垃圾短信、骚扰电话、垃圾邮件源源不断、冒名办卡透支欠款、案件事故从天而降、账户钱款不翼而飞……这些都是可能因为信息泄露而造成的安全隐患。
随着《中华人民共和国个人信息保护法》(以下简称《个保法》)在11月正式实施,这些问题将得到解决。与此同时,金融机构的数据共享也将进一步规范。过去一年,隐私计算技术在金融机构之间迅速普及,后者通过深度挖掘脱敏数据,持续完善自身的风控体系与精准营销模型。
“金融机构在业务运营中积累了大量高质量、高价值的数据,但这类数据仅与金融业务相关,而一些金融服务如授信、营销,通常需要更全面的客户画像。因此,金融机构有着与同业机构以及其他行业机构进行联合计算的需求。”马上消费金融股份有限公司(以下简称“马上消费”)副总经理兼首席信息官蒋宁对《中国经营报》记者表示,隐私计算技术的应用既挖掘了数据的潜在价值,又为数据风险控制提供了强有力的支撑。
据北京中关村科金技术有限公司(以下简称“中关村科金”)隐私计算方面的专家透露,国内大型国有银行、股份制商业银行、大数据交易所和地方大数据局等单位非常重视隐私计算技术的应用,自2019年开始相关的招标逐年增多,相关基础设施建设正在逐步完善中。
一、数据流通需求助推隐私计算发展
所谓隐私计算,主要由多方安全计算、可信执行环境、联邦学习等技术组成,在相关个人数据不流出银行等金融机构端的情况下,由双方提供大量脱敏化、结构化数据,凭借各自的大数据分析能力进一步完善用户画像,从而助力彼此提升信贷风控与精准营销效率。
当前,我国数字经济发展迅速,数据流通成为其中必不可少的关键环节。蒋宁表示,在传统数据流通方式中通常进行明文数据的流通,随着数据的不断传播,数据安全风险也不断提高。数据流通环节中任何一个机构出现数据泄露,都会威胁数据安全。因此,在对数据安全要求较高的金融场景下,密态数据流通无疑是更好的选择,能够更好地控制数据的使用和流通范围,并保障数据安全。
对此,中国信通院云计算与大数据研究所隐私计算研究员贾轩也指出,涉及多方敏感数据的联合建模过程,可以采用隐私计算技术,以“数据可用不可见”实现多方数据安全合作及价值挖掘。以多方安全计算、联邦学习和可信执行环境为代表的隐私计算通过对原始数据加密、去标识化或假名化处理,计算过程及结果只传递经切片、密文等非原始数据,实现了原始数据不出域。因为只传递数据价值,隐私计算实现了数据的持有权和使用权分离,解决了原始数据无限复制、盗用、滥用的问题,保障了原始数据持有权不变且不受损,保障了数据主体的合法权益。同时,结合特定应用场景,经隐私计算技术处理后的流通数据在一定条件下有望实现匿名化,也有助于实现对原始数据的最小化使用。
蒋宁指出,不同技术在实践中常组合使用,在不同应用场景下强化数据安全和隐私保护。其中,多方安全计算可实现在无可信第三方的情况下,多个参与方共同进行一项计算。每一方只能获取自己的计算结果,无法通过计算过程推测出其他任意一方输入的数据。在金融场景下,可应用于联合统计、联合查询、联合建模、联合预测等。联邦学习是实现在各方机器学习原始数据不出库的情况下,通过对数据的加密流通与处理来完成多方机器学习模型训练。联邦学习是在人工智能开发过程中,为了保障用户隐私和数据安全而提出,因此广泛应用于智能化金融服务场景中。可信执行环境是通过在中央处理器中构建一个安全的区域,保证区域内的程序和数据的机密性和完整性。TEE是安全隔离的执行环境,为受信任应用的运行提供了比普通操作系统更高级别的安全保障。
蒋宁指出,由于多方安全计算的技术复杂、开发难度大,因此布局这类技术路线的多为技术型企业,建设以多方安全计算为底座的数据流通基础设施。对于联邦学习,由于当前人工智能产业蓬勃发展,并伴随相关数据安全需求递增,且联邦学习有较多成熟的开源社区,开发难度相对较低,因此众多企业投入研发基于联邦学习的隐私计算产品。对于可信执行环境,由于对硬件的依赖及国外芯片的限制,国内相关产品相对较少,但已有一些企业在国产化硬件上进行了研发投入。
隐私计算如何帮助金融机构了解客户消费行为、消费特征与风控重点?
在中关村科金隐私计算方面的专家看来,一切的关键在于模型。这里的模型主要指机器学习模型或深度学习模型。C端客户申请金融机构的产品或服务时,要签订用户授权协议并提供必要的个人信息。金融机构获取到这部分信息之后,会根据不同的场景,调用营销类模型或风控类模型,根据模型的输出做相关业务决策。
“这里用到的模型,往往无法单纯使用金融机构的自有数据获得,即使能够利用自有数据训练获得,其精度也难以满足业务决策需求。这个模型往往是利用自有数据以及联合建模合作方的数据训练得到的。”该专家指出,隐私计算技术可以帮助金融机构在不知道客户敏感信息的情况下,通过联合建模得到可用的模型,进而支撑业务顺利的开展。
不过,该专家也表示,利用隐私计算技术训练模型会对模型的性能有一定的损伤,但对风控的准确率不产生实质影响。按照中国清算支付协会制定的《多方安全计算金融应用评估规范 》,基于隐私计算训练得到的模型与明文本地训练得到的模型,精度差异不得超过5%,故而模型精度是有保障的。同时,利用模型开展风控是一个较为复杂的过程,可通过其他措施对冲模型精度的差异。
二、互联互通方面仍存挑战
目前,国内隐私计算处于增长期,在政策、技术、产业方面均有很多进展。
隐私计算技术的普及,很大程度解决了金融机构之间数据交流合规问题,但隐私计算技术在安全、性能、互联互通等方面仍存在不小挑战。
中关村科金隐私计算方面的专家表示,绝对安全并不存在,但在合理的通信带宽和算力投入的前提下,基于多方安全计算协议和密码学算法的隐私计算在B端企业联合建模这一场景是安全的。目前,国内由信通院牵头成立的隐私计算联盟,以及金融行业的国家金融科技测评中心(银行卡检测中心,BCTC)、中国金融认证中心(CFCA)等机构均可对隐私计算产品开展安全测评,对产品的安全性进行评判。目前,中关村科金自研的隐私计算平台正在进行(CFCA)多方安全计算金融应用产品测评,通过在安全性、标准化、合规化等多个层面经过严格检验,满足金融场景下数据共享和数据合作的需求,在保护数据安全与隐私前提下,更高效地赋能金融场景,促进数据价值释放。
性能方面,上述专家表示,由于多方安全计算协议的引入和新型密码学算法的使用,产生了大量额外的通信、存储和加解密计算需求,性能目前仍然是限制隐私计算广泛应用的重要因素。优化加解密算法的效率、降低通信开销等仍然是目前隐私计算技术研究的热点。
“互联互通可能是隐私计算广泛应用的最大瓶颈。”中关村科金隐私计算专家指出,以联邦学习而言,国内存在着多种技术框架实现的产品,这些产品虽然底层密码学算法原理一致,但实质上是无法互联互通的。已经有股份制银行联合金融科技企业,开展互联互通合作;行业内相关标准化工作正在进展中,相信互联互通问题会逐步得到解决。
具体到联邦学习领域,索信达控股(3680.HK)AI创新中心数据科学家邵俊表示,联邦学习的应用落地面临几大挑战:一是激励机制如何设计。联邦系统由多家机构共同协作完成,要在各方利益都得到满足的时候才具有可行性。二是隐私保护的问题。即传输模型的中间数据若遭泄露,原始数据仍有被推导出来的风险。三是联邦学习的参与方中,可能存在不诚实参与方的恶意攻击。
此外,邵俊指出,联邦学习还有一些其他比如数据传输效率的问题。模型训练会涉及到大量的运算,那么各方联合建模就会涉及到大量的数据进行交互的问题。比如像在梯度下降的时候,每一步的梯度迭代都会涉及到通信成本。所以,通信效率这块也是联邦学习在落地过程中会遇到的挑战。此外,还有像机构与机构之间样本分布不均衡的问题等等。
“目前,索信达控股正在研究多方安全计算,我们将多方安全计算问题和联邦学习场景相结合,这在联邦学习未来也是一个非常有前景的研究方向。”邵俊表示。
翻译
Spam text messages, harassing phone calls, junk mail flow, fake card overdraft arrears, case accidents fall from the sky, account money disappeared… These are potential security risks caused by information leakage.
With the implementation of the Personal Information Protection Law of the People’s Republic of China (hereinafter referred to as the Personal Information Protection Law) in November, these problems will be solved. At the same time, data sharing among financial institutions will be further regulated. Over the past year, private computing technology has spread rapidly among financial institutions, which continue to refine their risk control systems and precision marketing models by digging deep into desensitized data.
“Financial institutions have accumulated a large amount of high-quality and valuable data in their business operations, but such data is only relevant to financial business, while some financial services such as credit granting and marketing usually require a more comprehensive picture of customers. So there is a need for financial institutions to do joint computing with their peers and other industry bodies.” Jiang Ning, deputy general manager and chief information officer of Instant Consumer Finance Co., LTD., told China Business News that the application of private computing technology not only taps into the potential value of data, but also provides strong support for data risk control.
According to an expert on privacy computing in Beijing Zhongguancun Kokin Technology Co., LTD. (hereinafter referred to as “Zhongguancun Kokin”), large state-owned banks, joint-stock commercial banks, big data exchanges and local big data bureburets in China have attached great importance to the application of private computing technology. Since 2019, the relevant bidding has been increasing year by year, and the relevant infrastructure construction is gradually improving.
Data flow demand drives the development of privacy computing.
The so-called privacy computing mainly consists of multi-party secure computing, trusted execution environment, federal learning and other technologies. Under the condition that relevant personal data does not flow out of banks and other financial institutions, both parties provide a large amount of desensitized and structured data, and further improve the user portrait by relying on their big data analysis capabilities, so as to help each other improve the efficiency of credit risk control and precision marketing.
At present, our digital economy is developing rapidly, and data circulation has become an indispensable key link. Jiang Ning said that in the traditional data circulation mode usually carried out the flow of plaintext data, with the continuous transmission of data, data security risks are constantly increasing. Data leakage in any organization during the data circulation will threaten data security. Therefore, in the financial scenario with high requirements for data security, dense data flow is undoubtedly a better choice, which can better control the use and circulation scope of data, and ensure data security.
Jia Xuan pointed out the joint modeling process.
In this regard, Jia Xuan, a researcher of privacy computing at the Institute of Cloud Computing and Big Data of China Information and Communication Academy, also pointed out that the joint modeling process involving sensitive data of multiple parties can adopt privacy computing technology to realize multi-party data security cooperation and value mining in order to “invisible data available”. The privacy computing represented by multi-party secure computing. Federated learning and trusted execution environment encrypting, de-identifying or pseudonymising the original data, the computing process and results. Only transfer slices, ciphertext and other non-original data, realizing that the original data does not go out of the domain.
Because it only transmits data value, privacy computing realizes the separation of the right to hold data and the right to use data. Solves the problem of unlimited copy, embezzlement and abuse of original data. Ensures that the right to hold original data remains unchanged. And is not damaged, and protects the legitimate rights and interests of data subjects. At the same time, combined with specific application scenarios. Circulation data processed by privacy computing technology is expected to achieve anonymity under certain conditions. Which also helps to minimize the use of original data.
Jiang pointed out that different technologies are often combined.
In practice to enhance data security and privacy protection in different application scenarios. Among them, multi-party secure computing can be realized in the absence of a trusted third party. And multiple parties to carry out a calculation. Each party can only obtain its own calculation results. And cannot infer the data input by any other party through the calculation process. In the financial scenario, it can be applied to joint statistics, joint query, joint modeling, joint forecasting, etc.
Federated learning is to realize the multi-party machine learning model training by encrypting the data flow and processing. When the original machine learning data of all parties is not out of the library. Federated learning is proposed to protect user privacy and data security in the process of artificial intelligence development. So it is widely used in intelligent financial service scenarios. The trusted execution environment ensures the confidentiality. And integrity of programs and data by constructing a secure area in the CPU. TEE is a securely isolated execution environment that provides a higher level of security for trusted applications than normal operating systems.
Some enterprises have invested in the research and development of domestic hardware.
Jiang Ning pointed out that because the technology of multi-party security computing is complex and difficult to develop. The layout of this kind of technology route is mostly technology enterprises. And the construction of multi-party security computing as the base of the data flow infrastructure. With regard to federated learning, due to the rapid development of the artificial intelligence industry and the increasing demand for related data security, and the relatively low development difficulty of federated learning with more mature open source communities, many enterprises invest in the research and development of privacy computing products based on federated learning. For trusted execution environment, due to the dependence on hardware. And the limitation of foreign chips, domestic related products are relatively few. But some enterprises have invested in the research and development of domestic hardware.
How does privacy computing help financial institutions understand customer consumption behavior, consumption characteristics and risk control priorities?
For the privacy computing experts at Kokin Zhongguancun, the key is the model. The model here mainly refers to machine learning model or deep learning model. When applying for the products or services of the financial institution, the C-terminal client shall sign the user authorization agreement. And provide the necessary personal information. After obtaining this part of information, financial institutions will call marketing model. Or risk control model according to different scenarios, and make relevant business decisions according to the output of the model.
Privacy computing technology can help financial institutions get usable models.
“The models used here often cannot be obtained using the financial institutions’ own data alone, and even if they can be trained using their own data, the accuracy of the models is difficult to meet the needs of business decisions. The model is often trained using proprietary data and data from joint modeling partners.” The expert pointed out that privacy computing technology can help financial institutions get usable models. It can through joint modeling without knowing sensitive customer information, thus supporting the smooth conduct of business.
However, the expert also said that using privacy computing technology to train the model will have some damage to the model performance, but does not have a substantial impact on the accuracy of risk control. According to the “Multi-Party Security Computing Financial Application Evaluation Standards” formulated by China Clearing and Payment Association. The accuracy difference between the model obtained by privacy computing training. And the model obtained by plaintext local training should not exceed 5%, so the accuracy of the model is guaranteed. At the same time, using the model to carry out risk control is a complicated process. And other measures can be taken to hedge the difference of model accuracy.
Connectivity challenges remain.
At present, domestic privacy computing is in a period of growth, and there are a lot of progress in policy, technology and industry.
The popularity of private computing technology has largely solved the problem of data exchange compliance among financial institutions, but private computing technology still faces great challenges in security, performance, connectivity and other aspects.
Zhongguancun Kking privacy computing experts said that absolute security does not exist, but under the premise of reasonable communication bandwidth and computing power investment, privacy computing based on multi-party security computing protocol and cryptography algorithm in the B-end enterprise joint modeling scenario is safe.
At present, the Privacy Computing Alliance led by China Information and Communication Commission, as well as the National Financial Technology Evaluation Center (BCTC) and China Financial Certification Center (CFCA) in the financial industry can carry out security evaluation of privacy computing products and evaluate the security of products. At present, the privacy computing platform developed by Zhongguancun Kocking is undergoing the evaluation of multi-party security computing financial application products (CFCA). Through rigorous testing in security, standardization, compliance and other aspects, it meets the needs of data sharing and cooperation in financial scenarios, and enables financial scenarios more efficiently under the premise of protecting data security and privacy. Promote the release of data value.
Performance is still an important factor limiting the widespread use of private computing.
In terms of performance, the experts said that performance is still an important factor limiting the widespread use of private computing. Due to the introduction of multi-party secure computing protocols and the use of new cryptographic algorithms, which have created a large number of additional communication, storage, encryption and decryption computing requirements. Optimizing the efficiency of encryption and decryption algorithm and reducing the communication cost are still hot topics in privacy computing.
“Connectivity is probably the biggest bottleneck for the widespread adoption of private computing.” Zhongguancun Kking privacy computing experts pointed out. In terms of federal learning, there are a variety of products implemented by technical frameworks in China. Although these products have the same underlying cryptography algorithm principle, they are essentially unable to interconnect. Joint-stock banks have joined forces with fintech companies to carry out connectivity cooperation. Relevant standardization work in the industry is progressing, and we believe that connectivity issues will be gradually solved.
Specifically in the field of federated learning, Shao Jun, a data scientist at the AI Innovation Center of Soncinda Holdings (3680.HK), said that the application of Federated learning faces several challenges. First, how to design the incentive mechanism. The federal system, which consists of multiple agencies working together, is only viable when the interests of all parties are met. Second, the issue of privacy protection. That is, if the intermediate data of the transmission model is leaked, the original data is still at risk of being derived. Third, there may be malicious attacks by dishonest participants in federal learning.
Model training will involve a large number of operations.
In addition, Shao pointed out that federated learning has other problems such as data transfer efficiency. Model training will involve a large number of operations. So the joint modeling of parties will involve a large number of data interaction problems. For example, in the case of gradient descent, each step of gradient iteration will involve the communication cost. Therefore, communication efficiency is also a challenge that federal learning will encounter in the process of landing. In addition, there are problems like uneven distribution of samples from institution to institution and so on.
“Currently, Syncinda Holdings is studying multi-party secure computing. We combine multi-party secure computing problems. With federated learning scenarios, which is also a very promising research direction in the future of federated learning.” Shao Jun said.
本文由数字化转型网(www.szhzxw.cn)转载而成,来源:中国经营报;编辑/翻译:数字化转型网Nancy.
免责声明: 本网站(http://www.szhzxw.cn/)内容主要来自原创、合作媒体供稿和第三方投稿,凡在本网站出现的信息,均仅供参考。本网站将尽力确保所提供信息的准确性及可靠性,但不保证有关资料的准确性及可靠性,读者在使用前请进一步核实,并对任何自主决定的行为负责。本网站对有关资料所引致的错误、不确或遗漏,概不负任何法律责任。
本网站刊载的所有内容(包括但不仅限文字、图片、LOGO、音频、视频、软件、程序等) 版权归原作者所有。任何单位或个人认为本网站中的内容可能涉嫌侵犯其知识产权或存在不实内容时,请及时通知本站,予以删除。
