WO2024183439A1 - Data processing method and apparatus, and computation device - Google Patents
Data processing method and apparatus, and computation device Download PDFInfo
- Publication number
- WO2024183439A1 WO2024183439A1 PCT/CN2024/070415 CN2024070415W WO2024183439A1 WO 2024183439 A1 WO2024183439 A1 WO 2024183439A1 CN 2024070415 W CN2024070415 W CN 2024070415W WO 2024183439 A1 WO2024183439 A1 WO 2024183439A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- tee
- server
- blockchain
- task
- task information
- Prior art date
Links
- 238000003672 processing method Methods 0.000 title abstract description 7
- 238000000034 method Methods 0.000 claims abstract description 120
- 238000003860 storage Methods 0.000 claims abstract description 41
- 238000012795 verification Methods 0.000 claims abstract description 38
- 230000015654 memory Effects 0.000 claims description 79
- 238000004364 calculation method Methods 0.000 claims description 52
- 238000013175 transesophageal echocardiography Methods 0.000 claims description 48
- 238000012545 processing Methods 0.000 claims description 37
- 238000004590 computer program Methods 0.000 claims description 24
- 238000005516 engineering process Methods 0.000 abstract description 31
- 238000013473 artificial intelligence Methods 0.000 abstract description 23
- 238000011161 development Methods 0.000 abstract description 14
- 238000007726 management method Methods 0.000 description 23
- 230000006870 function Effects 0.000 description 21
- 230000008569 process Effects 0.000 description 20
- 238000004891 communication Methods 0.000 description 17
- 238000003062 neural network model Methods 0.000 description 14
- 238000013528 artificial neural network Methods 0.000 description 9
- 238000010586 diagram Methods 0.000 description 9
- 206010047289 Ventricular extrasystoles Diseases 0.000 description 5
- 238000013461 design Methods 0.000 description 5
- 230000001737 promoting effect Effects 0.000 description 5
- 238000011160 research Methods 0.000 description 5
- 238000005129 volume perturbation calorimetry Methods 0.000 description 5
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000003993 interaction Effects 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 240000007087 Apium graveolens Species 0.000 description 2
- 235000015849 Apium graveolens Dulce Group Nutrition 0.000 description 2
- 235000010591 Appio Nutrition 0.000 description 2
- 238000004422 calculation algorithm Methods 0.000 description 2
- 238000013500 data storage Methods 0.000 description 2
- 230000010354 integration Effects 0.000 description 2
- 230000014759 maintenance of location Effects 0.000 description 2
- 210000002569 neuron Anatomy 0.000 description 2
- 239000004065 semiconductor Substances 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 238000012549 training Methods 0.000 description 2
- 230000009466 transformation Effects 0.000 description 2
- 101001121408 Homo sapiens L-amino-acid oxidase Proteins 0.000 description 1
- 101000827703 Homo sapiens Polyphosphoinositide phosphatase Proteins 0.000 description 1
- 102100026388 L-amino-acid oxidase Human genes 0.000 description 1
- 102100023591 Polyphosphoinositide phosphatase Human genes 0.000 description 1
- 101100233916 Saccharomyces cerevisiae (strain ATCC 204508 / S288c) KAR5 gene Proteins 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000014509 gene expression Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000013178 mathematical model Methods 0.000 description 1
- 239000011159 matrix material Substances 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 239000002184 metal Substances 0.000 description 1
- 229910021421 monocrystalline silicon Inorganic materials 0.000 description 1
- 238000003058 natural language processing Methods 0.000 description 1
- 238000012946 outsourcing Methods 0.000 description 1
- 230000008447 perception Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 238000004549 pulsed laser deposition Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
Definitions
- the present application relates to the field of cloud computing, and more specifically, to a data processing method, apparatus, and computing device.
- blockchain technology Since the birth of blockchain technology, after years of rapid development, it has been widely used in various industries such as finance, supply chain, and e-government. It has become the core technology to promote the transformation of information Internet to value Internet, and has attracted widespread attention from all over the world.
- blockchain technology Due to the characteristics of blockchain that cannot be tampered with and transparent development, blockchain-based artificial intelligence (BC-AI) is expected to further promote the training and reasoning of trusted distributed artificial intelligence.
- BC-AI blockchain-based artificial intelligence
- blockchain technology is used to protect the data of neural network (NN) models from being tampered with, so promoting the integration and development of blockchain technology and artificial intelligence technology has become a new research hotspot.
- blockchain nodes cannot handle complex tasks, resulting in the inference of neural network models (for example, deep neural network (DNN) models) cannot be directly executed in the blockchain network through smart contracts, which limits the application scope and further development of blockchain-based artificial intelligence.
- neural network models for example, deep neural network (DNN) models
- the present application provides a data processing method, apparatus, and computing device, which can improve the credibility of off-chain computing and promote the integrated development of blockchain technology and artificial intelligence technology.
- a method for data processing is provided, which is applied to a cloud blockchain system, wherein the cloud blockchain system includes multiple blockchain nodes, a cloud computing platform deploys the cloud blockchain system in the cloud computing resources it manages, and the cloud computing platform deploys blockchain services in the cloud computing resources.
- the method includes: a first blockchain node receives task information, and the first blockchain node is a node in the cloud blockchain system; the first blockchain node sends the task information to a task execution device, which is a server outside the cloud blockchain system, and the task execution device is used to perform inference calculation on a first model according to the task information to obtain an inference result of the first model, and the input of the first model includes the task information; the task execution device sends the inference result to a trusted execution environment TEE for verification to obtain a verified inference result; the first blockchain node obtains the verified inference result from the TEE and stores it on the chain; other nodes in the cloud blockchain system re-verify the verified inference result through their respective corresponding TEEs, and store the re-verified inference result on the chain.
- the results of model inference performed on servers outside the blockchain network are verified through TEE, and the verified results are stored on the chain through blockchain nodes.
- blockchain technology can be used to protect the reasoning data of artificial intelligence from being tampered with, thereby promoting the integrated development of blockchain technology and artificial intelligence technology.
- the task execution device is a first server, which communicates with the first blockchain node.
- the first server is used to perform inference calculations on the first model based on the task information to obtain an inference result of the first model, and the first server sends the inference result to the TEE for verification.
- the task execution device is the TEE, and the TEE communicates with the first server.
- the method also includes: the first server receives the task information sent by the first blockchain node; the first server sends the task information to the TEE, and the TEE is used to perform inference calculation on the first model according to the task information to obtain the inference result of the first model, and verify the inference result to obtain the verified inference result.
- the task execution device is an edge server
- the method also includes: the first server or the TEE sends the task information to the edge server, and the edge server performs inference calculations on the first model based on the task information to obtain an inference result of the first model; the edge server sends the inference result to the TEE for verification.
- the TEE is deployed on the first blockchain node.
- a method for data processing including: a first blockchain node receives task information, the first blockchain node is a node in the blockchain system; the first blockchain node sends the task information to a task execution device, the task execution device is a server outside the blockchain system, the task execution device is used to perform inference calculation on a first model according to the task information to obtain an inference result of the first model, and the input of the first model includes the task information; the task execution device sends the inference result to a trusted execution environment TEE for verification to obtain a verified inference result; the first blockchain node obtains the verified inference result from the TEE and stores it on the chain; other nodes in the blockchain system re-verify the verified inference result through their respective corresponding TEEs, and store the re-verified inference result on the chain.
- the task execution device is a first server, which communicates with the first blockchain node.
- the first server is used to perform inference calculations on the first model based on the task information to obtain an inference result of the first model, and the first server sends the inference result to the TEE for verification.
- the task execution device is the TEE, and the TEE communicates with the first server.
- the method also includes: the first server receives the task information sent by the first blockchain node; the first server sends the task information to the TEE, and the TEE is used to perform inference calculations on the first model based on the task information to obtain an inference result of the first model, and verify the inference result to obtain the verified inference result.
- the task execution device is an edge server
- the method also includes: the first server or the TEE sends the task information to the edge server, and the edge server performs inference calculations on the first model based on the task information to obtain an inference result of the first model; the edge server sends the inference result to the TEE for verification.
- the TEE is deployed on the first blockchain node.
- a data processing system which includes a cloud blockchain system, a task execution device and a trusted execution environment TEE.
- the cloud blockchain system includes multiple blockchain nodes, including a first blockchain node.
- the cloud computing platform deploys the cloud blockchain system in the cloud computing resources it manages, and the cloud computing platform deploys storage services in the cloud computing resources.
- the system includes: the first blockchain node is used to receive task information and send the task information to the task execution device, which is a server outside the cloud blockchain system.
- the task execution device is used to perform inference calculation on a first model according to the task information to obtain an inference result of the first model, and the input of the first model includes the task information; the task execution device is used to send the inference result to the trusted execution environment TEE; the TEE is used to verify the inference result to obtain the verified inference result; the first blockchain node is used to obtain the verified inference result from the TEE and store it on the chain; other nodes in the cloud blockchain system are used to re-verify the verified inference result through their respective corresponding TEEs, and store the re-verified inference result on the chain.
- the task execution device is a first server, which communicates with the first blockchain node.
- the first server is used to perform inference calculations on the first model based on the task information to obtain an inference result of the first model.
- the first server is specifically used to send the inference result to the TEE for verification.
- the task execution device is the TEE, which communicates with the first server, and the first server is used to receive the task information sent by the first blockchain node and send the task information to the TEE.
- the TEE is used to perform inference calculations on the first model based on the task information to obtain an inference result of the first model, and verify the inference result to obtain the verified inference result.
- the task execution device is an edge server, and the first server or the TEE is used to send the task information to the edge server; the edge server is used to perform inference calculations on the first model based on the task information, obtain the inference result of the first model, and send the inference result to the TEE for verification.
- the TEE is deployed on the first blockchain node.
- a computing device comprising a processor and a memory, and optionally, an input/output interface.
- the processor is used to control the input/output interface to send and receive information
- the memory is used to store a computer program
- the processor is used to call and run the computer program from the memory, so that the method in the first aspect or any possible implementation of the first aspect is executed, or the method in the second aspect is executed.
- the processor may be a general-purpose processor, which may be implemented by hardware or software.
- the processor may be a logic circuit, an integrated circuit, etc.; when implemented by software, the processor may be a general-purpose processor implemented by reading software code stored in a memory, which may be integrated in the processor or located outside the processor and exist independently.
- a computing device cluster comprising at least one computing device, each computing device comprising a processor and a memory; the processor of the at least one computing device is used to execute instructions stored in the memory of the at least one computing device, so that the computing device cluster executes the method in the first aspect or any possible implementation of the first aspect, or executes the method in the second aspect or any possible implementation of the second aspect.
- a chip which obtains instructions and executes the instructions to implement the method in the above-mentioned first aspect and any one of the implementations of the first aspect, or executes the method in the second aspect or any one of the possible implementations of the second aspect.
- the chip includes a processor and a data interface, and the processor reads instructions stored in the memory through the data interface to execute the method in the above-mentioned first aspect and any implementation manner of the first aspect.
- the chip may also include a memory, in which instructions are stored, and the processor is used to execute the instructions stored in the memory.
- the processor is used to execute the method in the first aspect and any one of the implementation methods of the first aspect.
- a computer program product comprising instructions.
- the computing device executes the method in the first aspect and any one of the implementations of the first aspect, or executes the method in the second aspect or any one of the possible implementations of the second aspect.
- a computer program product comprising instructions.
- the computing device cluster executes the method in the first aspect and any one of the implementations of the first aspect, or executes the method in the second aspect or any one of the possible implementations of the second aspect.
- a computer-readable storage medium comprising computer program instructions.
- the computing device executes the method in the first aspect and any one of the implementations of the first aspect, or executes the method in the second aspect or any one of the possible implementations of the second aspect.
- these computer-readable storages include, but are not limited to, one or more of the following: read-only memory (ROM), programmable ROM (PROM), erasable PROM (EPROM), Flash memory, electrically EPROM (EEPROM), and hard drive.
- ROM read-only memory
- PROM programmable ROM
- EPROM erasable PROM
- Flash memory electrically EPROM (EEPROM)
- hard drive electrically EPROM
- the above-mentioned storage medium may specifically be a non-volatile storage medium.
- a computer-readable storage medium comprising computer program instructions.
- the computing device cluster executes the method in the first aspect and any one of the implementations of the first aspect, or executes the method in the second aspect or any one of the possible implementations of the second aspect.
- these computer-readable storages include, but are not limited to, one or more of the following: read-only memory (ROM), programmable ROM (PROM), erasable PROM (EPROM), Flash memory, electrically EPROM (EEPROM), and hard drive.
- ROM read-only memory
- PROM programmable ROM
- EPROM erasable PROM
- Flash memory electrically EPROM (EEPROM)
- hard drive electrically EPROM
- the above-mentioned storage medium may specifically be a non-volatile storage medium.
- FIG1 is a schematic block diagram of a cloud scenario applicable to an embodiment of the present application.
- FIG. 2 is a schematic flow chart of a data processing method applicable to an embodiment of the present application.
- FIG3 is a schematic block diagram of a relay server performing task scheduling provided in an embodiment of the present application.
- FIG. 4 is a schematic block diagram of a data processing device 400 provided in an embodiment of the present application.
- FIG5 is a schematic diagram of the architecture of a computing device 1500 provided in an embodiment of the present application.
- FIG. 6 is a schematic diagram of the architecture of a computing device cluster provided in an embodiment of the present application.
- FIG. 7 is a schematic diagram of a connection between computing devices 1500A and 1500B via a network provided in an embodiment of the present application.
- references to "one embodiment” or “some embodiments” etc. described in this specification mean that a particular feature, structure or characteristic described in conjunction with the embodiment is included in one or more embodiments of the present application.
- the phrases “in one embodiment”, “in some embodiments”, “in some other embodiments”, “in some other embodiments”, etc. appearing in different places in this specification do not necessarily refer to the same embodiment, but mean “one or more but not all embodiments", unless otherwise specifically emphasized in other ways.
- the terms “including”, “comprising”, “having” and their variations all mean “including but not limited to”, unless otherwise specifically emphasized in other ways.
- At least one of a, b, or c can mean: a, b, c, a-b, a-c, b-c, or a-b-c, where a, b, c can be single or multiple.
- Blockchain technology is a decentralized architecture and computing paradigm that uses block chain data structures to verify and store data, distributed node consensus algorithms to generate and update data, cryptography to ensure the security of data transmission and access, and smart contracts composed of automated script codes to program and operate data.
- Blockchain is a special distributed database with no central point, and information is stored in all nodes that join the blockchain network.
- the nodes in the blockchain network can be called blockchain nodes, which can be a server, laptop, mobile phone, etc.
- Each blockchain node stores information in the form of blockchain, and the information stored in all nodes added to the blockchain network is consistent and synchronized. If one or two nodes are broken, the information will not be lost and can still be viewed on other nodes.
- a system is deployed on a mobile device, and the system includes a trusted execution environment (TEE).
- TEE is an independent, isolated, secure operating environment within the mobile device (e.g., a smartphone, tablet, smart TV, etc.). Since TEE provides an isolated environment to store the user's sensitive information (e.g., the user's code and data), TEE provides a more secure space for the execution of code and data, and ensures the confidentiality and security of the user's sensitive information (e.g., the user's code and data).
- the mobile device may be a desktop computer, a notebook, a mobile phone, a tablet computer, a smart watch, a smart bracelet, etc., which is not specifically limited in this application.
- TEE trusted applications
- TEE divides independent trusted zones in the processor (e.g., central processing unit (CPU)) and memory, and isolates different TAs in the processor and memory to prevent different TAs from reading and accessing data from each other at will.
- TAs running in TEE can access the full functionality of the device's main processor and memory, while hardware isolation protects these components from being affected by user-installed applications running in the main operating system.
- SGX is a new extension of Intel architecture, which adds a new set of instruction sets and memory access mechanisms to the original architecture. These extensions allow applications to implement a container called an enclave.
- the basic input output system (BIOS) can be used to divide independent protected enclaves in the address space of the application. The area is used as an enclave.
- the data in the enclave is encrypted and cannot be viewed by the kernel or the hypervisor. Therefore, SGX can not only isolate the data of different TAs in memory, but also encrypt the data in the memory enclave. In this way, developers can divide applications into enclaves or executable protection areas in memory, which can improve security even in attacked platforms.
- DRM digital management protection
- SGX The implementation of SGX requires the collaboration of hardware and software such as processors, memory management components, BIOS, drivers, and runtime environments.
- VMM virtual machine manager
- Artificial Intelligence is the theory, method, technology and application system that uses digital computers or machines controlled by digital computers to simulate, extend and expand human intelligence, perceive the environment, acquire knowledge and use knowledge to obtain the best results.
- artificial intelligence is a branch of computer science that attempts to understand the essence of intelligence and produce a new intelligent machine that can respond in a similar way to human intelligence.
- Artificial intelligence is to study the design principles and implementation methods of various intelligent machines so that machines have the functions of perception, reasoning and decision-making.
- Research in the field of artificial intelligence includes robotics, natural language processing, computer vision, decision-making and reasoning, human-computer interaction, recommendation and search, basic AI theory, etc.
- Neural networks are complex network systems formed by a large number of simple processing units (called neurons) that are widely interconnected.
- the neural network model is described based on the mathematical model of neurons.
- the neural network model is represented by network topology, node characteristics and learning rules.
- blockchain-based artificial intelligence Due to the characteristics of blockchain that it cannot be tampered with and is transparent to development, blockchain-based artificial intelligence (BC-AI) is expected to further promote the training and reasoning of trusted distributed artificial intelligence.
- BC-AI blockchain-based artificial intelligence
- blockchain technology can be used to protect the data of neural networks (NN) models from being tampered with. Therefore, promoting the integration and development of blockchain technology and artificial intelligence technology has become a new research hotspot.
- neural network model reasoning for example, deep neural network (DNN) model
- DNN deep neural network
- an embodiment of the present application provides a data processing method, which can verify the results of model reasoning performed on a server outside the blockchain network through TEE, and store the verified results on the chain through the blockchain node. In this way, it is possible to protect the reasoning data of artificial intelligence from being tampered with through blockchain technology, thereby promoting the integrated development of blockchain technology and artificial intelligence technology.
- the method provided in the embodiment of the present application can be applied to a cloud service scenario, and the method is executed by a cloud management platform in the cloud service scenario.
- the cloud service scenario is described in detail below in conjunction with FIG.
- Fig. 1 is a schematic block diagram of a cloud scenario applicable to an embodiment of the present application.
- the cloud scenario may include: a cloud management platform 110 , the Internet 120 , and a client 130 .
- the cloud management platform 110 is used to manage the infrastructure that provides multiple cloud services.
- the infrastructure includes multiple cloud data centers, each of which includes multiple servers, each of which includes cloud service resources to provide corresponding cloud services to tenants.
- the cloud management platform 110 may be located in a cloud data center and may provide an access interface (such as an interface or an application program interface (API)).
- the tenant may operate the client 130 to remotely access the access interface to register a cloud account and password on the cloud management platform 110 and log in to the cloud management platform 110.
- the cloud management platform 110 After the cloud management platform 110 successfully authenticates the cloud account and password, the tenant may further pay to select and purchase a virtual machine with specific specifications (processor, memory, disk) on the cloud management platform 110. After the payment is successful, the cloud management platform 110 provides The client 130 can remotely log in to the virtual machine and install and run the tenant's application in the virtual machine. Therefore, the tenant can create, manage, log in and operate the virtual machine in the cloud data center through the cloud management platform 110.
- the virtual machine can also be called a cloud server (elastic compute service, ECS) or an elastic instance (different cloud service providers have different names).
- tenants of cloud services can be individuals, enterprises, schools, hospitals, administrative agencies, etc.
- the functions of the cloud management platform 110 include, but are not limited to, user console, computing management service, network management service, storage management service, authentication service, and image management service.
- the user console provides an interface or API to interact with tenants
- the computing management service is used to manage servers running virtual machines and containers and bare metal servers
- the network management service is used to manage network services (such as gateways, firewalls, etc.)
- the storage management service is used to manage storage services (such as data bucket services)
- the authentication service is used to manage tenant accounts and passwords
- the image management service is used to manage virtual machine images.
- Tenants can use the client 130 to log in to the cloud management platform 110 through the Internet 120 to manage the rented cloud services.
- Fig. 2 is a schematic flow chart of a data processing method provided in an embodiment of the present application. As shown in Fig. 2, the method may include steps 210-260, and steps 210-260 are described in detail below.
- Step 210 The blockchain network receives the task information submitted by the user.
- a blockchain network may include multiple blockchain nodes, and the blockchain network may receive task information submitted by a user.
- a blockchain node e.g., a first blockchain node
- the task parameter may be, for example, input information of a model (e.g., a first neural network model).
- the embodiments of the present application do not specifically limit the blockchain network (or blockchain platform), which may include but is not limited to: a public blockchain network, a private blockchain network, a consortium chain, etc.
- Step 220 The blockchain network establishes a trusted connection with the external server and sends task information to the external server.
- a blockchain network can establish a trusted connection with an external server, which can be a separate physical server outside the blockchain network. After the blockchain network and the external server establish a trusted connection, the blockchain network can send the task information received from the user to the external server for processing.
- a blockchain node e.g., a first blockchain node
- the first blockchain node can send the task information to the external server for processing.
- the embodiments of the present application do not specifically limit the communication method and communication protocol between the blockchain network and the external server.
- the communication between the blockchain network and the external server uses the Google Remote Procedure Call (gRPC) protocol, and the first blockchain node in the blockchain network sends the task information to the external server through the gRPC protocol.
- gRPC Google Remote Procedure Call
- the consortium chain code that writes the outsourced task in the first blockchain node acts as the client, and the relay server acts as the server, and the task information is transmitted through the gRPC protocol.
- the task information includes task parameters.
- the chain code client of the first blockchain node establishes a gRPC connection with the relay server, and serializes the task parameters and sends them to the relay server.
- the chain code client of the first blockchain node ends the gRPC interaction and stores the task information on the chain.
- Step 230 The external server performs inference calculation according to the task information to obtain the result of the inference calculation.
- the external server after receiving the task information sent by the blockchain network, the external server can perform inference calculation based on the task information.
- the task information can be used as an input parameter of a model (e.g., a first neural network model) and perform inference calculation of the model.
- an external server is used as a relay server as an example for explanation below.
- the relay server can deserialize the serialized task parameters, restore the task parameters, and perform inference calculations on a model (e.g., a first neural network model) based on the task parameters.
- a model e.g., a first neural network model
- the relay server has a certain computing power, and the relay server can complete the inference calculation of the model (for example, the first neural network model) by itself.
- the relay server schedules the task and distributes it to the task execution device worker to perform the inference calculation of the model (for example, the first neural network model).
- the relay server adds the Celery distributed asynchronous task framework to perform task scheduling. After the relay server receives the request submitted by the chain code, it deserializes the data to restore the task parameters, and then encapsulates the task request and puts it into the Celery message middleware (message broker) asynchronous queue.
- the task execution device worker takes the task from the broker queue to perform the inference calculation of the model (for example, the first neural network model).
- the worker here can be understood as a process.
- the relay server can outsource or delegate the task to other servers for processing.
- the relay server can establish a connection with the edge server and delegate the execution of the most time-consuming linear layer in the first neural network model to the edge server with faster processing speed for reasoning calculation, and At the same time, monitor the completion status of the task.
- the relay server can also send the task to the TEE for execution.
- the task execution device worker takes the task from the broker queue and puts it into the trusted execution environment (TEE) for execution, for example, the task is divided into the enclave in the Intel SGX of the TEE for execution, and the relay server monitors the completion status of the task at the same time.
- TEE trusted execution environment
- TEE provides an isolated environment to store the user's sensitive information (e.g., the user's code and data)
- TEE provides a more secure space for the execution of code and data and ensures the confidentiality and security of the user's sensitive information (e.g., the user's code and data).
- the TEE in order to solve the problem that the TEE memory is too small to complete the complex calculation of the model, as shown in Figure 3, the TEE can also outsource or delegate the task to other servers for processing.
- Intel SGX in TEE can protect selected code and data from being leaked and modified, but in order to solve the problem that its memory is small and insufficient to support the complete reasoning of the deep neural network model, the enclave in Intel SGX delegates the execution of the most time-consuming linear layer in the first neural network model to the edge server with faster processing speed for reasoning calculation through an outsourcing solution based on matrix multiplication, and monitors the completion status of the task at the same time.
- Step 240 The person who completes the task sends the result of the inference calculation to the TEE for verification.
- the task is completed by a relay server, which can directly send the result of the inference calculation to the TEE for verification.
- the task is completed by an edge server, which can directly send the result of the inference calculation to the TEE for verification, or the edge server can also send the result of the inference calculation to a relay server, and the relay server forwards the result of the inference calculation to the TEE for verification.
- an edge server which can directly send the result of the inference calculation to the TEE for verification, or the edge server can also send the result of the inference calculation to a relay server, and the relay server forwards the result of the inference calculation to the TEE for verification.
- TEE is deployed in the blockchain network, for example, TEE is deployed on each blockchain node. In another example, TEE is deployed on a separate server other than the blockchain network and the relay server.
- Step 250 TEE verifies the result of the inference calculation.
- TEE can obtain the real result based on the model reasoning, and compare the real result with the result it obtains to determine whether the reasoning result it obtains is credible. If the real result obtained by TEE reasoning is consistent with the result it obtains, it can be understood that the reasoning result it obtains is credible, and TEE can sign the result it obtains.
- Step 260 The blockchain network uploads the inference results after TEE verification to the chain.
- the first blockchain node can obtain the result of reasoning verified by TEE, for example, the result of reasoning with TEE signature.
- TEE is deployed on the first blockchain node, and the first blockchain node can directly obtain the result of reasoning with TEE signature from TEE.
- TEE is deployed on other servers outside the blockchain network and relay server, and the first blockchain node can obtain the result of reasoning with TEE signature from the TEE deployed on the other server through communication with the other server.
- the first blockchain node obtains the result of the reasoning after TEE verification, and stores the result on the chain.
- other nodes in the blockchain network can send their corresponding TEEs for verification again, and store the verified reasoning results on the chain.
- the TEEs corresponding to the other nodes in the blockchain network are deployed on their respective nodes, and the other nodes in the blockchain network verify the reasoning results through the TEEs deployed on their respective nodes.
- the TEEs corresponding to the other nodes in the blockchain network are deployed on other servers. The other nodes can send the reasoning results to the TEEs deployed on the other servers to verify the reasoning results, and obtain the reasoning results with TEE signatures through communication with other servers.
- the results of model inference performed on servers outside the blockchain network can be verified through TEE, and the verified results can be stored on the chain through blockchain nodes.
- blockchain technology can be used to protect the reasoning data of artificial intelligence from being tampered with, thereby promoting the integrated development of blockchain technology and artificial intelligence technology.
- FIG4 is a schematic block diagram of a data identification device 400 provided in an embodiment of the present application.
- the device 400 can be implemented by software, hardware,
- the device 400 provided in the embodiment of the present application can implement the method flow shown in FIG. 2 of the embodiment of the present application, and the device 400 includes:
- a receiving module 410 configured for a first blockchain node to receive task information, where the first blockchain node is a node in the blockchain system;
- a sending module 420 is used for the first blockchain node to send the task information to a task execution device, where the task execution device is a server outside the blockchain system.
- the task execution device is used to perform inference calculation on the first model according to the task information to obtain an inference result of the first model, and the input of the first model includes the task information;
- the sending module 420 is also used for the task execution device to send the reasoning result to the trusted execution environment TEE;
- a verification module 430 used for the TEE to verify the reasoning result and obtain a verified reasoning result
- a storage module 440 is used for the first blockchain node to obtain the verified reasoning result from the TEE and store it on the chain;
- the storage module 440 is also used for other nodes in the cloud blockchain system to re-verify the verified reasoning results through their respective corresponding TEEs, and store the re-verified reasoning results on the chain.
- the task execution device is a first server, which communicates with the first blockchain node.
- the first server is used to perform inference calculations on the first model according to the task information to obtain an inference result of the first model.
- the verification module 430 is specifically used for the first server to send the inference result to the TEE for verification.
- the task execution device is the TEE, which communicates with the first server, and the receiving module 410 is specifically used for the first server to receive the task information sent by the first blockchain node; the sending module 420 is specifically used for the first server to send the task information to the TEE, and the TEE is used to perform inference calculation on the first model according to the task information to obtain the inference result of the first model, and verify the inference result to obtain the verified inference result.
- the task execution device is an edge server
- the sending module 420 is specifically used for the first server or the TEE to send the task information to the edge server, and the edge server performs inference calculations on the first model based on the task information to obtain the inference result of the first model; the sending module 420 is specifically used for the edge server to send the inference result to the TEE for verification.
- the TEE is deployed on the first blockchain node.
- the device 400 here can be embodied in the form of a functional module.
- the term "module” here can be implemented in the form of software and/or hardware, and is not specifically limited to this.
- a “module” can be a software program, a hardware circuit, or a combination of the two that implements the above functions.
- the implementation of the receiving module 410 is described below by taking the receiving module 410 as an example.
- the implementation of other modules such as the sending module 420, the verification module 430, and the storage module 440, can refer to the implementation of the receiving module 410.
- the receiving module 410 is taken as an example of a software functional unit, and the receiving module 410 may include code running on a computing instance.
- the computing instance may include at least one of a physical host (computing device), a virtual machine, and a container. Further, the above-mentioned computing instance may be one or more.
- the receiving module 410 may include code running on multiple hosts/virtual machines/containers. It should be noted that the multiple hosts/virtual machines/containers used to run the code may be distributed in the same region (region) or in different regions.
- the multiple hosts/virtual machines/containers used to run the code may be distributed in the same availability zone (AZ) or in different AZs, each AZ including one data center or multiple data centers with close geographical locations. Among them, usually a region may include multiple AZs.
- VPC virtual private cloud
- multiple hosts/virtual machines/containers used to run the code can be distributed in the same virtual private cloud (VPC) or in multiple VPCs.
- VPC virtual private cloud
- a VPC is set up in a region.
- a communication gateway needs to be set up in each VPC to achieve interconnection between VPCs through the communication gateway.
- the receiving module 410 is taken as an example of a hardware functional unit, and the receiving module 410 may include at least one computing device, such as a server, etc. Alternatively, the receiving module 410 may also be a device implemented by an application-specific integrated circuit (ASIC) or a programmable logic device (PLD).
- the PLD may be a complex programmable logical device (CPLD), a field-programmable gate array (FPGA), a generic array logic (GAL), or any combination thereof.
- the multiple computing devices included in the receiving module 410 can be distributed in the same region or in different regions.
- the multiple computing devices included in the receiving module 410 can be distributed in the same AZ or in different AZs.
- the multiple computing devices included in the receiving module 410 can be distributed in the same VPC or in multiple VPCs.
- the multiple computing devices can be any combination of computing devices such as servers, ASICs, PLDs, CPLDs, FPGAs, and GALs.
- modules of each example described in the embodiments of the present application can be implemented in electronic hardware, or in a combination of computer software and electronic hardware. Whether these functions are performed in hardware or software depends on the specific application and design constraints of the technical solution. Professional and technical personnel can use different methods to implement the described functions for each specific application, but such implementation should not be considered beyond the scope of this application.
- the device provided in the above embodiment executes the above method
- only the division of the above functional modules is used as an example.
- the above function allocation can be completed by different functional modules as needed, that is, the internal structure of the device is divided into different functional modules to complete all or part of the functions described above.
- the receiving module 410 can be used to execute any step in the above method
- the sending module 420 can be used to execute any step in the above method
- the verification module 430 can be used to execute any step in the above method
- the storage module 440 can be used to execute any step in the above method.
- the method provided in the embodiment of the present application can be performed by a computing device, which can also be referred to as a computer system. It includes a hardware layer, an operating system layer running on the hardware layer, and an application layer running on the operating system layer.
- the hardware layer includes hardware such as a processing unit, a memory and a memory control unit, and then the function and structure of the hardware are described in detail.
- the operating system is any one or more computer operating systems that implement business processing through a process, for example, a Linux operating system, a Unix operating system, an Android operating system, an iOS operating system, or a windows operating system.
- the application layer includes applications such as a browser, an address book, a word processing software, and an instant messaging software.
- the computer system is a handheld device such as a smart phone, or a terminal device such as a personal computer, which is not particularly limited in this application, as long as it can be provided by the method provided in the embodiment of the present application.
- the execution subject of the method provided in the embodiment of the present application can be a computing device, or a functional module in a computing device that can call a program and execute a program.
- a computing device provided in an embodiment of the present application is described in detail below in conjunction with FIG. 5 .
- FIG5 is a schematic diagram of the architecture of a computing device 1500 provided in an embodiment of the present application.
- the computing device 1500 may be a server or a computer or other device with computing capabilities.
- the computing device 1500 shown in FIG5 includes: at least one processor 1510 and a memory 1520.
- the processor 1510 executes the instructions in the memory 1520, so that the computing device 1500 implements the method provided by the present application.
- the processor 1510 executes the instructions in the memory 1520, so that the computing device 1500 implements the functional modules provided by the present application, thereby implementing the method provided by the present application.
- the computing device 1500 further includes a communication interface 1530.
- the communication interface 1530 uses a transceiver module such as, but not limited to, a network interface card or a transceiver to implement communication between the computing device 1500 and other devices or a communication network.
- the computing device 1500 further includes a system bus 1540, wherein the processor 1510, the memory 1520 and the communication interface 1530 are respectively connected to the system bus 1540.
- the processor 1510 can access the memory 1520 through the system bus 1540.
- the processor 1510 can read and write data or execute code in the memory 1520 through the system bus 1540.
- the system bus 1540 is a peripheral component interconnect express (PCI) bus or an extended industry standard architecture (EISA) bus.
- PCI peripheral component interconnect express
- EISA extended industry standard architecture
- the system bus 1540 is divided into an address bus, a data bus, a control bus, etc. For ease of representation, only one thick line is used in FIG. 5, but it does not mean that there is only one bus or one type of bus.
- the function of the processor 1510 is mainly to interpret the instructions (or codes) of the computer program and process the data in the computer software.
- the instructions of the computer program and the data in the computer software can be stored in the memory 1520 or the cache 1516.
- the processor 1510 may be an integrated circuit chip with signal processing capabilities.
- the processor 1510 is a general-purpose processor, a digital signal processor (DSP), an application-specific integrated circuit (ASIC), a field programmable gate array (FPGA) or other programmable logic device, a discrete gate or transistor logic device, a discrete hardware component.
- the general-purpose processor is a microprocessor, etc.
- the processor 1510 is a central processing unit (CPU).
- each processor 1510 includes at least one processing unit 1512 and a memory control unit 1514 .
- the processing unit 1512 is also called the core or kernel, which is the most important component of the processor.
- the processing unit 1512 is made of single crystal silicon using a certain production process. All the calculations, command reception, command storage, and data processing of the processor are performed by the core.
- the processing units run program instructions independently and use the ability of parallel computing to speed up the program.
- Various processing units are It has a fixed logical structure.
- the processing unit includes logical units such as a first-level cache, a second-level cache, an execution unit, an instruction unit, and a bus interface.
- the memory control unit 1514 is used to control data interaction between the memory 1520 and the processing unit 1512. Specifically, the memory control unit 1514 receives a memory access request from the processing unit 1512, and controls access to the memory based on the memory access request.
- the memory control unit is a device such as a memory management unit (MMU).
- MMU memory management unit
- each memory control unit 1514 addresses the memory 1520 through the system bus.
- An arbiter (not shown in FIG. 5 ) is configured in the system bus, and the arbiter is responsible for processing and coordinating contention accesses of multiple processing units 1512 .
- processing unit 1512 and the memory control unit 1514 are connected to each other through connection lines inside the chip, such as address lines, so as to achieve communication between the processing unit 1512 and the memory control unit 1514.
- each processor 1510 also includes a cache 1516, wherein the cache is a buffer for data exchange (called cache).
- cache a buffer for data exchange
- the processing unit 1512 wants to read data, it will first search for the required data from the cache. If it is found, it will be executed directly. If it is not found, it will be searched from the memory. Since the running speed of the cache is much faster than the memory, the role of the cache is to help the processing unit 1512 run faster.
- the memory 1520 can provide a running space for the processes in the computing device 1500.
- the computer program (specifically, the code of the program) used to generate the process is stored in the memory 1520.
- the processor allocates a corresponding storage space for the process in the memory 1520.
- the above storage space further includes a text segment, an initialized data segment, a bit initialized data segment, a stack segment, a heap segment, etc.
- the memory 1520 stores the data generated during the running of the process in the storage space corresponding to the above process, such as intermediate data, process data, etc.
- the storage is also called memory, and its function is to temporarily store the operation data in the processor 1510 and the data exchanged with the external storage such as the hard disk.
- the processor 1510 will transfer the data to be calculated to the memory for calculation, and when the calculation is completed, the processing unit 1512 will transmit the result.
- memory 1520 is a volatile memory or a non-volatile memory, or may include both volatile and non-volatile memory.
- the non-volatile memory is a read-only memory (ROM), a programmable read-only memory (PROM), an erasable programmable read-only memory (EPROM), an electrically erasable programmable read-only memory (EEPROM), or a flash memory.
- the volatile memory is a random access memory (RAM), which is used as an external cache.
- RAM direct rambus RAM
- SRAM static RAM
- DRAM dynamic RAM
- SDRAM synchronous DRAM
- DDR SDRAM double data rate SDRAM
- ESDRAM enhanced SDRAM
- SLDRAM synchlink DRAM
- DR RAM direct rambus RAM
- the structure of the computing device 1500 listed above is only an exemplary description, and the present application is not limited thereto.
- the computing device 1500 of the embodiment of the present application includes various hardware in the computer system in the prior art.
- the computing device 1500 also includes other memories other than the memory 1520, such as disk storage, etc.
- the computing device 1500 may also include other devices necessary for normal operation.
- the computing device 1500 may also include hardware devices for implementing other additional functions.
- the computing device 1500 may also include only the devices necessary for implementing the embodiment of the present application, without having to include all the devices shown in FIG. 5.
- the embodiment of the present application also provides a computing device cluster.
- the computing device cluster includes at least one computing device.
- the computing device may be a server.
- the computing device may also be a terminal device such as a desktop computer, a laptop computer, or a smart phone.
- the computing device cluster includes at least one computing device 1500.
- the memory 1520 in one or more computing devices 1500 in the computing device cluster may store the same instructions for executing the above method.
- the memory 1520 in one or more computing devices 1500 in the computing device cluster may also store partial instructions for executing the above method.
- the combination of one or more computing devices 1500 may jointly execute the instructions of the above method.
- the memory 1520 in different computing devices 1500 in the computing device cluster may store different instructions, which are respectively used to execute part of the functions of the above-mentioned apparatus. That is, the instructions stored in the memory 1520 in different computing devices 1500 may implement the functions of one or more modules in the above-mentioned apparatus.
- one or more computing devices in the computing device cluster may be connected via a network.
- the network may be a wide area network or a local area network, etc.
- FIG. 7 shows a possible implementation. As shown in FIG. 7 , two computing devices 1500A and 1500B are connected via a network. Specifically, the network is connected via a communication interface in each computing device.
- computing device 1500A shown in FIG7 may also be implemented by multiple computing devices 1500.
- functionality of the computing device 1500B may also be implemented by multiple computing devices 1500.
- each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.
- this function is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a computer-readable storage medium.
- the technical solution of the present application can essentially or in other words, the part that contributes to the prior art or the part of the technical solution can be embodied in the form of a software product.
- the computer software product is stored in a storage medium, including several instructions for a computer device (which can be a personal computer, server, or network device, etc.) to execute all or part of the steps of the method in each embodiment of the present application.
- the aforementioned storage medium includes: U disk, mobile hard disk, read-only memory (ROM), random access memory (RAM), disk or optical disk, and other media that can store program codes.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
A data processing method and apparatus, and a computation device. The method comprises: a first blockchain node receives task information and sends the task information to a task execution device, wherein the task execution device is used for performing inference computation on a first model according to the task information to obtain an inference result for the first model; the task execution device sends the inference result to a trusted execution environment (TEE) for verification to obtain a verified inference result; and the node in a blockchain system performs on-chain storage on the inference result verified by the TEE. The method can improve the credibility of off-chain computation, and promote the convergence and development of the blockchain technology and the artificial intelligence technology.
Description
本申请要求于2023年03月09日提交中国国家知识产权局、申请号为202310226446.5、申请名称为“基于可信执行环境的智能合约计算的方法、计算设备”的中国专利申请的优先权,以及于2023年04月20日提交中国国家知识产权局、申请号为202310432135.4、申请名称为“数据处理的方法、装置以及计算设备”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of the Chinese patent application filed with the State Intellectual Property Office of China on March 9, 2023, with application number 202310226446.5 and application name “Method and computing device for smart contract computing based on a trusted execution environment”, and the priority of the Chinese patent application filed with the State Intellectual Property Office of China on April 20, 2023, with application number 202310432135.4 and application name “Method, device and computing device for data processing”, all of which are incorporated by reference into this application.
本申请涉及云计算领域,并且更具体地,涉及一种数据处理的方法、装置以及计算设备。The present application relates to the field of cloud computing, and more specifically, to a data processing method, apparatus, and computing device.
区块链技术诞生以来,经过多年的快速发展,已经广泛应用于金融、供应链、电子政务等各行各业,成为推动信息互联网向价值互联网转变的核心技术,引起了全世界的广泛关注,现如今区块链技术已经成为全球各国关注和研究的重点。由于区块链不可篡改和透明开发的特性,基于区块链的人工智能(blockchain-based artificial intelligence,BC-AI)有望进一步推动可信分布式人工智能的训练和推理。例如通过区块链技术来保护神经网络(neural networks,NN)模型的数据不被篡改,因此促进区块链技术与人工智能技术的融合发展成为了新的研究热点。但是由于现有的主流智能合约缺乏复杂计算的能力,使得区块链节点无法处理复杂任务,导致神经网络模型(例如,深度神经网络(deepNN,DNN)模型)推理目前还不能通过智能合约在区块链网络中直接执行,限制了基于区块链的人工智能的应用范围和进一步发展。Since the birth of blockchain technology, after years of rapid development, it has been widely used in various industries such as finance, supply chain, and e-government. It has become the core technology to promote the transformation of information Internet to value Internet, and has attracted widespread attention from all over the world. Today, blockchain technology has become the focus of attention and research in countries around the world. Due to the characteristics of blockchain that cannot be tampered with and transparent development, blockchain-based artificial intelligence (BC-AI) is expected to further promote the training and reasoning of trusted distributed artificial intelligence. For example, blockchain technology is used to protect the data of neural network (NN) models from being tampered with, so promoting the integration and development of blockchain technology and artificial intelligence technology has become a new research hotspot. However, due to the lack of complex computing capabilities of existing mainstream smart contracts, blockchain nodes cannot handle complex tasks, resulting in the inference of neural network models (for example, deep neural network (DNN) models) cannot be directly executed in the blockchain network through smart contracts, which limits the application scope and further development of blockchain-based artificial intelligence.
相关的技术方案中,由于区块链节点无法处理复杂任务,从而将模型推理的过程从区块链网络卸载到附近的边缘服务器,以请求使用其强大的硬件执行模型推理的计算过程。该技术不能保证链下计算的安全可信性,链下进行模型推理的外部平台不受信任,返回的推理结果可信性不能保证。In related technical solutions, since blockchain nodes cannot handle complex tasks, the model reasoning process is offloaded from the blockchain network to nearby edge servers to request the use of their powerful hardware to perform the model reasoning calculation process. This technology cannot guarantee the security and credibility of off-chain computing, the external platform for off-chain model reasoning is not trusted, and the credibility of the returned reasoning results cannot be guaranteed.
因此,如何提高链下计算的可信度,促进区块链技术与人工智能技术的融合发展成为亟需要解决的技术问题。Therefore, how to improve the credibility of off-chain computing and promote the integrated development of blockchain technology and artificial intelligence technology has become a technical problem that needs to be solved urgently.
发明内容Summary of the invention
本申请提供一种数据处理的方法、装置以及计算设备,该方法能够提高链下计算的可信度,促进区块链技术与人工智能技术的融合发展。The present application provides a data processing method, apparatus, and computing device, which can improve the credibility of off-chain computing and promote the integrated development of blockchain technology and artificial intelligence technology.
第一方面,提供了一种数据处理的方法,该方法应用于云区块链系统,该云区块链系统包括多个区块链节点,云计算平台在其管理的云计算资源部署该云区块链系统,该云计算平台在该云计算资源部署区块链服务,该方法包括:第一区块链节点接收任务信息,该第一区块链节点为该云区块链系统中的一个节点;该第一区块链节点将该任务信息发送给任务执行设备,该任务执行设备为该云区块链系统外的服务器,该任务执行设备用于根据该任务信息对第一模型进行推理计算,得到该第一模型的推理结果,该第一模型的输入包括该任务信息;该任务执行设备将该推理结果发送给可信执行环境TEE进行验证,得到验证后的推理结果;该第一区块链节点从该TEE获得该验证后的推理结果,并上链存储;该云区块链系统中的其他节点通过各自对应的TEE对该验证后的推理结果进行再次验证,并将再次验证后的推理结果上链存储。In a first aspect, a method for data processing is provided, which is applied to a cloud blockchain system, wherein the cloud blockchain system includes multiple blockchain nodes, a cloud computing platform deploys the cloud blockchain system in the cloud computing resources it manages, and the cloud computing platform deploys blockchain services in the cloud computing resources. The method includes: a first blockchain node receives task information, and the first blockchain node is a node in the cloud blockchain system; the first blockchain node sends the task information to a task execution device, which is a server outside the cloud blockchain system, and the task execution device is used to perform inference calculation on a first model according to the task information to obtain an inference result of the first model, and the input of the first model includes the task information; the task execution device sends the inference result to a trusted execution environment TEE for verification to obtain a verified inference result; the first blockchain node obtains the verified inference result from the TEE and stores it on the chain; other nodes in the cloud blockchain system re-verify the verified inference result through their respective corresponding TEEs, and store the re-verified inference result on the chain.
上述技术方案中,通过TEE对区块链网络外部的服务器进行的模型推理的结果进行验证,并通过区块链节点对验证后的结果进行上链存储,这样,可以实现通过区块链技术保护人工智能的推理数据不被篡改,促进区块链技术与人工智能技术的融合发展。In the above technical solution, the results of model inference performed on servers outside the blockchain network are verified through TEE, and the verified results are stored on the chain through blockchain nodes. In this way, blockchain technology can be used to protect the reasoning data of artificial intelligence from being tampered with, thereby promoting the integrated development of blockchain technology and artificial intelligence technology.
结合第一方面,在第一方面的某些实现方式中,该任务执行设备为第一服务器,该第一服务器与该第一区块链节点通信,该第一服务器用于根据该任务信息对第一模型进行推理计算,得到该第一模型的推理结果,该第一服务器将该推理结果发送给该TEE进行验证。In combination with the first aspect, in certain implementations of the first aspect, the task execution device is a first server, which communicates with the first blockchain node. The first server is used to perform inference calculations on the first model based on the task information to obtain an inference result of the first model, and the first server sends the inference result to the TEE for verification.
结合第一方面,在第一方面的某些实现方式中,该任务执行设备为该TEE,该TEE与第一服务器通
信,该方法还包括:该第一服务器接收该第一区块链节点发送的该任务信息;该第一服务器将该任务信息发送给该TEE,该TEE用于根据任务信息对第一模型进行推理计算,得到该第一模型的推理结果,并对该推理结果进行验证,得到该验证后的推理结果。In combination with the first aspect, in some implementations of the first aspect, the task execution device is the TEE, and the TEE communicates with the first server. The method also includes: the first server receives the task information sent by the first blockchain node; the first server sends the task information to the TEE, and the TEE is used to perform inference calculation on the first model according to the task information to obtain the inference result of the first model, and verify the inference result to obtain the verified inference result.
结合第一方面,在第一方面的某些实现方式中,该任务执行设备为边缘服务器,该方法还包括:该第一服务器或该TEE将该任务信息发送给该边缘服务器,由该边缘服务器根据任务信息对第一模型进行推理计算,得到该第一模型的推理结果;该边缘服务器将该推理结果发送给该TEE进行验证。In combination with the first aspect, in certain implementations of the first aspect, the task execution device is an edge server, and the method also includes: the first server or the TEE sends the task information to the edge server, and the edge server performs inference calculations on the first model based on the task information to obtain an inference result of the first model; the edge server sends the inference result to the TEE for verification.
结合第一方面,在第一方面的某些实现方式中,该TEE部署在该第一区块链节点上。In combination with the first aspect, in certain implementations of the first aspect, the TEE is deployed on the first blockchain node.
第二方面,提供了一种数据处理的方法,包括:第一区块链节点接收任务信息,该第一区块链节点为该区块链系统中的一个节点;该第一区块链节点将该任务信息发送给任务执行设备,该任务执行设备为该区块链系统外的服务器,该任务执行设备用于根据该任务信息对第一模型进行推理计算,得到该第一模型的推理结果,该第一模型的输入包括该任务信息;该任务执行设备将该推理结果发送给可信执行环境TEE进行验证,得到验证后的推理结果;该第一区块链节点从该TEE获得该验证后的推理结果,并上链存储;该区块链系统中的其他节点通过各自对应的TEE对该验证后的推理结果进行再次验证,并将再次验证后的推理结果上链存储。In a second aspect, a method for data processing is provided, including: a first blockchain node receives task information, the first blockchain node is a node in the blockchain system; the first blockchain node sends the task information to a task execution device, the task execution device is a server outside the blockchain system, the task execution device is used to perform inference calculation on a first model according to the task information to obtain an inference result of the first model, and the input of the first model includes the task information; the task execution device sends the inference result to a trusted execution environment TEE for verification to obtain a verified inference result; the first blockchain node obtains the verified inference result from the TEE and stores it on the chain; other nodes in the blockchain system re-verify the verified inference result through their respective corresponding TEEs, and store the re-verified inference result on the chain.
结合第二方面,在第二方面的某些实现方式中,该任务执行设备为第一服务器,该第一服务器与该第一区块链节点通信,该第一服务器用于根据该任务信息对第一模型进行推理计算,得到该第一模型的推理结果,该第一服务器将该推理结果发送给该TEE进行验证。In combination with the second aspect, in certain implementations of the second aspect, the task execution device is a first server, which communicates with the first blockchain node. The first server is used to perform inference calculations on the first model based on the task information to obtain an inference result of the first model, and the first server sends the inference result to the TEE for verification.
结合第二方面,在第二方面的某些实现方式中,该任务执行设备为该TEE,该TEE与第一服务器通信,该方法还包括:该第一服务器接收该第一区块链节点发送的该任务信息;该第一服务器将该任务信息发送给该TEE,该TEE用于根据任务信息对第一模型进行推理计算,得到该第一模型的推理结果,并对该推理结果进行验证,得到该验证后的推理结果。In combination with the second aspect, in certain implementations of the second aspect, the task execution device is the TEE, and the TEE communicates with the first server. The method also includes: the first server receives the task information sent by the first blockchain node; the first server sends the task information to the TEE, and the TEE is used to perform inference calculations on the first model based on the task information to obtain an inference result of the first model, and verify the inference result to obtain the verified inference result.
结合第二方面,在第二方面的某些实现方式中,该任务执行设备为边缘服务器,该方法还包括:该第一服务器或该TEE将该任务信息发送给该边缘服务器,由该边缘服务器根据任务信息对第一模型进行推理计算,得到该第一模型的推理结果;该边缘服务器将该推理结果发送给该TEE进行验证。In combination with the second aspect, in certain implementations of the second aspect, the task execution device is an edge server, and the method also includes: the first server or the TEE sends the task information to the edge server, and the edge server performs inference calculations on the first model based on the task information to obtain an inference result of the first model; the edge server sends the inference result to the TEE for verification.
结合第二方面,在第二方面的某些实现方式中,该TEE部署在该第一区块链节点上。In combination with the second aspect, in certain implementations of the second aspect, the TEE is deployed on the first blockchain node.
第三方面,提供了一种数据处理的系统,该系统包括云区块链系统、任务执行设备以及可信执行环境TEE,该云区块链系统包括多个区块链节点,该多个区块链节点中包括第一区块链节点,云计算平台在其管理的云计算资源部署该云区块链系统,该云计算平台在该云计算资源部署存储服务,该系统包括:该第一区块链节点,用于接收任务信息,并将该任务信息发送给任务执行设备,该任务执行设备为该云区块链系统外的服务器,该任务执行设备用于根据该任务信息对第一模型进行推理计算,得到该第一模型的推理结果,该第一模型的输入包括该任务信息;该任务执行设备,用于将该推理结果发送给可信执行环境TEE;该TEE,用于对该推理结果进行验证,得到验证后的推理结果;该第一区块链节点,用于从该TEE获得该验证后的推理结果,并上链存储;该云区块链系统中的其他节点,用于通过各自对应的TEE对该验证后的推理结果进行再次验证,并将再次验证后的推理结果上链存储。In a third aspect, a data processing system is provided, which includes a cloud blockchain system, a task execution device and a trusted execution environment TEE. The cloud blockchain system includes multiple blockchain nodes, including a first blockchain node. The cloud computing platform deploys the cloud blockchain system in the cloud computing resources it manages, and the cloud computing platform deploys storage services in the cloud computing resources. The system includes: the first blockchain node is used to receive task information and send the task information to the task execution device, which is a server outside the cloud blockchain system. The task execution device is used to perform inference calculation on a first model according to the task information to obtain an inference result of the first model, and the input of the first model includes the task information; the task execution device is used to send the inference result to the trusted execution environment TEE; the TEE is used to verify the inference result to obtain the verified inference result; the first blockchain node is used to obtain the verified inference result from the TEE and store it on the chain; other nodes in the cloud blockchain system are used to re-verify the verified inference result through their respective corresponding TEEs, and store the re-verified inference result on the chain.
结合第三方面,在第三方面的某些实现方式中,该任务执行设备为第一服务器,该第一服务器与该第一区块链节点通信,该第一服务器用于根据该任务信息对第一模型进行推理计算,得到该第一模型的推理结果,该第一服务器,具体用于将该推理结果发送给该TEE进行验证。In combination with the third aspect, in certain implementations of the third aspect, the task execution device is a first server, which communicates with the first blockchain node. The first server is used to perform inference calculations on the first model based on the task information to obtain an inference result of the first model. The first server is specifically used to send the inference result to the TEE for verification.
结合第三方面,在第三方面的某些实现方式中,该任务执行设备为该TEE,该TEE与第一服务器通信,该第一服务器,用于接收该第一区块链节点发送的该任务信息,并将该任务信息发送给该TEE,该TEE用于根据任务信息对第一模型进行推理计算,得到该第一模型的推理结果,并对该推理结果进行验证,得到该验证后的推理结果。In combination with the third aspect, in certain implementations of the third aspect, the task execution device is the TEE, which communicates with the first server, and the first server is used to receive the task information sent by the first blockchain node and send the task information to the TEE. The TEE is used to perform inference calculations on the first model based on the task information to obtain an inference result of the first model, and verify the inference result to obtain the verified inference result.
结合第三方面,在第三方面的某些实现方式中,该任务执行设备为边缘服务器,该第一服务器或该TEE,用于将该任务信息发送给该边缘服务器;该边缘服务器,用于根据任务信息对第一模型进行推理计算,得到该第一模型的推理结果,并将该推理结果发送给该TEE进行验证。In combination with the third aspect, in certain implementations of the third aspect, the task execution device is an edge server, and the first server or the TEE is used to send the task information to the edge server; the edge server is used to perform inference calculations on the first model based on the task information, obtain the inference result of the first model, and send the inference result to the TEE for verification.
结合第三方面,在第三方面的某些实现方式中,该TEE部署在该第一区块链节点上。In combination with the third aspect, in certain implementations of the third aspect, the TEE is deployed on the first blockchain node.
第四方面,提供了一种计算设备,包括处理器和存储器,可选地,还包括输入输出接口。其中该处理器用于控制该输入输出接口收发信息,该存储器用于存储计算机程序,该处理器用于从存储器中调用并运行该计算机程序,使得该执行第一方面或第一方面任意一种可能的实现方式中的方法,或执行第二
方面或第二方面任意一种可能的实现方式中的方法。In a fourth aspect, a computing device is provided, comprising a processor and a memory, and optionally, an input/output interface. The processor is used to control the input/output interface to send and receive information, the memory is used to store a computer program, and the processor is used to call and run the computer program from the memory, so that the method in the first aspect or any possible implementation of the first aspect is executed, or the method in the second aspect is executed. A method in any possible implementation manner of the first aspect or the second aspect.
可选地,该处理器可以是通用处理器,可以通过硬件来实现也可以通过软件来实现。当通过硬件实现时,该处理器可以是逻辑电路、集成电路等;当通过软件来实现时,该处理器可以是一个通用处理器,通过读取存储器中存储的软件代码来实现,该存储器可以集成在处理器中,可以位于该处理器之外,独立存在。Optionally, the processor may be a general-purpose processor, which may be implemented by hardware or software. When implemented by hardware, the processor may be a logic circuit, an integrated circuit, etc.; when implemented by software, the processor may be a general-purpose processor implemented by reading software code stored in a memory, which may be integrated in the processor or located outside the processor and exist independently.
第五方面,提供了一种计算设备集群,包括至少一个计算设备,每个计算设备包括处理器和存储器;该至少一个计算设备的处理器用于执行该至少一个计算设备的存储器中存储的指令,以使得该计算设备集群执行第一方面或第一方面任意一种可能的实现方式中的方法,或执行第二方面或第二方面任意一种可能的实现方式中的方法。In a fifth aspect, a computing device cluster is provided, comprising at least one computing device, each computing device comprising a processor and a memory; the processor of the at least one computing device is used to execute instructions stored in the memory of the at least one computing device, so that the computing device cluster executes the method in the first aspect or any possible implementation of the first aspect, or executes the method in the second aspect or any possible implementation of the second aspect.
第六方面,提供了一种芯片,该芯片获取指令并执行该指令来实现上述第一方面以及第一方面的任意一种实现方式中的方法,或执行第二方面或第二方面任意一种可能的实现方式中的方法。In a sixth aspect, a chip is provided, which obtains instructions and executes the instructions to implement the method in the above-mentioned first aspect and any one of the implementations of the first aspect, or executes the method in the second aspect or any one of the possible implementations of the second aspect.
可选地,作为一种实现方式,该芯片包括处理器与数据接口,该处理器通过该数据接口读取存储器上存储的指令,执行上述第一方面以及第一方面的任意一种实现方式中的方法。Optionally, as an implementation manner, the chip includes a processor and a data interface, and the processor reads instructions stored in the memory through the data interface to execute the method in the above-mentioned first aspect and any implementation manner of the first aspect.
可选地,作为一种实现方式,该芯片还可以包括存储器,该存储器中存储有指令,该处理器用于执行该存储器上存储的指令,当该指令被执行时,该处理器用于执行第一方面以及第一方面中的任意一种实现方式中的方法。Optionally, as an implementation method, the chip may also include a memory, in which instructions are stored, and the processor is used to execute the instructions stored in the memory. When the instructions are executed, the processor is used to execute the method in the first aspect and any one of the implementation methods of the first aspect.
第七方面,提供了一种包含指令的计算机程序产品,当该指令被计算设备运行时,使得该计算设备执行如上述第一方面以及第一方面的任意一种实现方式中的方法,或执行第二方面或第二方面任意一种可能的实现方式中的方法。In the seventh aspect, a computer program product comprising instructions is provided. When the instructions are executed by a computing device, the computing device executes the method in the first aspect and any one of the implementations of the first aspect, or executes the method in the second aspect or any one of the possible implementations of the second aspect.
第八方面,提供了一种包含指令的计算机程序产品,当该指令被计算设备集群运行时,使得该计算设备集群执行执行如上述第一方面以及第一方面的任意一种实现方式中的方法,或执行第二方面或第二方面任意一种可能的实现方式中的方法。In an eighth aspect, a computer program product comprising instructions is provided. When the instructions are executed by a computing device cluster, the computing device cluster executes the method in the first aspect and any one of the implementations of the first aspect, or executes the method in the second aspect or any one of the possible implementations of the second aspect.
第九方面,提供了一种计算机可读存储介质,包括计算机程序指令,当该计算机程序指令由计算设备执行时,该计算设备执行如上述第一方面以及第一方面的任意一种实现方式中的方法,或执行第二方面或第二方面任意一种可能的实现方式中的方法。In the ninth aspect, a computer-readable storage medium is provided, comprising computer program instructions. When the computer program instructions are executed by a computing device, the computing device executes the method in the first aspect and any one of the implementations of the first aspect, or executes the method in the second aspect or any one of the possible implementations of the second aspect.
作为示例,这些计算机可读存储包括但不限于如下的一个或者多个:只读存储器(read-only memory,ROM)、可编程ROM(programmable ROM,PROM)、可擦除的PROM(erasable PROM,EPROM)、Flash存储器、电EPROM(electrically EPROM,EEPROM)以及硬盘驱动器(harddrive)。As examples, these computer-readable storages include, but are not limited to, one or more of the following: read-only memory (ROM), programmable ROM (PROM), erasable PROM (EPROM), Flash memory, electrically EPROM (EEPROM), and hard drive.
可选地,作为一种实现方式,上述存储介质具体可以是非易失性存储介质。Optionally, as an implementation manner, the above-mentioned storage medium may specifically be a non-volatile storage medium.
第十方面,提供了一种计算机可读存储介质,包括计算机程序指令,当该计算机程序指令由计算设备集群执行时,该计算设备集群执行如上述第一方面以及第一方面的任意一种实现方式中的方法,或执行第二方面或第二方面任意一种可能的实现方式中的方法。In the tenth aspect, a computer-readable storage medium is provided, comprising computer program instructions. When the computer program instructions are executed by a computing device cluster, the computing device cluster executes the method in the first aspect and any one of the implementations of the first aspect, or executes the method in the second aspect or any one of the possible implementations of the second aspect.
作为示例,这些计算机可读存储包括但不限于如下的一个或者多个:只读存储器(read-only memory,ROM)、可编程ROM(programmable ROM,PROM)、可擦除的PROM(erasable PROM,EPROM)、Flash存储器、电EPROM(electrically EPROM,EEPROM)以及硬盘驱动器(harddrive)。As examples, these computer-readable storages include, but are not limited to, one or more of the following: read-only memory (ROM), programmable ROM (PROM), erasable PROM (EPROM), Flash memory, electrically EPROM (EEPROM), and hard drive.
可选地,作为一种实现方式,上述存储介质具体可以是非易失性存储介质。Optionally, as an implementation manner, the above-mentioned storage medium may specifically be a non-volatile storage medium.
图1是适用于本申请实施例的一种云场景的示意性框图。FIG1 is a schematic block diagram of a cloud scenario applicable to an embodiment of the present application.
图2是适用于本申请实施例的一种数据处理的方法的示意性流程图。FIG. 2 is a schematic flow chart of a data processing method applicable to an embodiment of the present application.
图3是本申请实施例提供的一种中继服务器执行任务调度的示意性框图。FIG3 is a schematic block diagram of a relay server performing task scheduling provided in an embodiment of the present application.
图4是本申请实施例提供的一种数据处理的装置400的示意性框图。FIG. 4 is a schematic block diagram of a data processing device 400 provided in an embodiment of the present application.
图5是本申请实施例提供的一种计算设备1500的架构示意图。FIG5 is a schematic diagram of the architecture of a computing device 1500 provided in an embodiment of the present application.
图6是本申请实施例提供的一种计算设备集群的架构示意图。FIG. 6 is a schematic diagram of the architecture of a computing device cluster provided in an embodiment of the present application.
图7是本申请实施例提供的计算设备1500A和1500B之间通过网络进行连接的示意图。FIG. 7 is a schematic diagram of a connection between computing devices 1500A and 1500B via a network provided in an embodiment of the present application.
下面将结合附图,对本申请中的技术方案进行描述。
The technical solution in this application will be described below in conjunction with the accompanying drawings.
本申请将围绕包括多个设备、组件、模块等的系统来呈现各个方面、实施例或特征。应当理解和明白的是,各个系统可以包括另外的设备、组件、模块等,并且/或者可以并不包括结合附图讨论的所有设备、组件、模块等。此外,还可以使用这些方案的组合。The present application will present various aspects, embodiments or features around a system including multiple devices, components, modules, etc. It should be understood and appreciated that each system may include additional devices, components, modules, etc., and/or may not include all devices, components, modules, etc. discussed in conjunction with the figures. In addition, combinations of these schemes may also be used.
另外,在本申请实施例中,“示例的”、“例如”等词用于表示作例子、例证或说明。本申请中被描述为“示例”的任何实施例或设计方案不应被解释为比其它实施例或设计方案更优选或更具优势。确切而言,使用示例的一词旨在以具体方式呈现概念。In addition, in the embodiments of the present application, words such as "exemplary" and "for example" are used to indicate examples, illustrations or descriptions. Any embodiment or design described as "exemplary" in the present application should not be interpreted as being more preferred or more advantageous than other embodiments or designs. Specifically, the use of the word "exemplary" is intended to present concepts in a concrete way.
本申请实施例中,“相应的(corresponding,relevant)”和“对应的(corresponding)”有时可以混用,应当指出的是,在不强调其区别时,其所要表达的含义是一致的。In the embodiments of the present application, “corresponding” and “relevant” may sometimes be used interchangeably. It should be noted that when the distinction between them is not emphasized, the meanings they intend to express are consistent.
本申请实施例描述的业务场景是为了更加清楚地说明本申请实施例的技术方案,并不构成对于本申请实施例提供的技术方案的限定,本领域普通技术人员可知,随着网络架构的演变和新业务场景的出现,本申请实施例提供的技术方案对于类似的技术问题,同样适用。The business scenarios described in the embodiments of the present application are intended to more clearly illustrate the technical solutions of the embodiments of the present application, and do not constitute a limitation on the technical solutions provided in the embodiments of the present application. A person of ordinary skill in the art can appreciate that, with the evolution of network architecture and the emergence of new business scenarios, the technical solutions provided in the embodiments of the present application are also applicable to similar technical problems.
在本说明书中描述的参考“一个实施例”或“一些实施例”等意味着在本申请的一个或多个实施例中包括结合该实施例描述的特定特征、结构或特点。由此,在本说明书中的不同之处出现的语句“在一个实施例中”、“在一些实施例中”、“在其他一些实施例中”、“在另外一些实施例中”等不是必然都参考相同的实施例,而是意味着“一个或多个但不是所有的实施例”,除非是以其他方式另外特别强调。术语“包括”、“包含”、“具有”及它们的变形都意味着“包括但不限于”,除非是以其他方式另外特别强调。References to "one embodiment" or "some embodiments" etc. described in this specification mean that a particular feature, structure or characteristic described in conjunction with the embodiment is included in one or more embodiments of the present application. Thus, the phrases "in one embodiment", "in some embodiments", "in some other embodiments", "in some other embodiments", etc. appearing in different places in this specification do not necessarily refer to the same embodiment, but mean "one or more but not all embodiments", unless otherwise specifically emphasized in other ways. The terms "including", "comprising", "having" and their variations all mean "including but not limited to", unless otherwise specifically emphasized in other ways.
本申请中,“至少一个”是指一个或者多个,“多个”是指两个或两个以上。“和/或”,描述关联对象的关联关系,表示可以存在三种关系,例如,A和/或B,可以表示:包括单独存在A,同时存在A和B,以及单独存在B的情况,其中A,B可以是单数或者复数。字符“/”一般表示前后关联对象是一种“或”的关系。“以下至少一项(个)”或其类似表达,是指的这些项中的任意组合,包括单项(个)或复数项(个)的任意组合。例如,a,b,或c中的至少一项(个),可以表示:a,b,c,a-b,a-c,b-c,或a-b-c,其中a,b,c可以是单个,也可以是多个。In the present application, "at least one" means one or more, and "plurality" means two or more. "And/or" describes the association relationship of associated objects, indicating that three relationships may exist. For example, A and/or B can mean: including the existence of A alone, the existence of A and B at the same time, and the existence of B alone, where A and B can be singular or plural. The character "/" generally indicates that the previous and next associated objects are in an "or" relationship. "At least one of the following" or similar expressions refers to any combination of these items, including any combination of single or plural items. For example, at least one of a, b, or c can mean: a, b, c, a-b, a-c, b-c, or a-b-c, where a, b, c can be single or multiple.
为了便于理解,下面先对本申请实施例可能涉及的相关术语和概念进行介绍。To facilitate understanding, relevant terms and concepts that may be involved in the embodiments of the present application are first introduced below.
1、区块链(block chain)1. Blockchain
区块链技术是利用块链式数据结构来验证和存储数据,利用分布式节点共识算法来生成和更新数据,利用密码学的方式保证数据传输和访问的安全,利用由自动化脚本代码组成的智能合约来编程和操作数据的一种去中心化架构与计算范式。区块链是一种比较特殊的分布式数据库,没有中心点,信息存储在所有加入到区块链网络的节点当中。Blockchain technology is a decentralized architecture and computing paradigm that uses block chain data structures to verify and store data, distributed node consensus algorithms to generate and update data, cryptography to ensure the security of data transmission and access, and smart contracts composed of automated script codes to program and operate data. Blockchain is a special distributed database with no central point, and information is stored in all nodes that join the blockchain network.
2、区块链节点2. Blockchain Node
区块链网络中的节点可以称为区块链节点,该节点可以是一台服务器,笔记本电脑,手机等。每个区块链节点上以区块链的形式存储信息,存储在所有加入到区块链网络的节点中的信息是一致且同步的。如果有一两个节点坏了,信息也不会丢失,还可以在其他节点上查看到。The nodes in the blockchain network can be called blockchain nodes, which can be a server, laptop, mobile phone, etc. Each blockchain node stores information in the form of blockchain, and the information stored in all nodes added to the blockchain network is consistent and synchronized. If one or two nodes are broken, the information will not be lost and can still be viewed on other nodes.
3、可信执行环境(trusted execution environment,TEE)3. Trusted execution environment (TEE)
移动设备上部署有系统,该系统包含可信执行环境(trusted execution environment,TEE)。TEE是在该移动设备(例如,智能手机、平板电脑、智能电视等)内一个独立的隔离的安全运行环境。由于TEE提供了一个隔离的环境保存用户的敏感信息(例如,用户的代码和数据),因此,TEE为代码和数据的执行提供了一个更安全的空间,并保证用户的敏感信息(例如,用户的代码和数据)的机密性和安全性。A system is deployed on a mobile device, and the system includes a trusted execution environment (TEE). TEE is an independent, isolated, secure operating environment within the mobile device (e.g., a smartphone, tablet, smart TV, etc.). Since TEE provides an isolated environment to store the user's sensitive information (e.g., the user's code and data), TEE provides a more secure space for the execution of code and data, and ensures the confidentiality and security of the user's sensitive information (e.g., the user's code and data).
可选地,该移动设备可以是台式机、笔记本、手机、平板电脑、智能手表、智能手环等,本申请不做具体限定。Optionally, the mobile device may be a desktop computer, a notebook, a mobile phone, a tablet computer, a smart watch, a smart bracelet, etc., which is not specifically limited in this application.
在TEE上运行的应用叫做可信应用(trusted application,TA),TEE在处理器(例如,中央处理器(central processing unit,CPU))和内存中划分出独立的可信区,并在处理器和内存中隔离不同的TA,防止不同的TA之间互相随意读取和访问数据。在TEE中运行的TA可以访问设备主处理器和内存的全部功能,而硬件隔离保护这些组件不会受到主操作系统中运行的用户安装应用程序的影响。Applications running on TEE are called trusted applications (TA). TEE divides independent trusted zones in the processor (e.g., central processing unit (CPU)) and memory, and isolates different TAs in the processor and memory to prevent different TAs from reading and accessing data from each other at will. TAs running in TEE can access the full functionality of the device's main processor and memory, while hardware isolation protects these components from being affected by user-installed applications running in the main operating system.
4、软件防卫指令集扩展(software guard extension,SGX)4. Software Guard Extension (SGX)
SGX是Intel架构新的扩展,在原有架构上增加了一组新的指令集和内存访问机制,这些扩展允许应用程序实现一个被称为飞地(enclave)的容器。为了防止不同的TA之间互相随意读取和访问数据,可以通过基本输入输出系统(basic input output system,BIOS)在应用程序的地址空间中划分出独立的被保护
的区域,该区域作为enclave使用。enclave内的数据是经过加密的,内核和超级监督者(hypervisor)都无法查看。因此,SGX不仅可以将不同TA的数据在内存中分区隔离,还可以将内存enclave中的数据加密。这样,开发者可以把应用程序划分到enclave中或者内存中可执行的保护区域,即使在受攻击的平台中也能提高安全性。使用这种新的应用层可信执行环境,开发者能够启用身份和记录隐私、安全浏览和数字管理保护(digital management protection,DRM)或者任何需要安全存储机密或者保护数据的高保障安全应用场景中。SGX is a new extension of Intel architecture, which adds a new set of instruction sets and memory access mechanisms to the original architecture. These extensions allow applications to implement a container called an enclave. In order to prevent different TAs from reading and accessing data at will, the basic input output system (BIOS) can be used to divide independent protected enclaves in the address space of the application. The area is used as an enclave. The data in the enclave is encrypted and cannot be viewed by the kernel or the hypervisor. Therefore, SGX can not only isolate the data of different TAs in memory, but also encrypt the data in the memory enclave. In this way, developers can divide applications into enclaves or executable protection areas in memory, which can improve security even in attacked platforms. Using this new application-layer trusted execution environment, developers can enable identity and record privacy, secure browsing and digital management protection (DRM), or any high-security application scenario that requires secure storage of secrets or protection of data.
SGX的实现需要处理器、内存管理部件、BIOS、驱动程序、运行时环境等软硬件协同完成。The implementation of SGX requires the collaboration of hardware and software such as processors, memory management components, BIOS, drivers, and runtime environments.
5、飞地(enclave)5. Enclave
将合法软件的安全操作封装在一个enclave中,保护其不受恶意软件的攻击,特权或者非特权的软件都无法访问enclave。也就是说,一旦软件和数据位于enclave中,即便操作系统或虚拟机管理器程度(virtual machine manager,VMM)也无法影响enclave里面的代码和数据。Encapsulate the security operations of legitimate software in an enclave to protect it from malware attacks, and neither privileged nor non-privileged software can access the enclave. In other words, once the software and data are in the enclave, even the operating system or virtual machine manager (VMM) cannot affect the code and data in the enclave.
6、人工智能6. Artificial Intelligence
人工智能(Artificial Intelligence,AI)是利用数字计算机或者数字计算机控制的机器模拟、延伸和扩展人的智能,感知环境、获取知识并使用知识获得最佳结果的理论、方法、技术及应用系统。换句话说,人工智能是计算机科学的一个分支,它企图了解智能的实质,并生产出一种新的能以人类智能相似的方式作出反应的智能机器。人工智能也就是研究各种智能机器的设计原理与实现方法,使机器具有感知、推理与决策的功能。人工智能领域的研究包括机器人,自然语言处理,计算机视觉,决策与推理,人机交互,推荐与搜索,AI基础理论等。Artificial Intelligence (AI) is the theory, method, technology and application system that uses digital computers or machines controlled by digital computers to simulate, extend and expand human intelligence, perceive the environment, acquire knowledge and use knowledge to obtain the best results. In other words, artificial intelligence is a branch of computer science that attempts to understand the essence of intelligence and produce a new intelligent machine that can respond in a similar way to human intelligence. Artificial intelligence is to study the design principles and implementation methods of various intelligent machines so that machines have the functions of perception, reasoning and decision-making. Research in the field of artificial intelligence includes robotics, natural language processing, computer vision, decision-making and reasoning, human-computer interaction, recommendation and search, basic AI theory, etc.
7、神经网络7. Neural Networks
神经网络(neural networks,NN)是由大量的、简单的处理单元(称为神经元)广泛地互相连接而形成的复杂网络系统。神经网络模型是以神经元的数学模型为基础来描述的,神经网络模型由网络拓扑.节点特点和学习规则来表示。Neural networks (NN) are complex network systems formed by a large number of simple processing units (called neurons) that are widely interconnected. The neural network model is described based on the mathematical model of neurons. The neural network model is represented by network topology, node characteristics and learning rules.
区块链技术诞生以来,经过多年的快速发展,已经广泛应用于金融、供应链、电子政务等各行各业,成为推动信息互联网向价值互联网转变的核心技术,引起了全世界的广泛关注,现如今区块链技术已经成为全球各国关注和研究的重点。Since the birth of blockchain technology, after years of rapid development, it has been widely used in various industries such as finance, supply chain, e-government, etc., becoming the core technology to promote the transformation of information Internet to value Internet, and has attracted widespread attention from all over the world. Today, blockchain technology has become the focus of attention and research in countries around the world.
由于区块链不可篡改和透明开发的特性,基于区块链的人工智能(blockchain-based artificial intelligence,BC-AI)有望进一步推动可信分布式人工智能的训练和推理。例如通过区块链技术来保护神经网络(neural networks,NN)模型的数据不被篡改,因此促进区块链技术与人工智能技术的融合发展成为了新的研究热点。Due to the characteristics of blockchain that it cannot be tampered with and is transparent to development, blockchain-based artificial intelligence (BC-AI) is expected to further promote the training and reasoning of trusted distributed artificial intelligence. For example, blockchain technology can be used to protect the data of neural networks (NN) models from being tampered with. Therefore, promoting the integration and development of blockchain technology and artificial intelligence technology has become a new research hotspot.
但是由于现有的主流智能合约缺乏复杂计算的能力,使得区块链节点无法处理复杂任务,导致神经网络模型(例如,深度神经网络(deepNN,DNN)模型)推理目前还不能通过智能合约在区块链网络中直接执行,限制了基于区块链的人工智能的应用范围和进一步发展。However, the existing mainstream smart contracts lack the ability to perform complex calculations, which makes it impossible for blockchain nodes to handle complex tasks. As a result, neural network model reasoning (for example, deep neural network (DNN) model) cannot be directly executed in the blockchain network through smart contracts, which limits the application scope and further development of blockchain-based artificial intelligence.
相关的技术方案中,由于区块链节点无法处理复杂任务,从而将模型推理的过程从区块链网络卸载到附近的边缘服务器,以请求使用其强大的硬件执行模型推理的计算过程。该技术不能保证链下计算的安全可信性,链下进行模型推理的外部平台不受信任,返回的推理结果可信性不能保证。In related technical solutions, since blockchain nodes cannot handle complex tasks, the model reasoning process is offloaded from the blockchain network to nearby edge servers to request the use of their powerful hardware to perform the model reasoning calculation process. This technology cannot guarantee the security and credibility of off-chain computing, the external platform for off-chain model reasoning is not trusted, and the credibility of the returned reasoning results cannot be guaranteed.
有鉴于此,本申请实施例提供了一种数据处理方法,可以通过TEE对区块链网络外部的服务器进行的模型推理的结果进行验证,并通过区块链节点对验证后的结果进行上链存储,这样,可以实现通过区块链技术保护人工智能的推理数据不被篡改,促进区块链技术与人工智能技术的融合发展。In view of this, an embodiment of the present application provides a data processing method, which can verify the results of model reasoning performed on a server outside the blockchain network through TEE, and store the verified results on the chain through the blockchain node. In this way, it is possible to protect the reasoning data of artificial intelligence from being tampered with through blockchain technology, thereby promoting the integrated development of blockchain technology and artificial intelligence technology.
一种可能的实现方式中,本申请实施例提供的方法可以应用到云服务的场景中,由云服务场景中的云管理平台执行该方法。为了便于描述,下面先结合图1,对云服务的场景进行详细描述。In a possible implementation, the method provided in the embodiment of the present application can be applied to a cloud service scenario, and the method is executed by a cloud management platform in the cloud service scenario. For ease of description, the cloud service scenario is described in detail below in conjunction with FIG.
图1是适用于本申请实施例的一种云场景的示意性框图。如图1所示,该云场景中可以包括:云管理平台110、互联网120以及客户端130。Fig. 1 is a schematic block diagram of a cloud scenario applicable to an embodiment of the present application. As shown in Fig. 1 , the cloud scenario may include: a cloud management platform 110 , the Internet 120 , and a client 130 .
如图1所示,云管理平台110用于管理提供多个云服务的基础设施。基础设施包括多个云数据中心,每个云数据中心中包括多个服务器,每个服务器中分别包括云服务资源,为租户提供相应的云服务。As shown in Fig. 1, the cloud management platform 110 is used to manage the infrastructure that provides multiple cloud services. The infrastructure includes multiple cloud data centers, each of which includes multiple servers, each of which includes cloud service resources to provide corresponding cloud services to tenants.
云管理平台110可以位于云数据中心,其可以提供访问接口(如界面或应用程序界面(application program interface,API))。租户可操作客户端130远程接入访问接口在云管理平台110注册云账号和密码,并登录云管理平台110。云管理平台110对云账号和密码鉴权成功后,租户可进一步在云管理平台110付费选择并购买特定规格(处理器、内存、磁盘)的虚拟机。付费购买成功后,云管理平台110提供
所购买的虚拟机的远程登录账号密码,客户端130可远程登录该虚拟机,在该虚拟机中安装并运行租户的应用。因此,租户可通过云管理平台110在云数据中心中创建、管理、登录和操作虚拟机。其中,虚拟机也可称为云服务器(elastic compute service,ECS)、弹性实例(不同的云服务提供商有不同的叫法)。The cloud management platform 110 may be located in a cloud data center and may provide an access interface (such as an interface or an application program interface (API)). The tenant may operate the client 130 to remotely access the access interface to register a cloud account and password on the cloud management platform 110 and log in to the cloud management platform 110. After the cloud management platform 110 successfully authenticates the cloud account and password, the tenant may further pay to select and purchase a virtual machine with specific specifications (processor, memory, disk) on the cloud management platform 110. After the payment is successful, the cloud management platform 110 provides The client 130 can remotely log in to the virtual machine and install and run the tenant's application in the virtual machine. Therefore, the tenant can create, manage, log in and operate the virtual machine in the cloud data center through the cloud management platform 110. The virtual machine can also be called a cloud server (elastic compute service, ECS) or an elastic instance (different cloud service providers have different names).
应理解,云服务的租户可以是个人、企业、学校、医院、行政机关等。It should be understood that tenants of cloud services can be individuals, enterprises, schools, hospitals, administrative agencies, etc.
云管理平台110的功能包括但不限于用户控制台、计算管理服务、网络管理服务、存储管理服务、鉴权服务、镜像管理服务。用户控制台提供界面或API与租户交互,计算管理服务用于管理运行虚拟机和容器的服务器以及裸金属服务器,网络管理服务用于管理网络服务(如网关、防火墙等),存储管理服务用于管理存储服务(如数据桶服务),鉴权服务用于管理租户的账号密码,镜像管理服务用于管理虚拟机镜像。租户使用客户端130,通过互联网120可以登录云管理平台110,对租用的云服务进行管理。The functions of the cloud management platform 110 include, but are not limited to, user console, computing management service, network management service, storage management service, authentication service, and image management service. The user console provides an interface or API to interact with tenants, the computing management service is used to manage servers running virtual machines and containers and bare metal servers, the network management service is used to manage network services (such as gateways, firewalls, etc.), the storage management service is used to manage storage services (such as data bucket services), the authentication service is used to manage tenant accounts and passwords, and the image management service is used to manage virtual machine images. Tenants can use the client 130 to log in to the cloud management platform 110 through the Internet 120 to manage the rented cloud services.
图2是本申请实施例提供的一种数据处理的方法的示意性流程图。如图2所示,该方法可以包括步骤210-260,下面分别对步骤210-260进行详细描述。Fig. 2 is a schematic flow chart of a data processing method provided in an embodiment of the present application. As shown in Fig. 2, the method may include steps 210-260, and steps 210-260 are described in detail below.
步骤210:区块链网络接收用户提交的任务信息。Step 210: The blockchain network receives the task information submitted by the user.
作为示例,区块链网络中可以包括多个区块链节点,该区块链网络可以接收用户提交的任务信息。具体的,可以是该区块链网络中的一个区块链节点(例如,第一区块链节点)接收用户提交的任务信息。一种可能的实现的方式中,该任务参数例如可以是模型(例如,第一神经网络模型)的输入信息。As an example, a blockchain network may include multiple blockchain nodes, and the blockchain network may receive task information submitted by a user. Specifically, a blockchain node (e.g., a first blockchain node) in the blockchain network may receive task information submitted by a user. In a possible implementation, the task parameter may be, for example, input information of a model (e.g., a first neural network model).
本申请实施例对区块链网络(或者也可以称为区块链平台)不做具体的限定,可以包括但不限于:公共区块链网络、私有区块链网络、联盟链等。The embodiments of the present application do not specifically limit the blockchain network (or blockchain platform), which may include but is not limited to: a public blockchain network, a private blockchain network, a consortium chain, etc.
步骤220:区块链网络和外部服务器建立可信连接,向该外部服务器发送任务信息。Step 220: The blockchain network establishes a trusted connection with the external server and sends task information to the external server.
作为示例,区块链网络可以和外部服务器建立可信连接,该外部服务器可以是区块链网络之外的单独的物理服务器。区块链网络和外部服务器建立可信连接后,可以将该区块链网络将从用户接收到的任务信息发送给该外部服务器进行处理。具体的,可以由区块链网络中接收到任务信息的区块链节点(例如,第一区块链节点)和外部服务器建立可信连接,并由该第一区块链节点将任务信息发送给外部服务器进行处理。As an example, a blockchain network can establish a trusted connection with an external server, which can be a separate physical server outside the blockchain network. After the blockchain network and the external server establish a trusted connection, the blockchain network can send the task information received from the user to the external server for processing. Specifically, a blockchain node (e.g., a first blockchain node) that receives the task information in the blockchain network can establish a trusted connection with the external server, and the first blockchain node can send the task information to the external server for processing.
本申请实施例对区块链网络和外部服务器之间的通信方式和通信协议不做具体限定。一种可能的实现方式中,区块链网络和外部服务器之间的通信使用谷歌远程过程调用(google remote procedure call,gRPC)协议,区块链网络中的第一区块链节点通过该gRPC协议将任务信息发送给外部服务器。The embodiments of the present application do not specifically limit the communication method and communication protocol between the blockchain network and the external server. In one possible implementation, the communication between the blockchain network and the external server uses the Google Remote Procedure Call (gRPC) protocol, and the first blockchain node in the blockchain network sends the task information to the external server through the gRPC protocol.
举例说明,以区块链网络为联盟链,外部服务器为中继服务器为例,第一区块链节点中编写外包任务的联盟链链码作为客户端,中继服务器作为服务端,通过gRPC协议实现任务信息的传输。例如,该任务信息包括任务参数,用户提交任务参数后,第一区块链节点的链码客户端与中继服务器建立gRPC连接,将任务参数序列化后发送给中继服务器。第一区块链节点的链码客户端收到中继服务器的应答消息后结束gRPC交互,并将任务信息上链存储。For example, taking the blockchain network as a consortium chain and the external server as a relay server, the consortium chain code that writes the outsourced task in the first blockchain node acts as the client, and the relay server acts as the server, and the task information is transmitted through the gRPC protocol. For example, the task information includes task parameters. After the user submits the task parameters, the chain code client of the first blockchain node establishes a gRPC connection with the relay server, and serializes the task parameters and sends them to the relay server. After receiving the response message from the relay server, the chain code client of the first blockchain node ends the gRPC interaction and stores the task information on the chain.
步骤230:外部服务器根据任务信息进行推理计算,得到推理计算的结果。Step 230: The external server performs inference calculation according to the task information to obtain the result of the inference calculation.
本申请实施例中,外部服务器在接收到区块链网络发送的任务信息后,可以根据该任务信息进行推理计算。例如,可以将该任务信息作为模型(例如,第一神经网络模型)的入参,并进行模型的推理计算。In the embodiment of the present application, after receiving the task information sent by the blockchain network, the external server can perform inference calculation based on the task information. For example, the task information can be used as an input parameter of a model (e.g., a first neural network model) and perform inference calculation of the model.
为了便于描述,下面以外部服务器为中继服务器作为示例进行说明。For ease of description, an external server is used as a relay server as an example for explanation below.
作为示例,中继服务器接收到区块链网络发送的序列化后的任务参数后,可以对序列化后的任务参数进行反序列化,还原任务参数,并根据该任务参数进行模型(例如,第一神经网络模型)的推理计算。As an example, after the relay server receives the serialized task parameters sent by the blockchain network, it can deserialize the serialized task parameters, restore the task parameters, and perform inference calculations on a model (e.g., a first neural network model) based on the task parameters.
一种可能的实现方式中,中继服务器具有一定的计算能力,该中继服务器自己可以完成模型(例如,第一神经网络模型)的推理计算。作为示例,该中继服务器对任务进行调度,分发至任务执行设备worker中进行模型(例如,第一神经网络模型)的推理计算。举例说明,如图3所示,中继服务器添加Celery分布式异步任务框架来进行任务调度。中继服务器接收到链码提交的请求后,对数据反序列化还原任务参数,然后封装任务请求放入Celery的消息中间件(message broker)异步队列,任务执行设备worker从broker队列中拿取任务去执行模型(例如,第一神经网络模型)的推理计算。这里的worker可以理解为进程。In one possible implementation, the relay server has a certain computing power, and the relay server can complete the inference calculation of the model (for example, the first neural network model) by itself. As an example, the relay server schedules the task and distributes it to the task execution device worker to perform the inference calculation of the model (for example, the first neural network model). For example, as shown in Figure 3, the relay server adds the Celery distributed asynchronous task framework to perform task scheduling. After the relay server receives the request submitted by the chain code, it deserializes the data to restore the task parameters, and then encapsulates the task request and puts it into the Celery message middleware (message broker) asynchronous queue. The task execution device worker takes the task from the broker queue to perform the inference calculation of the model (for example, the first neural network model). The worker here can be understood as a process.
另一种可能的实现方式中,中继服务器的计算能力不足以支撑深度神经网络模型完整推理,中继服务器可以将任务外包或委托至其他服务器进行处理。一个示例,中继服务器可以和边缘服务器建立连接,将该第一神经网络模型中耗时最多的线性层的执行委托至处理速度较快的边缘服务器进行推理运算,并
同时监听任务的完成状态。In another possible implementation, if the computing power of the relay server is insufficient to support the complete reasoning of the deep neural network model, the relay server can outsource or delegate the task to other servers for processing. In one example, the relay server can establish a connection with the edge server and delegate the execution of the most time-consuming linear layer in the first neural network model to the edge server with faster processing speed for reasoning calculation, and At the same time, monitor the completion status of the task.
另一种可能的实现方式中,中继服务器还可以将任务发送至TEE中执行。作为示例,如图3所示,任务执行设备worker从broker队列中拿取任务并放入可信执行环境(trusted execution environment,TEE)中执行,例如,将任务划分到TEE的Intel SGX中的enclave(飞地)中去执行,中继服务器同时监听任务的完成状态。In another possible implementation, the relay server can also send the task to the TEE for execution. As an example, as shown in Figure 3, the task execution device worker takes the task from the broker queue and puts it into the trusted execution environment (TEE) for execution, for example, the task is divided into the enclave in the Intel SGX of the TEE for execution, and the relay server monitors the completion status of the task at the same time.
应理解,由于TEE提供了一个隔离的环境保存用户的敏感信息(例如,用户的代码和数据),因此,TEE为代码和数据的执行提供了一个更安全的空间,并保证用户的敏感信息(例如,用户的代码和数据)的机密性和安全性。It should be understood that since TEE provides an isolated environment to store the user's sensitive information (e.g., the user's code and data), TEE provides a more secure space for the execution of code and data and ensures the confidentiality and security of the user's sensitive information (e.g., the user's code and data).
另一种可能的实现方式中,为了解决TEE内存太小无法完成模型的复杂计算的过程,如图3所示,TEE还可以将任务外包或委托至其他服务器进行处理。一个示例,TEE中的Inter SGX可以保护选定的代码和数据不被泄露和修改,但是为了解决其内存很小,不足以支撑深度神经网络模型完整推理的问题,Intel SGX中的enclave(飞地)通过基于矩阵乘法的外包方案将第一神经网络模型中耗时最多的线性层的执行委托至处理速度较快的边缘服务器进行推理运算,并同时监听任务的完成状态。In another possible implementation, in order to solve the problem that the TEE memory is too small to complete the complex calculation of the model, as shown in Figure 3, the TEE can also outsource or delegate the task to other servers for processing. As an example, Intel SGX in TEE can protect selected code and data from being leaked and modified, but in order to solve the problem that its memory is small and insufficient to support the complete reasoning of the deep neural network model, the enclave in Intel SGX delegates the execution of the most time-consuming linear layer in the first neural network model to the edge server with faster processing speed for reasoning calculation through an outsourcing solution based on matrix multiplication, and monitors the completion status of the task at the same time.
步骤240:任务的完成者将推理计算的结果发送给TEE进行验证。Step 240: The person who completes the task sends the result of the inference calculation to the TEE for verification.
本申请实施例中,任务完成者将推理计算的结果发送给TEE进行验证的实现方式有多种,下面结合步骤240,对几种可能的实现方式进行详细描述。In the embodiment of the present application, there are multiple ways for the task completer to send the result of the reasoning calculation to the TEE for verification. The following is a detailed description of several possible implementation methods in conjunction with step 240.
一种可能的实现方式中,任务的完成者为中继服务器,该中继服务器可以直接将推理计算的结果发送给TEE进行验证。In one possible implementation, the task is completed by a relay server, which can directly send the result of the inference calculation to the TEE for verification.
另一种可能的实现方式中,任务的完成者为边缘服务器,该边缘服务器可以直接将推理计算的结果发送给TEE进行验证,或者该边缘服务器也可以将推理计算的结果发送给中继服务器,并由中继服务器将推理计算的结果转发给TEE进行验证,本申请对此不做具体限定。In another possible implementation, the task is completed by an edge server, which can directly send the result of the inference calculation to the TEE for verification, or the edge server can also send the result of the inference calculation to a relay server, and the relay server forwards the result of the inference calculation to the TEE for verification. This application does not make specific limitations on this.
上述TEE的部署形式有多种,本申请实施例对此不做具体限定。一个示例,TEE部署在该区块链网络中,例如,每个区块链节点上分别部署有TEE。另一个示例,TEE部署在除区块链网络和中继服务器之外的单独的服务器上。There are many deployment forms of the above TEE, which are not specifically limited in the embodiments of the present application. In one example, TEE is deployed in the blockchain network, for example, TEE is deployed on each blockchain node. In another example, TEE is deployed on a separate server other than the blockchain network and the relay server.
步骤250:TEE对推理计算的结果进行验证。Step 250: TEE verifies the result of the inference calculation.
一种可能的实现方式中,TEE可以根据模型推理得到真实的结果,并将该真实的结果和其获取到的结果进行对比,确定其获得的推理的结果是否可信。如果TEE推理得到真实的结果和其获取到的结果一致,可以理解为其获得的推理的结果是可信的,TEE可以对其获取到的结果进行签名。In one possible implementation, TEE can obtain the real result based on the model reasoning, and compare the real result with the result it obtains to determine whether the reasoning result it obtains is credible. If the real result obtained by TEE reasoning is consistent with the result it obtains, it can be understood that the reasoning result it obtains is credible, and TEE can sign the result it obtains.
步骤260:区块链网络对TEE验证后的推理结果进行上链。Step 260: The blockchain network uploads the inference results after TEE verification to the chain.
本申请实施例中,第一区块链节点可以获得经过TEE验证的推理的结果,例如,带有TEE签名的推理的结果。具体的实现方式有多种,本申请实施例对此不做具体限定。一个示例,TEE部署在第一区块链节点上,该第一区块链节点可以直接从TEE中获取带有TEE签名的推理的结果。另一个示例,TEE部署在部署在区块链网络和中继服务器之外的其他服务器上,该第一区块链节点可以通过和该其他服务器之间的通信,从该其他服务器上部署的TEE中获取带有TEE签名的推理的结果。In an embodiment of the present application, the first blockchain node can obtain the result of reasoning verified by TEE, for example, the result of reasoning with TEE signature. There are many specific implementation methods, and the embodiment of the present application does not specifically limit this. In one example, TEE is deployed on the first blockchain node, and the first blockchain node can directly obtain the result of reasoning with TEE signature from TEE. In another example, TEE is deployed on other servers outside the blockchain network and relay server, and the first blockchain node can obtain the result of reasoning with TEE signature from the TEE deployed on the other server through communication with the other server.
本申请实施例中,第一区块链节点获得TEE验证后的推理的结果,将该结果进行上链存储。区块链网络中的其他节点可以接收到第一区块链节点发送的TEE验证后的推理的结果后,发送各自对应的TEE再次进行验证,并将验证后的推理的结果进行上链存储。一个示例,区块链网络中的其他节点各自对应的TEE部署在各自的节点上,区块链网络中的其他节点分别通过各自的节点部署的TEE进行推理结果的验证。另一个示例,区块链网络中的其他节点各自对应的TEE部署在其他服务器上,该其他节点可以分别将推理的结果发送给该其他服务器上部署的TEE进行推理结果的验证,并通过和其他服务器之间的通信,获得带有TEE签名的推理的结果。In an embodiment of the present application, the first blockchain node obtains the result of the reasoning after TEE verification, and stores the result on the chain. After receiving the result of the reasoning after TEE verification sent by the first blockchain node, other nodes in the blockchain network can send their corresponding TEEs for verification again, and store the verified reasoning results on the chain. In one example, the TEEs corresponding to the other nodes in the blockchain network are deployed on their respective nodes, and the other nodes in the blockchain network verify the reasoning results through the TEEs deployed on their respective nodes. In another example, the TEEs corresponding to the other nodes in the blockchain network are deployed on other servers. The other nodes can send the reasoning results to the TEEs deployed on the other servers to verify the reasoning results, and obtain the reasoning results with TEE signatures through communication with other servers.
上述技术方案中,可以通过TEE对区块链网络外部的服务器进行的模型推理的结果进行验证,并通过区块链节点对验证后的结果进行上链存储,这样,可以实现通过区块链技术保护人工智能的推理数据不被篡改,促进区块链技术与人工智能技术的融合发展。In the above technical solution, the results of model inference performed on servers outside the blockchain network can be verified through TEE, and the verified results can be stored on the chain through blockchain nodes. In this way, blockchain technology can be used to protect the reasoning data of artificial intelligence from being tampered with, thereby promoting the integrated development of blockchain technology and artificial intelligence technology.
上文结合图1至图3,详细描述了本申请实施例提供的方法,下面将结合图4-图7,详细描述本申请装置的实施例。应理解,方法实施例的描述与装置实施例的描述相互对应,因此,未详细描述的部分可以参见前面方法实施例。The above describes in detail the method provided by the embodiment of the present application in conjunction with Figures 1 to 3, and the following describes in detail the embodiment of the device of the present application in conjunction with Figures 4 to 7. It should be understood that the description of the method embodiment corresponds to the description of the device embodiment, so the part not described in detail can refer to the previous method embodiment.
图4是本申请实施例提供的一种数据识别的装置400的示意性框图。该装置400可以通过软件、硬件
或者两者的结合实现。本申请实施例提供的装置400可以实现本申请实施例图2所示的方法流程,该装置400包括:FIG4 is a schematic block diagram of a data identification device 400 provided in an embodiment of the present application. The device 400 can be implemented by software, hardware, The device 400 provided in the embodiment of the present application can implement the method flow shown in FIG. 2 of the embodiment of the present application, and the device 400 includes:
接收模块410,用于第一区块链节点接收任务信息,该第一区块链节点为该区块链系统中的一个节点;A receiving module 410, configured for a first blockchain node to receive task information, where the first blockchain node is a node in the blockchain system;
发送模块420,用于该第一区块链节点将该任务信息发送给任务执行设备,该任务执行设备为该区块链系统外的服务器,该任务执行设备用于根据该任务信息对第一模型进行推理计算,得到该第一模型的推理结果,该第一模型的输入包括该任务信息;A sending module 420 is used for the first blockchain node to send the task information to a task execution device, where the task execution device is a server outside the blockchain system. The task execution device is used to perform inference calculation on the first model according to the task information to obtain an inference result of the first model, and the input of the first model includes the task information;
该发送模块420,还用于该任务执行设备将该推理结果发送给可信执行环境TEE;The sending module 420 is also used for the task execution device to send the reasoning result to the trusted execution environment TEE;
验证模块430,用于该TEE对该推理结果进行验证,得到验证后的推理结果;A verification module 430, used for the TEE to verify the reasoning result and obtain a verified reasoning result;
存储模块440,用于该第一区块链节点从该TEE获得该验证后的推理结果,并上链存储;A storage module 440 is used for the first blockchain node to obtain the verified reasoning result from the TEE and store it on the chain;
存储模块440,还用于该云区块链系统中的其他节点通过各自对应的TEE对该验证后的推理结果进行再次验证,并将再次验证后的推理结果上链存储。The storage module 440 is also used for other nodes in the cloud blockchain system to re-verify the verified reasoning results through their respective corresponding TEEs, and store the re-verified reasoning results on the chain.
可选地,该任务执行设备为第一服务器,该第一服务器与该第一区块链节点通信,该第一服务器用于根据该任务信息对第一模型进行推理计算,得到该第一模型的推理结果,验证模块430具体用于第一服务器将该推理结果发送给该TEE进行验证。Optionally, the task execution device is a first server, which communicates with the first blockchain node. The first server is used to perform inference calculations on the first model according to the task information to obtain an inference result of the first model. The verification module 430 is specifically used for the first server to send the inference result to the TEE for verification.
可选地,该任务执行设备为该TEE,该TEE与第一服务器通信,接收模块410,具体用于该第一服务器接收该第一区块链节点发送的该任务信息;发送模块420,具体用于该第一服务器将该任务信息发送给该TEE,该TEE用于根据任务信息对第一模型进行推理计算,得到该第一模型的推理结果,并对该推理结果进行验证,得到该验证后的推理结果。Optionally, the task execution device is the TEE, which communicates with the first server, and the receiving module 410 is specifically used for the first server to receive the task information sent by the first blockchain node; the sending module 420 is specifically used for the first server to send the task information to the TEE, and the TEE is used to perform inference calculation on the first model according to the task information to obtain the inference result of the first model, and verify the inference result to obtain the verified inference result.
可选地,该任务执行设备为边缘服务器,该发送模块420,具体用于该第一服务器或该TEE将该任务信息发送给该边缘服务器,由该边缘服务器根据任务信息对第一模型进行推理计算,得到该第一模型的推理结果;该发送模块420,具体用于该边缘服务器将该推理结果发送给该TEE进行验证。Optionally, the task execution device is an edge server, and the sending module 420 is specifically used for the first server or the TEE to send the task information to the edge server, and the edge server performs inference calculations on the first model based on the task information to obtain the inference result of the first model; the sending module 420 is specifically used for the edge server to send the inference result to the TEE for verification.
可选地,该TEE部署在该第一区块链节点上。Optionally, the TEE is deployed on the first blockchain node.
这里的装置400可以以功能模块的形式体现。这里的术语“模块”可以通过软件和/或硬件形式实现,对此不作具体限定。The device 400 here can be embodied in the form of a functional module. The term "module" here can be implemented in the form of software and/or hardware, and is not specifically limited to this.
例如,“模块”可以是实现上述功能的软件程序、硬件电路或二者结合。示例性的,接下来以接收模块410为例,介绍接收模块410的实现方式。类似的,其他模块,例如发送模块420、验证模块430、存储模块440的实现方式可以参考接收模块410的实现方式。For example, a "module" can be a software program, a hardware circuit, or a combination of the two that implements the above functions. Exemplarily, the implementation of the receiving module 410 is described below by taking the receiving module 410 as an example. Similarly, the implementation of other modules, such as the sending module 420, the verification module 430, and the storage module 440, can refer to the implementation of the receiving module 410.
接收模块410作为软件功能单元的一种举例,接收模块410可以包括运行在计算实例上的代码。其中,计算实例可以包括物理主机(计算设备)、虚拟机、容器中的至少一种。进一步地,上述计算实例可以是一台或者多台。例如,接收模块410可以包括运行在多个主机/虚拟机/容器上的代码。需要说明的是,用于运行该代码的多个主机/虚拟机/容器可以分布在相同的区域(region)中,也可以分布在不同的region中。进一步地,用于运行该代码的多个主机/虚拟机/容器可以分布在相同的可用区(availability zone,AZ)中,也可以分布在不同的AZ中,每个AZ包括一个数据中心或多个地理位置相近的数据中心。其中,通常一个region可以包括多个AZ。The receiving module 410 is taken as an example of a software functional unit, and the receiving module 410 may include code running on a computing instance. Among them, the computing instance may include at least one of a physical host (computing device), a virtual machine, and a container. Further, the above-mentioned computing instance may be one or more. For example, the receiving module 410 may include code running on multiple hosts/virtual machines/containers. It should be noted that the multiple hosts/virtual machines/containers used to run the code may be distributed in the same region (region) or in different regions. Furthermore, the multiple hosts/virtual machines/containers used to run the code may be distributed in the same availability zone (AZ) or in different AZs, each AZ including one data center or multiple data centers with close geographical locations. Among them, usually a region may include multiple AZs.
同样,用于运行该代码的多个主机/虚拟机/容器可以分布在同一个虚拟私有云(virtual private cloud,VPC)中,也可以分布在多个VPC中。其中,通常一个VPC设置在一个region内,同一region内两个VPC之间,以及不同region的VPC之间跨区通信需在每个VPC内设置通信网关,经通信网关实现VPC之间的互连。Similarly, multiple hosts/virtual machines/containers used to run the code can be distributed in the same virtual private cloud (VPC) or in multiple VPCs. Usually, a VPC is set up in a region. For cross-region communication between two VPCs in the same region and between VPCs in different regions, a communication gateway needs to be set up in each VPC to achieve interconnection between VPCs through the communication gateway.
接收模块410作为硬件功能单元的一种举例,接收模块410可以包括至少一个计算设备,如服务器等。或者,接收模块410也可以是利用专用集成电路(application-specific integrated circuit,ASIC)实现、或可编程逻辑器件(programmable logic device,PLD)实现的设备等。其中,上述PLD可以是复杂程序逻辑器件(complex programmable logical device,CPLD)、现场可编程门阵列(field-programmable gate array,FPGA)、通用阵列逻辑(generic array logic,GAL)或其任意组合实现。The receiving module 410 is taken as an example of a hardware functional unit, and the receiving module 410 may include at least one computing device, such as a server, etc. Alternatively, the receiving module 410 may also be a device implemented by an application-specific integrated circuit (ASIC) or a programmable logic device (PLD). The PLD may be a complex programmable logical device (CPLD), a field-programmable gate array (FPGA), a generic array logic (GAL), or any combination thereof.
接收模块410包括的多个计算设备可以分布在相同的region中,也可以分布在不同的region中。接收模块410包括的多个计算设备可以分布在相同的AZ中,也可以分布在不同的AZ中。同样,接收模块410包括的多个计算设备可以分布在同一个VPC中,也可以分布在多个VPC中。其中,该多个计算设备可以是服务器、ASIC、PLD、CPLD、FPGA和GAL等计算设备的任意组合。The multiple computing devices included in the receiving module 410 can be distributed in the same region or in different regions. The multiple computing devices included in the receiving module 410 can be distributed in the same AZ or in different AZs. Similarly, the multiple computing devices included in the receiving module 410 can be distributed in the same VPC or in multiple VPCs. The multiple computing devices can be any combination of computing devices such as servers, ASICs, PLDs, CPLDs, FPGAs, and GALs.
因此,在本申请的实施例中描述的各示例的模块,能够以电子硬件、或者计算机软件和电子硬件的
结合来实现。这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本申请的范围。Therefore, the modules of each example described in the embodiments of the present application can be implemented in electronic hardware, or in a combination of computer software and electronic hardware. Whether these functions are performed in hardware or software depends on the specific application and design constraints of the technical solution. Professional and technical personnel can use different methods to implement the described functions for each specific application, but such implementation should not be considered beyond the scope of this application.
需要说明的是:上述实施例提供的装置在执行上述方法时,仅以上述各功能模块的划分进行举例说明,实际应用中,可以根据需要而将上述功能分配由不同的功能模块完成,即将装置的内部结构划分成不同的功能模块,以完成以上描述的全部或者部分功能。例如,接收模块410可以用于执行上述方法中的任意步骤,发送模块420可以用于执行上述方法中的任意步骤,验证模块430可以用于执行上述方法中的任意步骤,存储模块440可以用于执行上述方法中的任意步骤。接收模块410、发送模块420、验证模块430、存储模块440负责实现的步骤可根据需要指定,通过接收模块410、发送模块420、验证模块430、存储模块440分别实现上述方法中不同的步骤来实现上述装置的全部功能。It should be noted that: when the device provided in the above embodiment executes the above method, only the division of the above functional modules is used as an example. In actual application, the above function allocation can be completed by different functional modules as needed, that is, the internal structure of the device is divided into different functional modules to complete all or part of the functions described above. For example, the receiving module 410 can be used to execute any step in the above method, the sending module 420 can be used to execute any step in the above method, the verification module 430 can be used to execute any step in the above method, and the storage module 440 can be used to execute any step in the above method. The steps that the receiving module 410, the sending module 420, the verification module 430, and the storage module 440 are responsible for implementing can be specified as needed, and the receiving module 410, the sending module 420, the verification module 430, and the storage module 440 respectively implement different steps in the above method to realize all the functions of the above device.
另外,上述实施例提供的装置与方法实施例属于同一构思,其具体实现过程详见上文中的方法实施例,这里不再赘述。In addition, the device and method embodiments provided in the above embodiments belong to the same concept, and their specific implementation processes are detailed in the method embodiments above, which will not be repeated here.
本申请实施例提供的方法可以由计算设备执行,该计算设备也可以被称为计算机系统。包括硬件层、运行在硬件层之上的操作系统层,以及运行在操作系统层上的应用层。该硬件层包括处理单元、内存和内存控制单元等硬件,随后对该硬件的功能和结构进行详细说明。该操作系统是任意一种或多种通过进程(process)实现业务处理的计算机操作系统,例如,Linux操作系统、Unix操作系统、Android操作系统、iOS操作系统或windows操作系统等。该应用层包含浏览器、通讯录、文字处理软件、即时通信软件等应用程序。并且,可选地,该计算机系统是智能手机等手持设备,或个人计算机等终端设备,本申请并未特别限定,只要能够通过本申请实施例提供的方法即可。本申请实施例提供的方法的执行主体可以是计算设备,或者,是计算设备中能够调用程序并执行程序的功能模块。The method provided in the embodiment of the present application can be performed by a computing device, which can also be referred to as a computer system. It includes a hardware layer, an operating system layer running on the hardware layer, and an application layer running on the operating system layer. The hardware layer includes hardware such as a processing unit, a memory and a memory control unit, and then the function and structure of the hardware are described in detail. The operating system is any one or more computer operating systems that implement business processing through a process, for example, a Linux operating system, a Unix operating system, an Android operating system, an iOS operating system, or a windows operating system. The application layer includes applications such as a browser, an address book, a word processing software, and an instant messaging software. In addition, optionally, the computer system is a handheld device such as a smart phone, or a terminal device such as a personal computer, which is not particularly limited in this application, as long as it can be provided by the method provided in the embodiment of the present application. The execution subject of the method provided in the embodiment of the present application can be a computing device, or a functional module in a computing device that can call a program and execute a program.
下面结合图5,对本申请实施例提供的一种计算设备进行详细描述。A computing device provided in an embodiment of the present application is described in detail below in conjunction with FIG. 5 .
图5是本申请实施例提供的一种计算设备1500的架构示意图。该计算设备1500可以是服务器或者计算机或者其他具有计算能力的设备。图5所示的计算设备1500包括:至少一个处理器1510和存储器1520。FIG5 is a schematic diagram of the architecture of a computing device 1500 provided in an embodiment of the present application. The computing device 1500 may be a server or a computer or other device with computing capabilities. The computing device 1500 shown in FIG5 includes: at least one processor 1510 and a memory 1520.
应理解,本申请不限定计算设备1500中的处理器、存储器的个数。It should be understood that the present application does not limit the number of processors and memories in the computing device 1500 .
处理器1510执行存储器1520中的指令,使得计算设备1500实现本申请提供的方法。或者,处理器1510执行存储器1520中的指令,使得计算设备1500实现本申请提供的各功能模块,从而实现本申请提供的方法。The processor 1510 executes the instructions in the memory 1520, so that the computing device 1500 implements the method provided by the present application. Alternatively, the processor 1510 executes the instructions in the memory 1520, so that the computing device 1500 implements the functional modules provided by the present application, thereby implementing the method provided by the present application.
可选地,计算设备1500还包括通信接口1530。通信接口1530使用例如但不限于网络接口卡、收发器一类的收发模块,来实现计算设备1500与其他设备或通信网络之间的通信。Optionally, the computing device 1500 further includes a communication interface 1530. The communication interface 1530 uses a transceiver module such as, but not limited to, a network interface card or a transceiver to implement communication between the computing device 1500 and other devices or a communication network.
可选地,计算设备1500还包括系统总线1540,其中,处理器1510、存储器1520和通信接口1530分别与系统总线1540连接。处理器1510能够通过系统总线1540访问存储器1520,例如,处理器1510能够通过系统总线1540在存储器1520中进行数据读写或代码执行。该系统总线1540是快捷外设部件互连标准(peripheral component interconnect express,PCI)总线或扩展工业标准结构(extended industry standard architecture,EISA)总线等。该系统总线1540分为地址总线、数据总线、控制总线等。为便于表示,图5中仅用一条粗线表示,但并不表示仅有一根总线或一种类型的总线。Optionally, the computing device 1500 further includes a system bus 1540, wherein the processor 1510, the memory 1520 and the communication interface 1530 are respectively connected to the system bus 1540. The processor 1510 can access the memory 1520 through the system bus 1540. For example, the processor 1510 can read and write data or execute code in the memory 1520 through the system bus 1540. The system bus 1540 is a peripheral component interconnect express (PCI) bus or an extended industry standard architecture (EISA) bus. The system bus 1540 is divided into an address bus, a data bus, a control bus, etc. For ease of representation, only one thick line is used in FIG. 5, but it does not mean that there is only one bus or one type of bus.
一种可能的实现方式,处理器1510的功能主要是解释计算机程序的指令(或者说,代码)以及处理计算机软件中的数据。其中,该计算机程序的指令以及计算机软件中的数据能够保存在存储器1520或者缓存1516中。In a possible implementation, the function of the processor 1510 is mainly to interpret the instructions (or codes) of the computer program and process the data in the computer software. The instructions of the computer program and the data in the computer software can be stored in the memory 1520 or the cache 1516.
可选地,处理器1510可能是集成电路芯片,具有信号的处理能力。作为示例而非限定,处理器1510是通用处理器、数字信号处理器(digital signal processor,DSP)、专用集成电路(application specific integrated circuit,ASIC)、现成可编程门阵列(field programmable gate array,FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件。其中,通用处理器是微处理器等。例如,该处理器1510是中央处理单元(central processing unit,CPU)。Optionally, the processor 1510 may be an integrated circuit chip with signal processing capabilities. As an example and not limitation, the processor 1510 is a general-purpose processor, a digital signal processor (DSP), an application-specific integrated circuit (ASIC), a field programmable gate array (FPGA) or other programmable logic device, a discrete gate or transistor logic device, a discrete hardware component. Among them, the general-purpose processor is a microprocessor, etc. For example, the processor 1510 is a central processing unit (CPU).
可选地,每个处理器1510包括至少一个处理单元1512和内存控制单元1514。Optionally, each processor 1510 includes at least one processing unit 1512 and a memory control unit 1514 .
可选地,处理单元1512也称为核心(core)或内核,是处理器最重要的组成部分。处理单元1512是由单晶硅以一定的生产工艺制造出来的,处理器所有的计算、接受命令、存储命令、处理数据都由核心执行。处理单元分别独立地运行程序指令,利用并行计算的能力加快程序的运行速度。各种处理单元都
具有固定的逻辑结构,例如,处理单元包括例如,一级缓存、二级缓存、执行单元、指令单元和总线接口等逻辑单元。Optionally, the processing unit 1512 is also called the core or kernel, which is the most important component of the processor. The processing unit 1512 is made of single crystal silicon using a certain production process. All the calculations, command reception, command storage, and data processing of the processor are performed by the core. The processing units run program instructions independently and use the ability of parallel computing to speed up the program. Various processing units are It has a fixed logical structure. For example, the processing unit includes logical units such as a first-level cache, a second-level cache, an execution unit, an instruction unit, and a bus interface.
一种实现举例,内存控制单元1514用于控制存储器1520与处理单元1512之间的数据交互。具体地说,内存控制单元1514从处理单元1512接收内存访问请求,并基于该内存访问请求控制针对内存的访问。作为示例而非限定,内存控制单元是内存管理单元(memory management unit,MMU)等器件。In one implementation example, the memory control unit 1514 is used to control data interaction between the memory 1520 and the processing unit 1512. Specifically, the memory control unit 1514 receives a memory access request from the processing unit 1512, and controls access to the memory based on the memory access request. As an example and not a limitation, the memory control unit is a device such as a memory management unit (MMU).
一种实现举例,各内存控制单元1514通过系统总线进行针对存储器1520的寻址。并且在系统总线中配置仲裁器(图5中未示出),该仲裁器负责处理和协调多个处理单元1512的竞争访问。In one implementation example, each memory control unit 1514 addresses the memory 1520 through the system bus. An arbiter (not shown in FIG. 5 ) is configured in the system bus, and the arbiter is responsible for processing and coordinating contention accesses of multiple processing units 1512 .
一种实现举例,处理单元1512和内存控制单元1514通过芯片内部的连接线,例如地址线,通信连接,从而实现处理单元1512和内存控制单元1514之间的通信。In an implementation example, the processing unit 1512 and the memory control unit 1514 are connected to each other through connection lines inside the chip, such as address lines, so as to achieve communication between the processing unit 1512 and the memory control unit 1514.
可选地,每个处理器1510还包括缓存1516,其中,缓存是数据交换的缓冲区(称作cache)。当处理单元1512要读取数据时,会首先从缓存中查找需要的数据,如果找到了则直接执行,找不到的话则从存储器中找。由于缓存的运行速度比存储器快得多,故缓存的作用就是帮助处理单元1512更快地运行。Optionally, each processor 1510 also includes a cache 1516, wherein the cache is a buffer for data exchange (called cache). When the processing unit 1512 wants to read data, it will first search for the required data from the cache. If it is found, it will be executed directly. If it is not found, it will be searched from the memory. Since the running speed of the cache is much faster than the memory, the role of the cache is to help the processing unit 1512 run faster.
存储器1520能够为计算设备1500中的进程提供运行空间,例如,存储器1520中保存用于生成进程的计算机程序(具体地说,是程序的代码)。计算机程序被处理器运行而生成进程后,处理器在存储器1520中为该进程分配对应的存储空间。进一步的,上述存储空间进一步包括文本段、初始化数据段、位初始化数据段、栈段、堆段等等。存储器1520在上述进程对应的存储空间中保存进程运行期间产生的数据,例如,中间数据,或过程数据等等。The memory 1520 can provide a running space for the processes in the computing device 1500. For example, the computer program (specifically, the code of the program) used to generate the process is stored in the memory 1520. After the computer program is executed by the processor to generate the process, the processor allocates a corresponding storage space for the process in the memory 1520. Furthermore, the above storage space further includes a text segment, an initialized data segment, a bit initialized data segment, a stack segment, a heap segment, etc. The memory 1520 stores the data generated during the running of the process in the storage space corresponding to the above process, such as intermediate data, process data, etc.
可选地,存储器也称为内存,其作用是用于暂时存放处理器1510中的运算数据,以及与硬盘等外部存储器交换的数据。只要计算机在运行中,处理器1510就会把需要运算的数据调到内存中进行运算,当运算完成后处理单元1512再将结果传送出来。Optionally, the storage is also called memory, and its function is to temporarily store the operation data in the processor 1510 and the data exchanged with the external storage such as the hard disk. As long as the computer is running, the processor 1510 will transfer the data to be calculated to the memory for calculation, and when the calculation is completed, the processing unit 1512 will transmit the result.
作为示例而非限定,存储器1520是易失性存储器或非易失性存储器,或可包括易失性和非易失性存储器两者。其中,非易失性存储器是只读存储器(read-only memory,ROM)、可编程只读存储器(programmable ROM,PROM)、可擦除可编程只读存储器(erasable PROM,EPROM)、电可擦除可编程只读存储器(electrically EPROM,EEPROM)或闪存。易失性存储器是随机存取存储器(random access memory,RAM),其用作外部高速缓存。通过示例性但不是限制性说明,许多形式的RAM可用,例如静态随机存取存储器(static RAM,SRAM)、动态随机存取存储器(dynamic RAM,DRAM)、同步动态随机存取存储器(synchronous DRAM,SDRAM)、双倍数据速率同步动态随机存取存储器(double data rate SDRAM,DDR SDRAM)、增强型同步动态随机存取存储器(enhanced SDRAM,ESDRAM)、同步连接动态随机存取存储器(synchlink DRAM,SLDRAM)和直接内存总线随机存取存储器(direct rambus RAM,DR RAM)。应注意,本文描述的系统和方法的存储器1520旨在包括但不限于这些和任意其它适合类型的存储器。As an example and not limitation, memory 1520 is a volatile memory or a non-volatile memory, or may include both volatile and non-volatile memory. Among them, the non-volatile memory is a read-only memory (ROM), a programmable read-only memory (PROM), an erasable programmable read-only memory (EPROM), an electrically erasable programmable read-only memory (EEPROM), or a flash memory. The volatile memory is a random access memory (RAM), which is used as an external cache. By way of example and not limitation, many forms of RAM are available, such as static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double data rate SDRAM (DDR SDRAM), enhanced SDRAM (ESDRAM), synchlink DRAM (SLDRAM), and direct rambus RAM (DR RAM). It should be noted that the memory 1520 of the systems and methods described herein is intended to include, but is not limited to, these and any other suitable types of memory.
以上列举的计算设备1500的结构仅为示例性说明,本申请并未限定于此,本申请实施例的计算设备1500包括现有技术中计算机系统中的各种硬件,例如,计算设备1500还包括除存储器1520以外的其他存储器,例如,磁盘存储器等。本领域的技术人员应当理解,计算设备1500还可以包括实现正常运行所必须的其他器件。同时,根据具体需要,本领域的技术人员应当理解,上述计算设备1500还可包括实现其他附加功能的硬件器件。此外,本领域的技术人员应当理解,上述计算设备1500也可仅仅包括实现本申请实施例所必须的器件,而不必包括图5中所示的全部器件。The structure of the computing device 1500 listed above is only an exemplary description, and the present application is not limited thereto. The computing device 1500 of the embodiment of the present application includes various hardware in the computer system in the prior art. For example, the computing device 1500 also includes other memories other than the memory 1520, such as disk storage, etc. It should be understood by those skilled in the art that the computing device 1500 may also include other devices necessary for normal operation. At the same time, according to specific needs, it should be understood by those skilled in the art that the computing device 1500 may also include hardware devices for implementing other additional functions. In addition, it should be understood by those skilled in the art that the computing device 1500 may also include only the devices necessary for implementing the embodiment of the present application, without having to include all the devices shown in FIG. 5.
本申请实施例还提供了一种计算设备集群。该计算设备集群包括至少一台计算设备。该计算设备可以是服务器。在一些实施例中,计算设备也可以是台式机、笔记本电脑或者智能手机等终端设备。The embodiment of the present application also provides a computing device cluster. The computing device cluster includes at least one computing device. The computing device may be a server. In some embodiments, the computing device may also be a terminal device such as a desktop computer, a laptop computer, or a smart phone.
如图6所示,该计算设备集群包括至少一个计算设备1500。计算设备集群中的一个或多个计算设备1500中的存储器1520中可以存有相同的用于执行上述方法的指令。As shown in Fig. 6, the computing device cluster includes at least one computing device 1500. The memory 1520 in one or more computing devices 1500 in the computing device cluster may store the same instructions for executing the above method.
在一些可能的实现方式中,该计算设备集群中的一个或多个计算设备1500中的存储器1520也可以分别存有用于执行上述方法的部分指令。换言之,一个或多个计算设备1500的组合可以共同执行上述方法的指令。In some possible implementations, the memory 1520 in one or more computing devices 1500 in the computing device cluster may also store partial instructions for executing the above method. In other words, the combination of one or more computing devices 1500 may jointly execute the instructions of the above method.
需要说明的是,计算设备集群中的不同的计算设备1500中的存储器1520可以存储不同的指令,分别用于执行上述装置的部分功能。也即,不同的计算设备1500中的存储器1520存储的指令可以实现将上述装置中的一个或多个模块的功能。It should be noted that the memory 1520 in different computing devices 1500 in the computing device cluster may store different instructions, which are respectively used to execute part of the functions of the above-mentioned apparatus. That is, the instructions stored in the memory 1520 in different computing devices 1500 may implement the functions of one or more modules in the above-mentioned apparatus.
在一些可能的实现方式中,计算设备集群中的一个或多个计算设备可以通过网络连接。其中,该网
络可以是广域网或局域网等等。图7示出了一种可能的实现方式。如图7所示,两个计算设备1500A和1500B之间通过网络进行连接。具体地,通过各个计算设备中的通信接口与该网络进行连接。In some possible implementations, one or more computing devices in the computing device cluster may be connected via a network. The network may be a wide area network or a local area network, etc. FIG. 7 shows a possible implementation. As shown in FIG. 7 , two computing devices 1500A and 1500B are connected via a network. Specifically, the network is connected via a communication interface in each computing device.
应理解,图7中示出的计算设备1500A的功能也可以由多个计算设备1500完成。同样,计算设备1500B的功能也可以由多个计算设备1500完成。It should be understood that the functionality of the computing device 1500A shown in FIG7 may also be implemented by multiple computing devices 1500. Similarly, the functionality of the computing device 1500B may also be implemented by multiple computing devices 1500.
本实施例中,还提供了一种包含指令的计算机程序产品,该计算机程序产品可以是包含指令的,能够运行在计算设备上或被储存在任何可用介质中的软件或程序产品。当其在计算设备上运行时,使得计算设备执行上述所提供的方法,或者使得该计算设备实现上述提供的装置的功能。In this embodiment, a computer program product including instructions is also provided. The computer program product may be a software or program product including instructions that can be run on a computing device or stored in any available medium. When the computer program product is run on a computing device, the computing device is caused to execute the method provided above, or the computing device is caused to implement the function of the apparatus provided above.
本实施例中,还提供了一种包含指令的计算机程序产品,该计算机程序产品可以是包含指令的,能够运行在计算设备集群上或被储存在任何可用介质中的软件或程序产品。当其由计算设备集群运行时,使得计算设备集群执行上述所提供的方法,或者使得该计算设备集群实现上述提供的装置的功能。In this embodiment, a computer program product including instructions is also provided. The computer program product may be software or a program product including instructions that can be run on a computing device cluster or stored in any available medium. When the computer program product is run by a computing device cluster, the computing device cluster executes the method provided above, or the computing device cluster implements the function of the apparatus provided above.
本实施例中,还提供了一种计算机可读存储介质,计算机可读存储介质可以是计算设备能够存储的任何可用介质或者是包含一个或多个可用介质的数据中心等数据存储设备。该可用介质可以是磁性介质,(例如,软盘、硬盘、磁带)、光介质(例如,DVD)、或者半导体介质(例如固态硬盘)等。该计算机可读存储介质包括指令,当计算机可读存储介质中的指令在计算设备上被执行时,使得计算设备执行上述所提供的方法。In this embodiment, a computer-readable storage medium is also provided. The computer-readable storage medium may be any available medium that can be stored by a computing device or a data storage device such as a data center that includes one or more available media. The available medium may be a magnetic medium (e.g., a floppy disk, a hard disk, a tape), an optical medium (e.g., a DVD), or a semiconductor medium (e.g., a solid-state hard disk). The computer-readable storage medium includes instructions. When the instructions in the computer-readable storage medium are executed on a computing device, the computing device executes the method provided above.
本实施例中,还提供了一种计算机可读存储介质,计算机可读存储介质可以是计算设备能够存储的任何可用介质或者是包含一个或多个可用介质的数据中心等数据存储设备。该可用介质可以是磁性介质,(例如,软盘、硬盘、磁带)、光介质(例如,DVD)、或者半导体介质(例如固态硬盘)等。该计算机可读存储介质包括指令,当计算机可读存储介质中的指令由计算设备集群执行时,使得计算设备集群执行上述所提供的方法。In this embodiment, a computer-readable storage medium is also provided, and the computer-readable storage medium may be any available medium that can be stored by a computing device or a data storage device such as a data center that includes one or more available media. The available medium may be a magnetic medium (e.g., a floppy disk, a hard disk, a tape), an optical medium (e.g., a DVD), or a semiconductor medium (e.g., a solid-state hard disk), etc. The computer-readable storage medium includes instructions, and when the instructions in the computer-readable storage medium are executed by a computing device cluster, the computing device cluster executes the method provided above.
应理解,在本申请的各种实施例中,上述各过程的序号的大小并不意味着执行顺序的先后,各过程的执行顺序应以其功能和内在逻辑确定,而不应对本申请实施例的实施过程构成任何限定。It should be understood that in the various embodiments of the present application, the size of the serial numbers of the above-mentioned processes does not mean the order of execution. The execution order of each process should be determined by its function and internal logic, and should not constitute any limitation on the implementation process of the embodiments of the present application.
本领域普通技术人员可以意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,能够以电子硬件、或者计算机软件和电子硬件的结合来实现。这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本申请的范围。Those of ordinary skill in the art will appreciate that the units and algorithm steps of each example described in conjunction with the embodiments disclosed herein can be implemented in electronic hardware, or a combination of computer software and electronic hardware. Whether these functions are performed in hardware or software depends on the specific application and design constraints of the technical solution. Professional and technical personnel can use different methods to implement the described functions for each specific application, but such implementation should not be considered to be beyond the scope of this application.
所属领域的技术人员可以清楚地了解到,为描述的方便和简洁,上述描述的系统、装置和单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。Those skilled in the art can clearly understand that, for the convenience and brevity of description, the specific working processes of the systems, devices and units described above can refer to the corresponding processes in the aforementioned method embodiments and will not be repeated here.
在本申请所提供的几个实施例中,应该理解到,所揭露的系统、装置和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,该单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。In the several embodiments provided in the present application, it should be understood that the disclosed systems, devices and methods can be implemented in other ways. For example, the device embodiments described above are only schematic. For example, the division of the unit is only a logical function division. There may be other division methods in actual implementation, such as multiple units or components can be combined or integrated into another system, or some features can be ignored or not executed. Another point is that the mutual coupling or direct coupling or communication connection shown or discussed can be through some interfaces, indirect coupling or communication connection of devices or units, which can be electrical, mechanical or other forms.
该作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is, they may be located in one place or distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
另外,在本申请各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。In addition, each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.
该功能如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本申请各个实施例该方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(read-only memory,ROM)、随机存取存储器(random access memory,RAM)、磁碟或者光盘等各种可以存储程序代码的介质。If this function is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present application can essentially or in other words, the part that contributes to the prior art or the part of the technical solution can be embodied in the form of a software product. The computer software product is stored in a storage medium, including several instructions for a computer device (which can be a personal computer, server, or network device, etc.) to execute all or part of the steps of the method in each embodiment of the present application. The aforementioned storage medium includes: U disk, mobile hard disk, read-only memory (ROM), random access memory (RAM), disk or optical disk, and other media that can store program codes.
以上该,仅为本申请的具体实施方式,但本申请的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本申请揭露的技术范围内,可轻易想到变化或替换,都应涵盖在本申请的保护范围之内。因此,本申请的保护范围应以该权利要求的保护范围为准。
The above is only a specific implementation of the present application, but the protection scope of the present application is not limited thereto. Any technician familiar with the technical field can easily think of changes or substitutions within the technical scope disclosed in the present application, which should be included in the protection scope of the present application. Therefore, the protection scope of the present application should be based on the protection scope of the claims.
Claims (21)
- 一种数据处理的方法,其特征在于,所述方法应用于云区块链系统,所述云区块链系统包括多个区块链节点,云管理平台在其管理的云计算资源部署所述云区块链系统,所述云管理平台在所述云计算资源部署区块链服务,所述方法包括:A method for data processing, characterized in that the method is applied to a cloud blockchain system, the cloud blockchain system includes multiple blockchain nodes, a cloud management platform deploys the cloud blockchain system on the cloud computing resources it manages, and the cloud management platform deploys blockchain services on the cloud computing resources, the method comprising:第一区块链节点接收任务信息,所述第一区块链节点为所述云区块链系统中的一个节点;A first blockchain node receives task information, where the first blockchain node is a node in the cloud blockchain system;所述第一区块链节点将所述任务信息发送给任务执行设备,所述任务执行设备为所述云区块链系统外的服务器,所述任务执行设备用于根据所述任务信息对第一模型进行推理计算,得到所述第一模型的推理结果,所述第一模型的输入包括所述任务信息;The first blockchain node sends the task information to a task execution device, which is a server outside the cloud blockchain system. The task execution device is used to perform inference calculation on a first model according to the task information to obtain an inference result of the first model, and the input of the first model includes the task information;所述任务执行设备将所述推理结果发送给可信执行环境TEE进行验证,得到验证后的推理结果;The task execution device sends the reasoning result to the trusted execution environment TEE for verification, and obtains the verified reasoning result;所述第一区块链节点从所述TEE获得所述验证后的推理结果,并上链存储;The first blockchain node obtains the verified reasoning result from the TEE and stores it on the chain;所述云区块链系统中的其他节点通过各自对应的TEE对所述验证后的推理结果进行再次验证,并将再次验证后的推理结果上链存储。The other nodes in the cloud blockchain system re-verify the verified reasoning results through their respective corresponding TEEs, and store the re-verified reasoning results on the chain.
- 根据权利要求1所述的方法,其特征在于,所述任务执行设备为第一服务器,所述第一服务器与所述第一区块链节点通信,所述第一服务器用于根据所述任务信息对第一模型进行推理计算,得到所述第一模型的推理结果,The method according to claim 1 is characterized in that the task execution device is a first server, the first server communicates with the first blockchain node, and the first server is used to perform inference calculation on the first model according to the task information to obtain the inference result of the first model.所述任务执行设备将所述推理结果发送给可信执行环境TEE进行验证,包括:The task execution device sends the reasoning result to the trusted execution environment TEE for verification, including:所述第一服务器将所述推理结果发送给所述TEE进行验证。The first server sends the inference result to the TEE for verification.
- 根据权利要求1所述的方法,其特征在于,所述任务执行设备为所述TEE,所述TEE与第一服务器通信,所述方法还包括:The method according to claim 1, characterized in that the task execution device is the TEE, the TEE communicates with the first server, and the method further comprises:所述第一服务器接收所述第一区块链节点发送的所述任务信息;The first server receives the task information sent by the first blockchain node;所述第一服务器将所述任务信息发送给所述TEE,所述TEE用于根据任务信息对第一模型进行推理计算,得到所述第一模型的推理结果,并对所述推理结果进行验证,得到所述验证后的推理结果。The first server sends the task information to the TEE, and the TEE is used to perform inference calculation on the first model according to the task information to obtain the inference result of the first model, and verify the inference result to obtain the verified inference result.
- 根据权利要求2或3所述的方法,其特征在于,所述任务执行设备为边缘服务器,所述方法还包括:The method according to claim 2 or 3, characterized in that the task execution device is an edge server, and the method further comprises:所述第一服务器或所述TEE将所述任务信息发送给所述边缘服务器,由所述边缘服务器根据任务信息对第一模型进行推理计算,得到所述第一模型的推理结果;The first server or the TEE sends the task information to the edge server, and the edge server performs inference calculation on the first model according to the task information to obtain an inference result of the first model;所述任务执行设备将所述推理结果发送给可信执行环境TEE进行验证,包括:The task execution device sends the reasoning result to the trusted execution environment TEE for verification, including:所述边缘服务器将所述推理结果发送给所述TEE进行验证。The edge server sends the inference result to the TEE for verification.
- 根据权利要求1至4中任一项所述的方法,其特征在于,所述TEE部署在所述第一区块链节点上。The method according to any one of claims 1 to 4, characterized in that the TEE is deployed on the first blockchain node.
- 一种数据处理的方法,其特征在于,所述方法包括:A method for data processing, characterized in that the method comprises:第一区块链节点接收任务信息,所述第一区块链节点为所述区块链系统中的一个节点;A first blockchain node receives task information, where the first blockchain node is a node in the blockchain system;所述第一区块链节点将所述任务信息发送给任务执行设备,所述任务执行设备为所述区块链系统外的服务器,所述任务执行设备用于根据所述任务信息对第一模型进行推理计算,得到所述第一模型的推理结果,所述第一模型的输入包括所述任务信息;The first blockchain node sends the task information to a task execution device, which is a server outside the blockchain system. The task execution device is used to perform inference calculation on a first model according to the task information to obtain an inference result of the first model, and the input of the first model includes the task information;所述任务执行设备将所述推理结果发送给可信执行环境TEE进行验证,得到验证后的推理结果;The task execution device sends the reasoning result to the trusted execution environment TEE for verification, and obtains the verified reasoning result;所述第一区块链节点从所述TEE获得所述验证后的推理结果,并上链存储;The first blockchain node obtains the verified reasoning result from the TEE and stores it on the chain;所述区块链系统中的其他节点通过各自对应的TEE对所述验证后的推理结果进行再次验证,并将再次验证后的推理结果上链存储。The other nodes in the blockchain system re-verify the verified reasoning results through their respective corresponding TEEs, and store the re-verified reasoning results on the chain.
- 根据权利要求6所述的方法,其特征在于,所述任务执行设备为第一服务器,所述第一服务器与所述第一区块链节点通信,所述第一服务器用于根据所述任务信息对第一模型进行推理计算,得到所述第一模型的推理结果,The method according to claim 6 is characterized in that the task execution device is a first server, the first server communicates with the first blockchain node, and the first server is used to perform inference calculation on the first model according to the task information to obtain the inference result of the first model.所述任务执行设备将所述推理结果发送给可信执行环境TEE进行验证,包括:The task execution device sends the reasoning result to the trusted execution environment TEE for verification, including:所述第一服务器将所述推理结果发送给所述TEE进行验证。The first server sends the inference result to the TEE for verification.
- 根据权利要求6所述的方法,其特征在于,所述任务执行设备为所述TEE,所述TEE与第一服务器通信,所述方法还包括:The method according to claim 6, characterized in that the task execution device is the TEE, the TEE communicates with the first server, and the method further comprises:所述第一服务器接收所述第一区块链节点发送的所述任务信息; The first server receives the task information sent by the first blockchain node;所述第一服务器将所述任务信息发送给所述TEE,所述TEE用于根据任务信息对第一模型进行推理计算,得到所述第一模型的推理结果,并对所述推理结果进行验证,得到所述验证后的推理结果。The first server sends the task information to the TEE, and the TEE is used to perform inference calculation on the first model according to the task information to obtain the inference result of the first model, and verify the inference result to obtain the verified inference result.
- 根据权利要求7或8所述的方法,其特征在于,所述任务执行设备为边缘服务器,所述方法还包括:The method according to claim 7 or 8, characterized in that the task execution device is an edge server, and the method further comprises:所述第一服务器或所述TEE将所述任务信息发送给所述边缘服务器,由所述边缘服务器根据任务信息对第一模型进行推理计算,得到所述第一模型的推理结果;The first server or the TEE sends the task information to the edge server, and the edge server performs inference calculation on the first model according to the task information to obtain an inference result of the first model;所述第一服务器将所述推理结果发送给所述TEE进行验证,包括:The first server sends the inference result to the TEE for verification, including:所述边缘服务器将所述推理结果发送给所述TEE进行验证。The edge server sends the inference result to the TEE for verification.
- 根据权利要求6至9中任一项所述的方法,其特征在于,所述TEE部署在所述第一区块链节点上。The method according to any one of claims 6 to 9 is characterized in that the TEE is deployed on the first blockchain node.
- 一种数据处理的系统,其特征在于,所述系统包括云区块链系统、任务执行设备以及可信执行环境TEE,所述云区块链系统包括多个区块链节点,所述多个区块链节点中包括第一区块链节点,云计算平台在其管理的云计算资源部署所述云区块链系统,所述云计算平台在所述云计算资源部署存储服务,所述系统包括:A data processing system, characterized in that the system includes a cloud blockchain system, a task execution device and a trusted execution environment TEE, the cloud blockchain system includes multiple blockchain nodes, the multiple blockchain nodes include a first blockchain node, the cloud computing platform deploys the cloud blockchain system on the cloud computing resources it manages, the cloud computing platform deploys storage services on the cloud computing resources, and the system includes:所述第一区块链节点,用于接收任务信息,并将所述任务信息发送给任务执行设备,所述任务执行设备为所述云区块链系统外的服务器,所述任务执行设备用于根据所述任务信息对第一模型进行推理计算,得到所述第一模型的推理结果,所述第一模型的输入包括所述任务信息;The first blockchain node is used to receive task information and send the task information to a task execution device, wherein the task execution device is a server outside the cloud blockchain system, and the task execution device is used to perform inference calculation on a first model according to the task information to obtain an inference result of the first model, and the input of the first model includes the task information;所述任务执行设备,用于将所述推理结果发送给可信执行环境TEE;The task execution device is used to send the reasoning result to the trusted execution environment TEE;所述TEE,用于对所述推理结果进行验证,得到验证后的推理结果;The TEE is used to verify the reasoning result to obtain a verified reasoning result;所述第一区块链节点,用于从所述TEE获得所述验证后的推理结果,并上链存储;The first blockchain node is used to obtain the verified reasoning result from the TEE and store it on the chain;所述云区块链系统中的其他节点,用于通过各自对应的TEE对所述验证后的推理结果进行再次验证,并将再次验证后的推理结果上链存储。The other nodes in the cloud blockchain system are used to re-verify the verified reasoning results through their respective corresponding TEEs, and store the re-verified reasoning results on the chain.
- 根据权利要求11所述的系统,其特征在于,所述任务执行设备为第一服务器,所述第一服务器与所述第一区块链节点通信,所述第一服务器用于根据所述任务信息对第一模型进行推理计算,得到所述第一模型的推理结果,The system according to claim 11, characterized in that the task execution device is a first server, the first server communicates with the first blockchain node, and the first server is used to perform inference calculation on the first model according to the task information to obtain the inference result of the first model.所述第一服务器,具体用于将所述推理结果发送给所述TEE进行验证。The first server is specifically used to send the inference result to the TEE for verification.
- 根据权利要求11所述的系统,其特征在于,所述任务执行设备为所述TEE,所述TEE与第一服务器通信,The system according to claim 11, characterized in that the task execution device is the TEE, and the TEE communicates with the first server,所述第一服务器,用于接收所述第一区块链节点发送的所述任务信息,并将所述任务信息发送给所述TEE,所述TEE用于根据任务信息对第一模型进行推理计算,得到所述第一模型的推理结果,并对所述推理结果进行验证,得到所述验证后的推理结果。The first server is used to receive the task information sent by the first blockchain node, and send the task information to the TEE. The TEE is used to perform inference calculation on the first model according to the task information to obtain the inference result of the first model, and verify the inference result to obtain the verified inference result.
- 根据权利要求12或13所述的系统,其特征在于,所述任务执行设备为边缘服务器,The system according to claim 12 or 13, characterized in that the task execution device is an edge server,所述第一服务器或所述TEE,用于将所述任务信息发送给所述边缘服务器;The first server or the TEE is used to send the task information to the edge server;所述边缘服务器,用于根据任务信息对第一模型进行推理计算,得到所述第一模型的推理结果,并将所述推理结果发送给所述TEE进行验证。The edge server is used to perform inference calculation on the first model according to the task information, obtain the inference result of the first model, and send the inference result to the TEE for verification.
- 根据权利要求11至14中任一项所述的系统,其特征在于,所述TEE部署在所述第一区块链节点上。The system according to any one of claims 11 to 14, characterized in that the TEE is deployed on the first blockchain node.
- 一种计算设备,其特征在于,包括处理器和存储器,所述处理器用于执行所述存储器中存储的指令,以使得所述计算设备执行如权利要求1至5中任一项所述的方法,或执行如权利要求6至10中任一项所述的方法。A computing device, characterized in that it comprises a processor and a memory, wherein the processor is used to execute instructions stored in the memory so that the computing device executes the method as described in any one of claims 1 to 5, or executes the method as described in any one of claims 6 to 10.
- 一种计算设备集群,其特征在于,包括至少一个计算设备,每个计算设备包括处理器和存储器;A computing device cluster, characterized in that it includes at least one computing device, each computing device includes a processor and a memory;所述至少一个计算设备的处理器用于执行所述至少一个计算设备的存储器中存储的指令,以使得所述计算设备集群执行如权利要求1至5中任一项所述的方法,或执行如权利要求6至10中任一项所述的方法。The processor of the at least one computing device is configured to execute instructions stored in the memory of the at least one computing device, so that the computing device cluster executes the method according to any one of claims 1 to 5, or executes the method according to any one of claims 6 to 10.
- 一种包含指令的计算机程序产品,其特征在于,当所述指令被计算设备运行时,使得所述计算设备执行如权利要求的1至5中任一项所述的方法,或执行如权利要求6至10中任一项所述的方法。A computer program product comprising instructions, characterized in that when the instructions are executed by a computing device, the computing device executes the method as claimed in any one of claims 1 to 5, or executes the method as claimed in any one of claims 6 to 10.
- 一种包含指令的计算机程序产品,其特征在于,当所述指令被计算设备集群运行时,使得所述计算设备集群执行如权利要求的1至5中任一项所述的方法,或执行如权利要求6至10中任一项所述的 方法。A computer program product comprising instructions, characterized in that when the instructions are executed by a computing device cluster, the computing device cluster executes the method as claimed in any one of claims 1 to 5, or executes the method as claimed in any one of claims 6 to 10 method.
- 一种计算机可读存储介质,其特征在于,包括计算机程序指令,当所述计算机程序指令由计算设备执行时,所述计算设备执行如权利要求1至5中任一项所述的方法,或执行如权利要求6至10中任一项所述的方法。A computer-readable storage medium, characterized in that it includes computer program instructions. When the computer program instructions are executed by a computing device, the computing device executes the method as described in any one of claims 1 to 5, or executes the method as described in any one of claims 6 to 10.
- 一种计算机可读存储介质,其特征在于,包括计算机程序指令,当所述计算机程序指令由计算设备集群执行时,所述计算设备集群执行如权利要求1至5中任一项所述的方法,或执行如权利要求6至10中任一项所述的方法。 A computer-readable storage medium, characterized in that it includes computer program instructions. When the computer program instructions are executed by a computing device cluster, the computing device cluster executes the method as described in any one of claims 1 to 5, or executes the method as described in any one of claims 6 to 10.
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310226446 | 2023-03-09 | ||
CN202310226446.5 | 2023-03-09 | ||
CN202310432135.4 | 2023-04-20 | ||
CN202310432135.4A CN118659887A (en) | 2023-03-09 | 2023-04-20 | Data processing method and device and computing equipment |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2024183439A1 true WO2024183439A1 (en) | 2024-09-12 |
Family
ID=92674066
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2024/070415 WO2024183439A1 (en) | 2023-03-09 | 2024-01-03 | Data processing method and apparatus, and computation device |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2024183439A1 (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111258725A (en) * | 2020-01-17 | 2020-06-09 | 北京百度网讯科技有限公司 | Data processing method, device, equipment and medium based on block chain |
CN111541785A (en) * | 2020-07-08 | 2020-08-14 | 支付宝(杭州)信息技术有限公司 | Block chain data processing method and device based on cloud computing |
CN114327803A (en) * | 2022-03-15 | 2022-04-12 | 北京百度网讯科技有限公司 | Method, apparatus, device and medium for accessing machine learning model by block chain |
US20220138550A1 (en) * | 2020-10-29 | 2022-05-05 | International Business Machines Corporation | Blockchain for artificial intelligence training |
CN115719272A (en) * | 2021-08-26 | 2023-02-28 | 华为技术有限公司 | Data processing method, system, device, computer equipment and storage medium |
-
2024
- 2024-01-03 WO PCT/CN2024/070415 patent/WO2024183439A1/en unknown
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111258725A (en) * | 2020-01-17 | 2020-06-09 | 北京百度网讯科技有限公司 | Data processing method, device, equipment and medium based on block chain |
CN111541785A (en) * | 2020-07-08 | 2020-08-14 | 支付宝(杭州)信息技术有限公司 | Block chain data processing method and device based on cloud computing |
US20220138550A1 (en) * | 2020-10-29 | 2022-05-05 | International Business Machines Corporation | Blockchain for artificial intelligence training |
CN115719272A (en) * | 2021-08-26 | 2023-02-28 | 华为技术有限公司 | Data processing method, system, device, computer equipment and storage medium |
CN114327803A (en) * | 2022-03-15 | 2022-04-12 | 北京百度网讯科技有限公司 | Method, apparatus, device and medium for accessing machine learning model by block chain |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11347560B2 (en) | Secure service isolation between instances of cloud products using a SaaS model | |
EP3657377B1 (en) | Techniques to secure computation data in a computing environment | |
EP3652886B1 (en) | Blockchain | |
US10338957B2 (en) | Provisioning keys for virtual machine secure enclaves | |
CN107924445B (en) | Mutual approval of privacy-preserving computations | |
CN105359486B (en) | Resource is accessed using agent security | |
EP3427178B1 (en) | Secure file sharing over multiple security domains and dispersed communication networks | |
BR112021008819A2 (en) | managing permissions to access user data in a distributed ledger trust network | |
US9172724B1 (en) | Licensing and authentication with virtual desktop manager | |
US20160366130A1 (en) | Apparatus and method for providing security service based on virtualization | |
US10909273B2 (en) | Selective data security within data storage layers | |
CN107431694A (en) | Encryption key is fetched | |
US20210273801A1 (en) | Methods and systems for password recovery based on user location | |
US10673827B1 (en) | Secure access to user data | |
CN113569248A (en) | Data processing method and computing device | |
Yu et al. | A trusted architecture for virtual machines on cloud servers with trusted platform module and certificate authority | |
US11595372B1 (en) | Data source driven expected network policy control | |
WO2024183439A1 (en) | Data processing method and apparatus, and computation device | |
Singh et al. | Navigating the Landscape of Security Threat Analysis in Cloud Computing environments | |
Guo et al. | Trustworthy AI Using Confidential Federated Learning | |
CN118659887A (en) | Data processing method and device and computing equipment | |
US12063316B2 (en) | Establishing a trust relationship in a hybrid cloud management and management service environment | |
US20230342603A1 (en) | Method and electronic device for secure training of an artificial intelligence (ai) model | |
CN114531247B (en) | Data sharing method, device, equipment, storage medium and program product | |
US11947692B1 (en) | Systems and methods for dynamic formjacking protection |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 24766162 Country of ref document: EP Kind code of ref document: A1 |