CN115470473A

CN115470473A - Artificial intelligence system protection method and device, AI analysis equipment and management and control center

Info

Publication number: CN115470473A
Application number: CN202211110485.0A
Authority: CN
Inventors: 洪超; 杨祎巍; 匡晓云; 许爱东; 李攀登; 陈霖; 张宇南; 黄开天; 徐培明
Original assignee: China South Power Grid International Co ltd
Current assignee: China South Power Grid International Co ltd
Priority date: 2022-09-13
Filing date: 2022-09-13
Publication date: 2022-12-13

Abstract

The invention relates to the technical field of artificial intelligence safety, and discloses an artificial intelligence system protection method, an artificial intelligence system protection device, AI analysis equipment and a management and control center. The AI analysis equipment carries out periodical credible verification on a self target program and a self target system based on a credible verification technology, interacts with an embedded credible password module according to a verification result to obtain AIK, reports the obtained verification result to an AI control center periodically, and sends AIK certificate application and AI operation information application requests to the AI control center; the AI management and control center issues the AIK certificate and encrypts the latest AI operation information by using a public key carried by the request when the equipment is in a trusted state according to the application request; the AI analysis equipment decrypts the received encrypted AI running information by using the trusted cryptography module to obtain an AI algorithm program and algorithm parameters. The invention can effectively realize the protection of the algorithm program and the parameters and simultaneously meet the frequent updating requirement of the algorithm program and the parameters.

Description

Artificial intelligence system protection method and device, AI analysis equipment and management and control center

Technical Field

The invention relates to the technical field of artificial intelligence safety, in particular to a method and a device for protecting an artificial intelligence system, AI analysis equipment and a control center.

Background

Artificial intelligence systems are generally divided into two phases: the method comprises the following steps that firstly, a learning stage is used for learning and training by using a learning sample to obtain algorithm parameters; and the second is an analysis stage, which utilizes the algorithm parameters to analyze the input data and output the analysis result of artificial intelligence. In the learning stage, the main assets of the artificial intelligence system comprise algorithm programs, sample data and algorithm parameters obtained through training; in the analysis stage, the main assets of the artificial intelligence system comprise algorithm programs, algorithm parameters, actual data and analysis results thereof. The algorithm program and the algorithm parameters are used as core assets and are the core key points for protecting the artificial intelligence system.

In the training phase, the algorithm and its data are typically run in a data center, where the physical environment and the network environment are relatively controllable. In the analysis stage, the user side is usually located at the user side, for example, an automatic driving system operates in a vehicle, a medical image identification intelligent system operates in a hospital, a transformer substation inspection robot operates in a transformer substation, and the like, the physical environment and the network environment where algorithm programs and parameters are located are not controllable, and meanwhile, the risk of human malicious data stealing is also faced.

In order to protect the core assets of the artificial intelligence system, the traditional protection mode adopts a 'dongle' scheme, which uses a small encryption device as a medium for distribution and operation of AI analysis software (i.e. an AI analysis device), stores and operates an algorithm program and algorithm parameters in the small encryption device, and provides the algorithm program and the algorithm parameters in a hardware mode. Since the conventional scheme is a hardware-based scheme, online upgrade cannot be supported. And if the updating is needed, the AI analysis equipment needs to be recalled, and the AI analysis software is updated by the maintenance personnel one by one and then is redeployed.

With the development and wide application of artificial intelligence, algorithm programs and algorithm parameters are updated increasingly frequently, and the traditional mode is difficult to meet requirements.

Disclosure of Invention

The invention provides an artificial intelligence system protection method and device, AI analysis equipment and a control center, which solve the technical problem of how to realize protection of algorithm programs and algorithm parameters and meet the frequent updating requirements of the algorithm programs and the algorithm parameters.

The invention provides an artificial intelligence system protection method in a first aspect, which is executed by an AI analysis device, and comprises the following steps:

carrying out regular credible verification on a target program and a system of the terminal on the basis of a credible verification technology to obtain a credible verification result; the target program and the system comprise a BIOS, a BootLoader and/or an operating system;

sending an AIK inquiry request carrying a current trusted verification result to an embedded trusted cryptography module, and receiving and storing an AIK fed back by the trusted cryptography module when the trusted cryptography module judges that the equipment is in a trusted state based on the current trusted verification result;

sending an AIK certificate application carrying the AIK to an AI management and control center, and receiving and storing an AIK certificate fed back by the AI management and control center based on the AIK;

reporting a credibility verification result obtained when credibility verification is carried out to the AI control center periodically;

sending an application request of AI running information including an AI algorithm program and algorithm parameters to the AI control center; the application request comprises the AIK certificate and a public key generated by the trusted cryptography module;

receiving encrypted AI operation information fed back by the AI control center when the AI control center judges that the equipment is in a credible state based on the received current credible verification result; the encrypted AI running information is obtained by encrypting the corresponding latest AI running information by using the public key;

and decrypting the received encrypted AI running information by using the trusted password module according to the generated private key to obtain an AI algorithm program and algorithm parameters.

According to an enabling aspect of the first aspect of the invention, the method further comprises:

and when the AI analysis is performed based on the obtained AI algorithm program and the obtained algorithm parameters, only storing the obtained AI algorithm program and the obtained AI algorithm parameters in the memory.

and forcibly clearing the AI algorithm program and the algorithm parameters in the memory before shutdown or restart.

The second aspect of the present invention provides an artificial intelligence system protection method, where the method is performed by an AI management and control center, and the method includes:

receiving a credible verification result reported periodically by AI analysis equipment; the credible verification result is obtained when the AI analysis equipment performs periodical credible verification on a target program and a system of the AI analysis equipment on the basis of a credible verification technology, wherein the target program and the system comprise a BIOS (basic input output system), a BootLoader (boot loader) and/or an operating system;

receiving an AIK certificate application carrying an AIK (identity authentication key) sent by the AI analysis equipment, and feeding back a corresponding AIK certificate to the AI analysis equipment based on the AIK; the AIK is an identity authentication key which is applied by the AI analysis equipment to the embedded trusted cryptography module and is fed back when the trusted cryptography module judges that the equipment is in a trusted state based on the current trusted verification result of the AI analysis equipment;

receiving an application request of AI operation information including an AI algorithm program and algorithm parameters sent by the AI analysis equipment; the application request comprises the AIK certificate and a public key generated by a trusted cryptography module embedded in the AI analysis equipment;

and according to the application request, when the device is judged to be in a credible state based on the received current credible verification result, encrypting the corresponding latest AI operation information by using the public key, and feeding back the obtained encrypted AI operation information to the AI analysis device.

According to a manner that can be realized by the second aspect of the present invention, the feeding back the corresponding AIK certificate to the AI analysis device based on the AIK includes:

and auditing the AIK certificate application according to a preset security policy, generating an AIK certificate corresponding to the AIK after the auditing is passed, and feeding back the AIK certificate to the AI analysis equipment.

A third aspect of the present invention provides an AI analysis apparatus comprising:

the credibility verification module is used for carrying out periodical credibility verification on the target program and the system of the credibility verification module on the basis of a credibility verification technology to obtain a credibility verification result; the target program and the system comprise a BIOS, a BootLoader and/or an operating system;

the AIK acquisition module is used for sending an AIK inquiry request carrying a current trusted verification result to the embedded trusted password module, receiving and storing the AIK fed back by the trusted password module when the trusted password module judges that the equipment is in a trusted state based on the current trusted verification result;

an AIK certificate acquisition module, configured to send an AIK certificate application carrying the AIK to an AI management and control center, and receive and store an AIK certificate fed back by the AI management and control center based on the AIK;

a credible verification result reporting module, configured to periodically report a credible verification result obtained when the credible verification is performed to the AI control center;

the AI operation information application module is used for sending an AI operation information application request including an AI algorithm program and algorithm parameters to the AI control center; the application request comprises the AIK certificate and a public key generated by the trusted cryptography module;

the AI operation information receiving module is used for receiving the encrypted AI operation information fed back by the AI control center when the AI control center judges that the equipment is in the credible state based on the received current credible verification result; the encrypted AI running information is obtained by encrypting the corresponding latest AI running information by using the public key;

and the AI operation information decryption module is used for decrypting the received encrypted AI operation information by using the trusted password module according to the generated private key to obtain an AI algorithm program and algorithm parameters.

According to an implementable manner of the third aspect of the present invention, the AI analysis device further includes:

and the storage module is used for storing the obtained AI algorithm program and the obtained algorithm parameters in the memory only when AI analysis is carried out on the basis of the obtained AI algorithm program and the obtained algorithm parameters.

and the information forced clearing module is used for forcibly clearing the AI algorithm program and the algorithm parameters in the memory before shutdown or restart.

A fourth aspect of the present invention provides an AI management and control center, including:

the first receiving module is used for receiving a credible verification result reported by the AI analysis equipment periodically; the credible verification result is obtained when the AI analysis equipment performs periodical credible verification on a target program and a system of the AI analysis equipment on the basis of a credible verification technology, wherein the target program and the system comprise a BIOS (basic input output System), a BootLoader and/or an operating system;

an AIK certificate issuing module, configured to receive an AIK certificate application carrying an AIK sent by the AI analysis device, and feed back a corresponding AIK certificate to the AI analysis device based on the AIK; the AIK is an identity authentication key which is applied by the AI analysis equipment to the embedded trusted cryptography module and is fed back when the trusted cryptography module judges that the equipment is in a trusted state based on the current trusted verification result of the AI analysis equipment;

the second receiving module is used for receiving an application request of AI running information including an AI algorithm program and algorithm parameters, which is sent by the AI analysis equipment; the application request comprises the AIK certificate and a public key generated by a trusted cryptography module embedded in the AI analysis equipment;

and the AI operation information encryption module is used for encrypting the corresponding latest AI operation information by using the public key when the device is judged to be in the credible state based on the received current credible verification result according to the application request, and feeding back the obtained encrypted AI operation information to the AI analysis device.

According to a manner that can be realized by the fourth aspect of the present invention, the AIK certificate issuing module includes:

and the auditing unit is used for auditing the AIK certificate application according to a preset security policy, generating an AIK certificate corresponding to the AIK after the auditing is passed, and feeding the AIK certificate back to the AI analysis equipment.

The invention provides an artificial intelligence system protection device in a fifth aspect, which comprises AI analysis equipment and an AI control center, wherein the AI analysis equipment is embedded with a trusted password module;

the AI analysis equipment is used for carrying out periodical credible verification on a target program and a system of the AI analysis equipment based on a credible verification technology to obtain a credible verification result; the target program and the system comprise a BIOS, a BootLoader and/or an operating system; the AI analysis equipment is also used for sending an AIK inquiry request carrying a current credible verification result to the embedded credible password module;

the trusted password module is used for feeding back the AIK to the AI analysis equipment when the equipment is judged to be in a trusted state based on the current trusted verification result according to the AIK query request;

the AI analysis equipment is also used for sending an AIK certificate application carrying the AIK to an AI control center; the AI management and control center is used for feeding back a corresponding AIK certificate to the AI analysis equipment based on the AIK;

the AI analysis equipment is also used for receiving and storing the AIK certificate, periodically reporting a credible verification result obtained when credible verification is carried out to the AI control center, and sending an application request of AI running information including AI algorithm programs and algorithm parameters to the AI control center; the application request comprises the AIK certificate and a public key generated by the trusted cryptography module;

the AI management and control center is further used for encrypting corresponding latest AI operation information by using the public key according to the application request when the device is judged to be in a credible state based on the received current credible verification result, and feeding back the obtained encrypted AI operation information to the AI analysis device;

the AI analysis equipment is further used for decrypting the received encrypted AI running information by using the trusted password module according to the generated private key to obtain an AI algorithm program and algorithm parameters.

According to an implementable manner of the fifth aspect of the present invention, the AI analysis device is further configured to:

According to an implementable manner of the fifth aspect of the present invention, the AI management and control center is specifically configured to:

A sixth aspect of the present invention provides an artificial intelligence system protection device, including:

a memory to store instructions; wherein the instructions are used to implement the artificial intelligence system protection method described in any of the implementable manners of the first aspect above, or the instructions are used to implement the artificial intelligence system protection method described in any of the implementable manners of the second aspect above;

a processor to execute the instructions in the memory.

A seventh aspect of the present invention provides a computer-readable storage medium, on which a computer program is stored, the computer program, when being executed by a processor, implementing the artificial intelligence system protection method according to any one of the above-mentioned manners of implementing the first aspect, or the computer program, when being executed by a processor, implementing the artificial intelligence system protection method according to any one of the above-mentioned manners of implementing the second aspect.

According to the technical scheme, the invention has the following advantages:

the AI analysis equipment carries out periodical credible verification on a target program and a system thereof based on a credible verification technology, interacts with an embedded credible password module according to a credible verification result to obtain AIK, periodically reports the obtained credible verification result to an AI control center, and sends an AIK certificate application carrying the AIK to the AI control center; the AI management and control center verifies the certificate application and issues the AIK certificate, and encrypts corresponding latest AI operation information by using a public key carried in the application request and feeds the latest AI operation information back to the AI analysis equipment when the equipment is judged to be in a credible state based on the received current credible verification result according to the AI operation information application request sent by the AI analysis equipment; the AI analysis equipment decrypts the received encrypted AI running information by using the trusted cryptography module to obtain an AI algorithm program and algorithm parameters; the AI management and control center is responsible for updating and maintaining the AI algorithm programs and the algorithm parameters, distributes the algorithm programs and the parameters for the AI analysis equipment according to the request, provides a basic credible verification function based on the credible password module and provides safety guarantee for the distribution of the AI algorithm programs and the parameters, prevents the BIOS, the operating system, the memory, the operating program and the like of the AI analysis equipment from being illegally tampered, thereby effectively protecting the algorithm programs and the algorithm parameters and simultaneously meeting the frequent updating requirements of the algorithm programs and the algorithm parameters.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without inventive exercise.

Fig. 1 is a flowchart of a method for protecting an artificial intelligence system according to an embodiment of the present invention;

FIG. 2 is a flow chart of a method for protecting an artificial intelligence system according to an embodiment of a second aspect of the present invention;

fig. 3 is a block diagram illustrating structural connections of an AI analysis apparatus according to a third embodiment of the present invention;

fig. 4 is a block diagram illustrating a structural connection of an AI management and control center according to a fourth aspect of the present invention;

fig. 5 is a schematic diagram of interaction among the AI analysis device, the trusted cryptography module, and the AI management and control center according to a fifth embodiment of the present invention.

Reference numerals:

1-a trusted verification module; 2-AIK acquisition module; 3-AIK certificate acquisition module; 4-credible verification result reporting module; 5-AI operation information application module; 6-AI operation information receiving module; 7-AI operation information decryption module; 10-a first receiving module; 20-AIK certificate issuing module; 30-a second receiving module; and the 40-AI runs an information encryption module.

Detailed Description

The embodiment of the invention provides an artificial intelligence system protection method and device, AI analysis equipment and a control center, which are used for solving the technical problem of meeting the frequent updating requirement of an algorithm program and algorithm parameters while realizing the protection of the algorithm program and the algorithm parameters.

In order to make the objects, features and advantages of the present invention more obvious and understandable, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is obvious that the embodiments described below are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

The embodiment of the first aspect of the invention provides an artificial intelligence system protection method.

Referring to fig. 1, fig. 1 is a flowchart illustrating a method for protecting an artificial intelligence system according to an embodiment of the present invention.

The artificial intelligence system protection method provided by the embodiment of the invention is executed by AI analysis equipment. The AI analysis device is a field device for operating an AI algorithm program and provides intelligent data analysis for field users; a trusted password module is embedded in the AI analysis equipment.

The artificial intelligence system protection method provided by the embodiment of the invention comprises the steps S1-S7.

S1, performing regular credible verification on a target program and a system of the user on the basis of a credible verification technology to obtain a credible verification result; the target program and the system comprise a BIOS, a BootLoader and/or an operating system.

The BIOS is a set of programs that are fixed to a ROM chip on a motherboard in the AI analysis device, stores the most important basic input and output programs of the AI analysis device, a power-on self-test program, and a system self-start program, and can read and write specific information set by the system from the CMOS. BootLoader is used to load the operating system, which is run after the BIOS on the AI analysis device.

When the target program and the system of the AI analysis device are regularly and trustiny verified based on the trustiny verification technology, the AI analysis device performs trustiny verification on the target program and the system in the starting process, records the result of the trustiny verification, and periodically performs the trustiny verification in the running process.

It should be noted that, the prior art may be referred to in the process of performing trusted verification on the target program and the system thereof based on the trusted verification technology, and the embodiment of the present invention does not limit this process.

And S2, sending an AIK inquiry request carrying a current trusted verification result to the embedded trusted password module, and receiving and storing the AIK fed back by the trusted password module when the device is judged to be in a trusted state based on the current trusted verification result.

Specifically, the trusted cryptography module judges whether the AI analysis device is in a trusted state according to the trusted verification result obtained in step S1, and if so, returns to the AIK; otherwise, the return is refused and the alarm is given. The AIK is preset according to a credible standard when the credible password module leaves a factory, and has uniqueness, and the AIKs of any two modules are different. The AIK is used as the identity of the AI analysis equipment, and the identity uniqueness of the AI analysis equipment is ensured.

In the embodiment of the invention, a basic credible verification function is provided by using the credible password module so as to ensure that the BIOS, the operating system, the memory, the running program and the like of the AI analysis equipment are not illegally tampered, and provide safety guarantee for distribution of AI algorithm programs and parameters.

And S3, sending an AIK certificate application carrying the AIK to an AI management and control center, and receiving and storing the AIK certificate fed back by the AI management and control center based on the AIK.

In the embodiment of the present invention, the AI management and control center is responsible for managing AIK certificates of all AI analysis devices. As a specific implementation manner, the AI management and control center audits the AIK certificate application according to the security policy, generates an AIK certificate after the audit is passed, and returns the AIK certificate to the AI analysis device.

Wherein, the security policy can be set according to actual conditions. For example, an AIK list is stored in advance in the AI administration center. And when an AIK certificate application carrying the AIK and sent by AI analysis equipment is received, matching the AIK with each standard AIK in an AIK list, and judging that the AIK certificate application is approved when the matching is successful.

And S4, reporting a credible verification result obtained when credible verification is carried out to the AI control center periodically.

Because the AI analysis equipment regularly carries out the credible verification, the AI analysis equipment can report the credible verification result to the AI management and control center or delay a certain time when the credible verification result is obtained each time.

In the embodiment of the invention, the AI management and control center manages the credible verification results of all AI analysis equipment.

As a specific real-time manner, if the AI analysis device reports the trusted verification result indefinitely or reports the verification result as untrusted, the AI management and control center suspends the delivery and update services of the AI algorithm program and parameters.

S5, sending an application request of AI operation information including an AI algorithm program and algorithm parameters to the AI control center; the application request comprises the AIK certificate and a public key generated by the trusted cryptography module.

The application request of the AI operation information is generated when the AI analysis equipment needs to perform intelligent data analysis or needs to perform upgrading of an AI algorithm program and algorithm parameters. Or generated when other preset terminals or uploaded instructions are received.

As a specific implementation manner, the public key generated by the trusted cryptography module is a public key of an asymmetric key, the trusted cryptography module generates and stores a corresponding private key while generating the public key, and the private key is always kept in the trusted cryptography module.

The AI operation information including the AI algorithm program and the algorithm parameters is encrypted in an encryption mode based on the asymmetric key, so that the safety of the AI algorithm program and the algorithm parameters in the issuing process can be guaranteed.

S6, receiving encrypted AI running information fed back by the AI control center when the AI control center judges that the equipment is in a credible state based on the received current credible verification result; the encrypted AI running information is obtained by encrypting the corresponding latest AI running information by using the public key.

Specifically, the AI management and control center verifies the AIK certificate in the application request, determines the identity of the equipment and checks the credible state of the equipment; and for the equipment in the credible state, encrypting the current latest AI operation information such as the AI algorithm program, the parameters and the like by using the public key, and sending the information to the AI analysis equipment.

And S7, decrypting the received encrypted AI running information by using the trusted password module according to the generated private key to obtain an AI algorithm program and algorithm parameters.

In one implementation, the method further comprises:

and when AI analysis is carried out based on the obtained AI algorithm program and the obtained algorithm parameters, only storing the obtained AI algorithm program and the obtained algorithm parameters in the memory.

In one implementation, the method further comprises:

According to the embodiment of the invention, the AI analysis device starts the AI program for analysis. The AI algorithm program and the algorithm parameters in the operation process are only stored in the memory and are not stored in a local disk, and the AI algorithm program and the algorithm parameters in the memory can be forcibly cleared before the AI analysis equipment is shut down or restarted. Through the two modes, the AI algorithm program and the algorithm parameters can be prevented from being illegally stolen, and the protection strength of the core assets of the artificial intelligent system is improved. In addition, the private key is always kept in the trusted cryptography module, so that the decryption process is carried out in the trusted cryptography module, and the decryption result is finally output.

The embodiment of the second aspect of the invention provides an artificial intelligence system protection method, which is executed by an AI management and control center.

Referring to fig. 2, fig. 2 is a flowchart illustrating a method for protecting an artificial intelligence system according to an embodiment of the present invention.

The embodiment of the invention provides a method for protecting an artificial intelligence system, which comprises the following steps:

step S10, receiving a credible verification result reported periodically by the AI analysis equipment; the credible verification result is obtained when the AI analysis equipment performs periodical credible verification on a target program and a system of the AI analysis equipment on the basis of a credible verification technology, wherein the target program and the system comprise a BIOS (basic input output System), a BootLoader and/or an operating system;

step S20, receiving an AIK certificate application carrying an AIK sent by the AI analysis equipment, and feeding back a corresponding AIK certificate to the AI analysis equipment based on the AIK; the AIK is an identity authentication key which is applied by the AI analysis equipment to the embedded trusted cryptography module and is fed back when the trusted cryptography module judges that the equipment is in a trusted state based on the current trusted verification result of the AI analysis equipment;

step S30, receiving an application request of AI operation information including an AI algorithm program and algorithm parameters sent by the AI analysis equipment; the application request comprises the AIK certificate and a public key generated by a trusted cryptography module embedded in the AI analysis equipment;

and step S40, according to the application request, when the equipment is judged to be in a credible state based on the received current credible verification result, encrypting the corresponding latest AI operation information by using the public key, and feeding back the obtained encrypted AI operation information to the AI analysis equipment.

In one implementation, the feeding back, to the AI analysis device, a corresponding AIK certificate based on the AIK includes:

In the above embodiments of the present invention, specific processes and functions of each step may refer to corresponding processes and beneficial effects in the method embodiments described in the foregoing first aspect, and are not described herein again.

An embodiment of a third aspect of the present invention provides an AI analysis device, which is configured to implement the artificial intelligence system protection method according to any one of the embodiments of the first aspect of the present invention.

Referring to fig. 3, fig. 3 is a block diagram illustrating a structural connection of an AI analysis device according to an embodiment of the present invention.

The AI analysis apparatus provided by the embodiment of the present invention includes:

the credibility verification module 1 is used for carrying out periodical credibility verification on a target program and a system thereof based on a credibility verification technology to obtain a credibility verification result; the target program and the system comprise a BIOS, a BootLoader and/or an operating system;

the AIK acquisition module 2 is used for sending an AIK inquiry request carrying a current trusted verification result to the embedded trusted password module, receiving and storing the AIK fed back by the trusted password module when the trusted password module judges that the equipment is in a trusted state based on the current trusted verification result;

an AIK certificate acquisition module 3, configured to send an AIK certificate application carrying the AIK to an AI management and control center, and receive and store an AIK certificate fed back by the AI management and control center based on the AIK;

a credible verification result reporting module 4, configured to report a credible verification result obtained when credible verification is performed to the AI control center periodically;

an AI operation information application module 5, configured to send an application request for AI operation information including an AI algorithm program and algorithm parameters to the AI management and control center; the application request comprises the AIK certificate and a public key generated by the trusted cryptography module;

an AI operation information receiving module 6, configured to receive encrypted AI operation information fed back by the AI management and control center when determining, based on the received current trusted verification result, that the device is in a trusted state; the encrypted AI running information is obtained by encrypting the corresponding latest AI running information by using the public key;

and the AI operation information decryption module 7 is used for decrypting the received encrypted AI operation information by using the trusted password module according to the generated private key to obtain an AI algorithm program and algorithm parameters.

In one implementation, the AI analysis device further includes:

and the storage module is used for storing the obtained AI algorithm program and the obtained AI algorithm parameter only in the memory when the AI analysis is carried out based on the obtained AI algorithm program and the obtained AI algorithm parameter.

In one implementation, the AI analysis apparatus further includes:

In the above embodiments of the present invention, the detailed processes and functions of each module refer to the corresponding processes and beneficial effects in the method embodiments described in the foregoing first aspect, and are not described herein again.

An embodiment of a fourth aspect of the present invention provides an AI management and control center, where the AI management and control center is configured to implement the artificial intelligence system protection method according to any one of the embodiments of the second aspect of the present invention.

Referring to fig. 4, fig. 4 is a block diagram illustrating a structural connection of an AI management and control center according to an embodiment of the present invention.

The AI management and control center provided by the embodiment of the present invention includes:

a first receiving module 10, configured to receive a trusted verification result periodically reported by an AI analysis device; the credible verification result is obtained when the AI analysis equipment performs periodical credible verification on a target program and a system of the AI analysis equipment on the basis of a credible verification technology, wherein the target program and the system comprise a BIOS (basic input output System), a BootLoader and/or an operating system;

an AIK certificate issuing module 20, configured to receive an AIK certificate application carrying an AIK sent by the AI analysis device, and feed back a corresponding AIK certificate to the AI analysis device based on the AIK; the AIK is an identity authentication key which is applied by the AI analysis equipment to the embedded trusted cryptography module and is fed back when the trusted cryptography module judges that the equipment is in a trusted state based on the current trusted verification result of the AI analysis equipment;

a second receiving module 30, configured to receive an application request for AI operation information, which includes an AI algorithm program and algorithm parameters and is sent by the AI analysis device; the application request comprises the AIK certificate and a public key generated by a trusted cryptography module embedded in the AI analysis equipment;

and the AI operation information encryption module 40 is configured to encrypt the corresponding latest AI operation information by using the public key when determining that the device is in the trusted state based on the received current trusted verification result according to the application request, and feed back the obtained encrypted AI operation information to the AI analysis device.

In one implementation, the AIK certificate issuing module 20 includes:

The embodiment of the fifth aspect of the invention provides an artificial intelligence system protection device.

Referring to fig. 5, fig. 5 is a schematic diagram illustrating interaction among the AI analysis device, the trusted cryptography module, and the AI management and control center according to an embodiment of the present invention.

The artificial intelligence system protection device provided by the embodiment of the invention comprises AI analysis equipment and an AI control center, wherein the AI analysis equipment is embedded with a trusted password module;

the AI analysis equipment is also used for receiving and storing the AIK certificate, reporting a credible verification result obtained when credible verification is carried out to the AI control center periodically, and sending an application request of AI operation information including an AI algorithm program and algorithm parameters to the AI control center; the application request comprises the AIK certificate and a public key generated by the trusted cryptography module;

In one implementation, the AI analysis device is further configured to:

In an implementation manner, the AI management and control center is specifically configured to:

In the above embodiments of the present invention, specific implementation processes and effects of the AI analysis device, the trusted cryptography module, and the AI management and control center refer to corresponding processes and advantageous effects in the method embodiment described in the foregoing first aspect, and are not described herein again.

An embodiment of a sixth aspect of the present invention provides an artificial intelligence system protection device, including:

a memory to store instructions; the instruction is used to implement the artificial intelligence system protection method in any manner that can be implemented by any embodiment of the first aspect, or the instruction is used to implement the artificial intelligence system protection method in any manner that can be implemented by any embodiment of the second aspect;

a processor to execute the instructions in the memory.

An embodiment of the seventh aspect of the present invention provides a computer-readable storage medium, where a computer program is stored, and the computer program, when being executed by a processor, implements the artificial intelligence system protection method according to any one of the foregoing implementable manners of the embodiment of the first aspect, or the computer program, when being executed by the processor, implements the artificial intelligence system protection method according to any one of the foregoing implementable manners of the embodiment of the second aspect.

In the above embodiment of the present invention, the trusted cryptography module is used to provide a basic trusted verification function, so as to ensure that the BIOS, the operating system, the memory, the running program, and the like of the AI analysis device are not illegally tampered, and provide security guarantee for the AI algorithm program and parameter distribution; the algorithm program and the algorithm parameters are not stored locally, and are applied to an AI management and control center when in use, and the algorithm program and the parameters are protected for safe distribution through a trusted technology, so that the core assets of the artificial intelligence system can be effectively protected; when the AI analysis equipment needs to perform intelligent data analysis or upgrade of an AI algorithm program and algorithm parameters, an application request of AI operation information including the AI algorithm program and the algorithm parameters is generated, and then the AI management and control center updates the corresponding latest AI operation information by using a public key carried by the request, so that the AI algorithm program and the algorithm parameters can be updated according to the request, the requirement of frequent updating of the AI algorithm program and the algorithm parameters is met, and the method is simple, convenient and fast.

In the several embodiments provided in the present application, it should be understood that the disclosed apparatus, device, management center and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the modules is only one logical functional division, and other divisions may be realized in practice, for example, a plurality of modules or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed coupling or direct coupling or communication connection between each other may be through some interfaces, indirect coupling or communication connection between devices or modules, and may be in an electrical, mechanical or other form.

The modules described as separate parts may or may not be physically separate, and parts displayed as modules may or may not be physical modules, may be located in one place, or may be distributed on a plurality of network modules. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment.

In addition, functional modules in the embodiments of the present invention may be integrated into one processing module, or each of the modules may exist alone physically, or two or more modules are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode.

The integrated module, if implemented in the form of a software functional module and sold or used as a separate product, may be stored in a computer-readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.

The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims

1. An artificial intelligence system protection method, performed by an AI analysis device, the method comprising:

sending an AIK inquiry request carrying a current trusted verification result to an embedded trusted password module, and receiving and storing an AIK fed back by the trusted password module when the trusted password module judges that the equipment is in a trusted state based on the current trusted verification result;

sending an AIK certificate application carrying the AIK to an AI management and control center, and receiving and storing the AIK certificate fed back by the AI management and control center based on the AIK;

reporting a credible verification result obtained when credible verification is carried out to the AI control center periodically;

sending an application request of AI operation information including an AI algorithm program and algorithm parameters to the AI control center; the application request comprises the AIK certificate and a public key generated by the trusted cryptography module;

2. The artificial intelligence system protection method of claim 1, the method further comprising:

3. The artificial intelligence system protection method of claim 2, the method further comprising:

4. An artificial intelligence system protection method, which is executed by an AI management and control center, the method comprising:

receiving a credible verification result reported periodically by AI analysis equipment; the credible verification result is obtained when the AI analysis equipment performs periodical credible verification on a target program and a system of the AI analysis equipment on the basis of a credible verification technology, wherein the target program and the system comprise a BIOS (basic input output System), a BootLoader and/or an operating system;

receiving an AIK certificate application carrying an AIK sent by the AI analysis equipment, and feeding back a corresponding AIK certificate to the AI analysis equipment based on the AIK; the AIK is an identity authentication key which is applied by the AI analysis equipment to the embedded trusted cryptography module and is fed back when the trusted cryptography module judges that the equipment is in a trusted state based on the current trusted verification result of the AI analysis equipment;

and according to the application request, when the equipment is judged to be in a credible state based on the received current credible verification result, encrypting the corresponding latest AI operation information by using the public key, and feeding back the obtained encrypted AI operation information to the AI analysis equipment.

5. The artificial intelligence system protection method of claim 4, wherein the feeding back the corresponding AIK certificate to the AI analysis device based on the AIK comprises:

and auditing the AIK certificate application according to a preset security policy, and generating an AIK certificate corresponding to the AIK after the auditing is passed and feeding the AIK certificate back to the AI analysis equipment.

6. An AI analysis device, comprising:

7. An AI management and control center, comprising:

the first receiving module is used for receiving a credible verification result reported periodically by the AI analysis equipment; the credible verification result is obtained when the AI analysis equipment performs periodical credible verification on a target program and a system of the AI analysis equipment on the basis of a credible verification technology, wherein the target program and the system comprise a BIOS (basic input output System), a BootLoader and/or an operating system;

8. The artificial intelligence system protection device is characterized by comprising AI analysis equipment and an AI control center, wherein the AI analysis equipment is embedded with a trusted password module;

the AI analysis equipment is also used for sending an AIK certificate application carrying the AIK to an AI management and control center; the AI management and control center is used for feeding back a corresponding AIK certificate to the AI analysis equipment based on the AIK;

9. An artificial intelligence system protection device, comprising:

a memory to store instructions; wherein the instruction is used for realizing the artificial intelligence system protection method according to any one of claims 1-3, or the instruction is used for realizing the artificial intelligence system protection method according to claim 4 or 5

A processor to execute the instructions in the memory.

10. A computer-readable storage medium, characterized in that a computer program is stored thereon, which computer program, when being executed by a processor, carries out the artificial intelligence system protection method of any one of claims 1-3, or which computer program, when being executed by a processor, carries out the artificial intelligence system protection method of claim 4 or 5.