of target data. In response to determining that the data query request satisfies respective security requirements of the one or more pieces of target data, the central node processes the one or more pieces of target data to obtain result data; and sends the result data to the data requester. The central node can restrict query of the target data by the data requester based on the security requirement of the target data stored at the data provider.

Abstract: Methods, apparatuses, and systems for protecting privacy are described. In an example, a first party encrypts a first data set, and sends a single-encrypted full data set to a second party. The second party re-encrypts the single-encrypted full data set to obtain a double-encrypted full data set, obtains a single-encrypted sampling data set, and sends the single-encrypted sampling data set to the first party. The first party encrypts the single-encrypted sampling data set to obtain a double-encrypted sampling data set, determines an intersection of the double-encrypted full data set and the double-encrypted sampling data set, performs upsampling on a complement other than the intersection in the double-encrypted sampling data set to obtain a noise-added intersection, and sends an element index of the noise-added intersection to the second party. The second party determines related information of common data based on the element index.

Abstract: Computer-implemented methods, apparatuses, storage media, and system are disclosed. In an example, a first terminal device sends first encrypted data to a second terminal device. The second terminal device encrypts the first encrypted data by using a second public key to obtain second encrypted data, and sends the second encrypted data and third encrypted data to the first terminal device. The first terminal device encrypts the third encrypted data by using a first public key to obtain fourth encrypted data, acquires first intersection data of the second encrypted data and the fourth encrypted data, and sends the first intersection data to a third terminal device. The third terminal device acquires fifth encrypted data from the first terminal device, determines second intersection data based on the fifth encrypted data and the first intersection data, and sends the second intersection data to the first terminal device and the second terminal device.

Abstract: Implementations disclose data processing methods, apparatuses, and computer devices for privacy protection in secure multi-party computation, including encoding private data to a coefficient of a first polynomial function. A plurality of function values of the first polynomial function are obtained as a plurality of fragments obtained after the private data is split, where the fragments of the private data are used for computation by using a secret sharing algorithm to obtain fragments of target data.

Abstract: According to some embodiments, a method performed by a software defined wide area network (SD-WAN) controller in a SD-WAN network comprising a plurality of aggregation edge routers and a plurality of branch edge routers comprises the following steps.

Abstract: According to some embodiments, a method performed by a software defined wide area network (SD-WAN) controller in a SD-WAN network comprising a plurality of aggregation edge routers and a plurality of branch edge routers comprises the following steps.