CN117371002A - Model encryption method, model decryption method, encryption device, and readable storage medium - Google Patents
Model encryption method, model decryption method, encryption device, and readable storage medium Download PDFInfo
- Publication number
- CN117371002A CN117371002A CN202311162414.XA CN202311162414A CN117371002A CN 117371002 A CN117371002 A CN 117371002A CN 202311162414 A CN202311162414 A CN 202311162414A CN 117371002 A CN117371002 A CN 117371002A
- Authority
- CN
- China
- Prior art keywords
- model
- file
- encryption
- encrypted
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 51
- 238000012795 verification Methods 0.000 claims description 80
- 238000012545 processing Methods 0.000 claims description 9
- 230000004044 response Effects 0.000 claims description 5
- 238000012549 training Methods 0.000 description 29
- 238000010586 diagram Methods 0.000 description 6
- 230000005540 biological transmission Effects 0.000 description 3
- 238000013473 artificial intelligence Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 125000004122 cyclic group Chemical group 0.000 description 1
- 238000013496 data integrity verification Methods 0.000 description 1
- 238000013135 deep learning Methods 0.000 description 1
- 238000013136 deep learning model Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000007774 longterm Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012827 research and development Methods 0.000 description 1
- 230000000153 supplemental effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses a model encryption method, a model decryption method, an encryption device and a readable storage medium, wherein the method comprises the following steps: obtaining an original model file and redefined model template corresponding to a model to be encrypted; the redefined model template comprises a model head area and a file area; checking the original model file to obtain first check information, and adding the first check information to a model header area; determining a file encryption mode matched with the original model file, encrypting the original model file by using the file encryption mode to obtain an encrypted model file, checking the encrypted model file to obtain second check information, and adding the file encryption mode and the second check information to a model header area; and adding the encryption model file into the file area to obtain a target encryption model corresponding to the to-be-encrypted model. By the scheme, the compatibility and the data integrity of the encrypted model can be improved.
Description
Technical Field
The present application relates to the field of artificial intelligence technologies, and in particular, to a model encryption method, a model decryption method, an encryption device, and a readable storage medium.
Background
With the continuous development of artificial intelligence, models obtained based on deep learning training are widely applied, and once the models are leaked, core technologies are exposed, so that how to encrypt the models is more and more interesting. In the long-term research and development process, the applicant of the application finds that the conventional model encryption mode only encrypts the data of the model, so that the encrypted model has poor compatibility, and the conventional encryption mode only focuses on the privacy of the model and ignores the data integrity of the encrypted model. In view of this, how to improve the compatibility and data integrity of the encrypted model is a urgent issue to be resolved.
Disclosure of Invention
The technical problem that this application mainly solves is to provide a model encryption method, model decryption method, encryption device and readable storage medium, can improve the compatibility and the data integrity of the model after encrypting.
In order to solve the above technical problem, a first aspect of the present application provides a model encryption method, including: obtaining an original model file and redefined model template corresponding to a model to be encrypted; the redefined model template comprises a model head area and a file area; checking the original model file to obtain first check information, and adding the first check information to the model head area; determining a file encryption mode matched with the original model file, encrypting the original model file by using the file encryption mode to obtain an encrypted model file, checking the encrypted model file to obtain second check information, and adding the file encryption mode and the second check information into the model header area; and adding the encryption model file into the file area to obtain a target encryption model corresponding to the to-be-encrypted model.
In order to solve the above technical problem, a second aspect of the present application provides a model decryption method, including: obtaining a target encryption model to be decrypted, and obtaining first check information and second check information from a model head area of the target encryption model; wherein the target encryption model is obtained by the method described in the first aspect; obtaining an encryption model file from a file area of the target encryption model, checking the encryption model file to obtain first verification information, and comparing the first verification information with the second verification information; responding to the first verification information and the second verification information to be consistent, acquiring a file encryption mode of the encryption model file from a model header area of the target encryption model, and decrypting the encryption model file by using a file decryption mode corresponding to the file encryption mode to obtain a reference decryption file; checking the reference decryption file to obtain second verification information and comparing the second verification information with the first verification information; and taking the reference decryption file as a target decryption file in response to the second verification information being consistent with the first verification information.
To solve the above technical problem, a third aspect of the present application provides an encryption device, including: the input unit is used for receiving an original model file corresponding to a model to be encrypted, the processing unit comprises a memory and a processor which are mutually coupled, wherein the memory stores program data, the processor calls the program data to execute the method of the first aspect, and the output unit is used for outputting a target encryption model corresponding to the model to be encrypted.
To solve the above technical problem, a fourth aspect of the present application provides a computer-readable storage medium having stored thereon program data, which when executed by a processor, implements the method of the first aspect or the second aspect.
According to the scheme, the original model file included in the model to be encrypted and the redefined model template corresponding to the model to be encrypted are obtained, wherein the redefined model template comprises a model header area and a file area, so that the redefined model template is compatible with the models to be encrypted obtained after training of different training frameworks, the original model file is checked to obtain first check information corresponding to the original model file, the first check information is added to the model header area so as to be convenient for obtaining the first check information for verification in decryption, the file encryption mode matched with the original model file is determined, the original model file is encrypted by utilizing the file encryption mode matched with the original model file to obtain an encrypted model file, the second check information corresponding to the encrypted model file is obtained by checking the encrypted model file, the file encryption mode and the second check information are added to the model header area so as to be convenient for obtaining the file encryption mode for reverse decryption in decryption, the probability that data errors of the encrypted models are still used in decryption is reduced through double verification of the two check information, the encrypted models are added to the encrypted file is more well as the encrypted file is encrypted in the unified model, the encrypted file can be encrypted in the unified model corresponding to the target area, the target model can be encrypted, the target model can be encrypted has a uniform, and has a uniform encryption format, and can be obtained, the probability of the model being tampered in the transmission process is reduced, and the data integrity of the encrypted model is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art. Wherein:
FIG. 1 is a schematic flow chart of an embodiment of a method for encrypting a model of the present application;
FIG. 2 is a schematic flow chart of another embodiment of the encryption method of the present application;
FIG. 3 is a schematic diagram of an embodiment of redefining a model template according to the present application;
FIG. 4 is a flow chart of an embodiment of a decryption method of the model of the present application;
FIG. 5 is a schematic diagram illustrating the structure of an embodiment of an encryption device of the present application;
fig. 6 is a schematic structural diagram of an embodiment of a computer-readable storage medium of the present application.
Detailed Description
The following description of the technical solutions in the embodiments of the present application will be made clearly and completely with reference to the drawings in the embodiments of the present application, and it is apparent that the described embodiments are only some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present disclosure.
The terms "system" and "network" are often used interchangeably herein. The term "and/or" is herein merely an association relationship describing an associated object, meaning that there may be three relationships, e.g., a and/or B, may represent: a exists alone, A and B exist together, and B exists alone. In addition, the character "/" herein generally indicates that the front and rear associated objects are an "or" relationship. Further, "a plurality" herein means two or more than two.
The model encryption method provided by the application is applied to encrypting the model to be encrypted to obtain the target encryption model, the model decryption method is applied to decrypting the encrypted target encryption model, and execution subjects corresponding to the method are all processing terminals capable of calling the model.
Referring to fig. 1, fig. 1 is a flow chart illustrating an embodiment of a method for encrypting a model of the present application, the method includes:
s101: and obtaining an original model file and a redefined model template corresponding to the model to be encrypted, wherein the redefined model template comprises a model head area and a file area.
Specifically, an original model file included in a model to be encrypted and a redefined model template corresponding to the model to be encrypted are obtained.
Further, the model to be encrypted can be obtained based on any existing training frame training, the original model file corresponding to the model to be encrypted obtained by training by utilizing different training frames corresponds to a file format, and the redefined model template comprises a model head area and a file area, so that the redefined model template is compatible with the model to be encrypted obtained after training by different training frames.
It should be noted that, in addition to the model header area and the file area, other predefined areas may be included in the redefined model template.
In an application scenario, the redefined model template includes a model header area for storing information different from file data and a file area for storing file data.
In another application scenario, the redefined model template includes a model header area, a file area, and an extra information area, the model header area is used for storing size information and verification information, the file area is used for storing file data, and the extra information area is used for storing information different from the size information, the verification information and the file data.
S102: and checking the original model file to obtain first check information, and adding the first check information to the model header area.
Specifically, the original model file is checked to obtain first check information corresponding to the original model file, and the first check information is added to the model head area, so that the first check information can be obtained from the model head area for verification during decryption.
In an application scenario, the original model file is checked by using the cyclic redundancy code, first check information corresponding to the original model file is obtained, and the first check information is added to a field appointed in the model header area.
In another application scenario, the original model file is checked by using the parity check code, so that first check information corresponding to the original model file is obtained, and the first check information is added to a designated field in the model header area.
It can be understood that in other application scenarios, the verification modes of the information set verification code, the longitudinal several-redundancy verification code and the like can also be used, which is not particularly limited in the application.
S103: determining a file encryption mode matched with the original model file, encrypting the original model file by using the file encryption mode to obtain an encrypted model file, checking the encrypted model file to obtain second check information, and adding the file encryption mode and the second check information to a model header area.
Specifically, determining a file encryption mode matched with an original model file, encrypting the original model file by using the file encryption mode matched with the original model file to obtain an encrypted model file, checking the encrypted model file to obtain second check information corresponding to the encrypted model file, adding the file encryption mode and the second check information to a model header area so as to obtain the file encryption mode from the model header area for reverse decryption and obtain the second check information for verification during decryption.
It can be understood that the first check code is obtained by checking the original model file before encryption, the second check code is obtained by checking the encrypted model file after encryption, and the probability that the encrypted model is decrypted and used for data errors is reduced through double verification of two kinds of check information.
In an application mode, obtaining a to-be-encrypted grade corresponding to a to-be-encrypted model, taking a file encryption mode corresponding to the to-be-encrypted grade as a file encryption mode matched with an original model file, encrypting the original model file by using the file encryption mode matched with the original model file to obtain an encrypted model file, checking the encrypted model file to obtain second check information, and adding the file encryption mode and the second check information into a designated field in a model header area.
In another application mode, the original model file has a file format, a plurality of file formats correspond to respective encryption modes, a file encryption mode matched with the original model file is determined based on the file format of the original model file, the original model file is encrypted by using the file encryption mode matched with the original model file, an encrypted model file is obtained, the encrypted model file is checked to obtain second check information, and the file encryption mode and the second check information are added to a field appointed in a model header area.
S104: and adding the encryption model file into the file area to obtain a target encryption model corresponding to the to-be-encrypted model.
Specifically, the encryption model file is added into a file area of the redefined model template to obtain a target encryption model corresponding to the model to be encrypted, and the encryption model file is completely included in the target encryption model.
In one application, the file area includes an address area and a data area, location information is generated based on an offset address of the data area in the redefined model template, the location information is stored in the address area, and data encrypted by the encryption model file is added to the data area.
In another application mode, the encrypted data of the encryption model file is added to the file area, and the data size and the data position of the encrypted data in the file area are added to the model header area.
Optionally, after filling the file area, obtaining supplementary information such as redefining the size of the template, and filling the supplementary information into the model header area to obtain the target encryption model.
It should be noted that, the original model files of the model to be encrypted obtained by training with different algorithm training frames have different file formats, for example, two original model files generally obtained by training with a caffe frame, one is a file with a caffedel format, and the other is a file with a prototxt format, i.e., a plurality of original model files with different file formats are obtained; the general PTH file obtained by training the pytorch framework is the original model file with a file format; other different training frames can be uniformly converted into files in onnx format to be stored as a general deep learning model, when the model to be encrypted corresponds to a plurality of original model files, the plurality of original model files are spliced and then are regarded as the same file, the method can be applied to encryption, and the models to be encrypted obtained through training by different training frames are converted into target encryption models in the redefined model template format.
It can be understood that the target encryption model finally obtained by any model to be encrypted corresponds to the same redefined model template format, so that the encrypted template has better compatibility, the target encryption model with a uniform format can be transmitted in a uniform mode, the probability of model tampering in the transmission process is reduced, and the data integrity of the encrypted model is improved.
According to the scheme, the original model file included in the model to be encrypted and the redefined model template corresponding to the model to be encrypted are obtained, wherein the redefined model template comprises a model header area and a file area, so that the redefined model template is compatible with the models to be encrypted obtained after training of different training frameworks, the original model file is checked to obtain first check information corresponding to the original model file, the first check information is added to the model header area so as to be convenient for obtaining the first check information for verification in decryption, the file encryption mode matched with the original model file is determined, the original model file is encrypted by utilizing the file encryption mode matched with the original model file to obtain an encrypted model file, the second check information corresponding to the encrypted model file is obtained by checking the encrypted model file, the file encryption mode and the second check information are added to the model header area so as to be convenient for obtaining the file encryption mode for reverse decryption in decryption, the probability that data errors of the encrypted models are still used in decryption is reduced through double verification of the two check information, the encrypted models are added to the encrypted file is more well as the encrypted file is encrypted in the unified model, the encrypted file can be encrypted in the unified model corresponding to the target area, the target model can be encrypted, the target model can be encrypted has a uniform, and has a uniform encryption format, and can be obtained, the probability of the model being tampered in the transmission process is reduced, and the data integrity of the encrypted model is improved.
Referring to fig. 2, fig. 2 is a flow chart illustrating another embodiment of the encryption method according to the model of the present application, the method includes:
s201: and obtaining an original model file and a redefined model template corresponding to the model to be encrypted, wherein the redefined model template comprises a model head area and a file area.
Specifically, the to-be-encrypted model is obtained after training based on any training frame, and the number of the to-be-encrypted model files obtained after training of different training frames corresponds to the number of the to-be-encrypted model files, so that the number of the to-be-encrypted model files corresponding to part of the to-be-encrypted model files is one, and the number of the to-be-encrypted model files corresponding to part of the to-be-encrypted model files is a plurality of. Therefore, after the model to be encrypted is obtained, all original model files corresponding to the model to be encrypted are obtained.
Further, redefined model templates corresponding to the models to be encrypted are obtained, the models to be encrypted obtained through training of different training frameworks correspond to the same redefined model templates, therefore, the finally obtained encrypted models of the models to be encrypted through training of different training frameworks correspond to the same format, training frameworks corresponding to the original models to be encrypted cannot be distinguished, and accordingly safety of the encrypted models is improved.
S202: and checking the original model file to obtain first check information, and adding the first check information to the model header area.
Specifically, the model to be encrypted includes at least one original model file, each original model file corresponds to a respective grade to be encrypted, and when the original model files are verified, each original model file can be verified independently or can be verified together with the original model files with the same grade to be encrypted.
In an application mode, obtaining the grades to be encrypted corresponding to all original model files corresponding to the models to be encrypted; splicing and checking the original model files with the same level to be encrypted to obtain at least one piece of first check information; at least one first verification information is added to the model header area.
Specifically, when the number of the original model files corresponding to the to-be-encrypted model is one, obtaining encryption levels of the original model files, and checking the original model files to obtain first check information, when the number of the original model files corresponding to the to-be-encrypted model is multiple, obtaining the to-be-encrypted levels corresponding to all the original model files, and when the to-be-encrypted levels corresponding to all the original model files are the same, splicing and checking all the original model files with the same to-be-encrypted level to obtain first check information.
It can be understood that when the number of the original model files corresponding to the to-be-encrypted model is multiple, the to-be-encrypted grades corresponding to all the original model files are obtained, when at least part of the to-be-encrypted grades corresponding to the original model files are different from each other, the original model files with the same to-be-encrypted grade are spliced and checked respectively, and multiple first check information is obtained, so that the multiple original model files are encrypted respectively by using different to-be-encrypted grades, and the original model files with the same to-be-encrypted grade are checked together during checking, thereby improving the efficiency.
Further, referring to fig. 3, fig. 3 is a schematic structural diagram of an embodiment corresponding to a redefined model template of the present application, after at least one first check information is obtained, if the redefined model template does not include an extra information area, all the first check information is added to a model header area, if the redefined model template includes the extra information area, a part of the first check information can be selected to be added to the model header area, occupation of the model header area is reduced, and all the first check information is added to the extra information area.
S203: determining a file encryption mode matched with the original model file, encrypting the original model file by using the file encryption mode to obtain an encrypted model file, checking the encrypted model file to obtain second check information, and adding the file encryption mode and the second check information to a model header area.
Specifically, the model to be encrypted includes at least one original model file, each original model file corresponds to a respective level to be encrypted, and each level to be encrypted corresponds to a file encryption mode for encrypting the original model file.
It can be understood that, corresponding to the application manner in the step S202, a file encryption manner matched with the original model file is determined, the original model file is encrypted by using the file encryption manner to obtain an encrypted model file, the encrypted model file is checked to obtain second check information, and the file encryption manner and the second check information are added to the model header area, including: determining a file encryption mode matched with the original model file from a plurality of preset encryption modes based on the to-be-encrypted grade aiming at each original model file, and obtaining at least one file encryption mode; the model file is divided into a plurality of file segments by a part of preset encryption modes to be encrypted respectively; encrypting the original model file by using a file encryption mode matched with the original model file to obtain an encrypted model file composed of at least one file segment; splicing and checking the encryption model files with the same level to be encrypted to obtain at least one piece of second checking information; at least one file encryption mode and at least one second check information are added to the model header area.
Specifically, a plurality of preset encryption modes are predefined, a part of the preset encryption modes divide a model file into a plurality of file segments to be encrypted respectively, the plurality of preset encryption modes correspond to respective protection levels, the protection levels are related to the complexity of an encryption algorithm adopted by the preset encryption modes, one preset encryption mode or a plurality of encryption modes are selected from the plurality of preset encryption modes to be combined based on the level to be encrypted, and a file encryption mode matched with an original model file is determined to obtain at least one file encryption mode.
Further, the original model file is encrypted by using a file encryption mode matched with the original model file, when the file encryption mode does not need to divide the original model file into a plurality of file segments, the whole original model file is encrypted as a complete file segment, and when the file encryption mode needs to divide the original model file into a plurality of file segments, the whole original model file is divided into a plurality of file segments to be encrypted. Thus, each original model file is encrypted to obtain an encrypted model file composed of at least one file segment.
It can be understood that, corresponding to the above application manner, when the number of the original model files corresponding to the to-be-encrypted model is one, checking the encrypted model files to obtain a second check information, when the number of the original model files corresponding to the to-be-encrypted model is multiple and the to-be-encrypted grades corresponding to all the original model files are the same, according to the same sequence as that when the original model files are spliced, splicing the encrypted model files with the same grade to be encrypted and checking to obtain a second check information, when the number of the original model files corresponding to the to-be-encrypted model is multiple and at least some of the to-be-encrypted grades corresponding to the original model files are different from each other, and according to the same sequence as that when the original model files are spliced, splicing the encrypted model files with the same grade to be encrypted and checking to obtain multiple second check information.
Further, referring to fig. 3 again, after at least one second verification information is obtained, if the redefined model template does not include the extra information area, all the second verification information is added to the model header area, if the redefined model template includes the extra information area, part of the second verification information can be selected to be added to the model header area, occupation of the model header area is reduced, and all the second verification information is added to the extra information area.
Optionally, the preset encryption mode at least includes string confusion, exclusive-or encryption and segment encryption, where the string confusion is to mix up the model structure by replacing a fixed string with other random strings, the exclusive-or encryption is to operate the fixed encrypted string and the original file to generate a new model file, the segment encryption is implemented in a stepwise encryption mode, and the model file is divided into at least two file segments and encrypted in different encryption modes. In addition, the preset encryption mode in other application scenes can be various conventional encryption algorithms, which is not particularly limited in the application.
In an application scene, when the number of original model files corresponding to the to-be-encrypted model is multiple, all the original model files correspond to at least two to-be-encrypted grades, each to-be-encrypted grade corresponds to one check information set, and the check information set comprises first check information, second check information and a file encryption mode which are mutually corresponding; the model head area comprises a check information set, the redefined model template further comprises an extra information area, and all check information sets are included in the extra information area.
Specifically, when the number of the original model files corresponding to the model to be encrypted is equal, at least part of the grades to be encrypted corresponding to the original model files are different from each other, so that a stepwise encryption mode is adopted, the condition that all files are exposed after being cracked in one encryption mode is avoided, and the safety of the encrypted model is improved.
Further, referring to fig. 3 again, the redefined model template further includes an extra information area, each level to be encrypted corresponds to a check information set, the check information sets include first check information, second check information and a file encryption mode which correspond to each other, wherein one check information set is added in the model header area, and all check information sets are added in the extra information area, so that when the encrypted model is obtained, decryption can be started by obtaining one check information set from the model header area, decryption efficiency is improved, and a complete check information set can be obtained from the extra information area, so that decryption integrity is ensured.
Optionally, the extra information area is further added with an offset address of the extra information area, a size of the original model file, and a size of the encrypted model file.
In an implementation scenario, the plurality of optional encryption modes correspond to optional encryption levels with sequentially increasing levels, wherein the optional encryption modes correspond to one preset encryption mode or a combination of multiple preset encryption modes, and the optional encryption levels represent complexity of the encryption modes. That is, a single preset encryption scheme or a combination of a plurality of preset encryption schemes is used as the optional encryption scheme, each of which corresponds to an optional encryption level according to the complexity of the encryption scheme, the optional encryption level being used as a selection item matching with the level to be encrypted.
It should be noted that, determining, based on the level to be encrypted, a file encryption mode matching the original model file from a plurality of preset encryption modes includes: obtaining a grade to be encrypted corresponding to an original model file, and matching the grade to be encrypted with an optional encryption grade; the optional encryption grade matched with the grade to be encrypted is a matched encryption grade; responding to the obtained matching encryption grade, and taking an encryption mode corresponding to the matching encryption grade as a file encryption mode matched with the model to be encrypted; and generating an extended encryption mode based on at least two preset encryption modes in response to the matching encryption level not being obtained, taking the extended encryption mode as a file encryption mode matched with the model to be encrypted, and updating the extended encryption mode into an optional encryption mode.
Specifically, when the to-be-encrypted grade corresponding to the original model file is obtained, matching the to-be-encrypted grade with the current optional encryption grade, if the matched encryption grade is obtained, taking an encryption mode corresponding to the matched encryption grade as a file encryption mode matched with the to-be-encrypted model, if the matched encryption grade is not obtained, selecting at least two preset encryption modes from all preset encryption modes based on all the current optional encryption modes to be combined, generating an extended encryption mode with complexity higher than that of all the current optional encryption modes, taking the extended encryption mode as the file encryption mode matched with the to-be-encrypted model, and improving the matching degree of the file encryption mode and the to-be-encrypted grade.
Further, the extended encryption mode is updated to be an optional encryption mode, so that the subsequent use is facilitated.
Optionally, each optional encryption mode corresponds to a respective encryption identifier, and when the optional encryption mode is selected as the file encryption mode, the file encryption mode added in the redefined model template is represented by the encryption identifier.
S204: and sequentially adding each file segment corresponding to all the encryption model files to a segment data area, sequentially adding segment index information corresponding to each file segment corresponding to all the encryption model files to a segment information area to obtain a filled redefined model template, wherein the file area comprises a segment information area and at least one segment data area, and the encryption model file comprises at least one file segment.
Specifically, referring to fig. 3 again, the segment data area includes a segment indication area and a data filling area, the file segment is added in the data filling area, the segment index information characterizes a position of the segment data area corresponding to the file segment, the segment indication area includes data index information, and the data index information characterizes a position of the data filling area in the segment data area.
It can be understood that the encryption model file corresponding to each original model file comprises at least one file segment, each file segment is stored respectively, so that the storage precision of the file segments can be improved, the multiple original model files or the scene that any encryption model file is divided into multiple file segments is adapted, the compatibility of redefined model templates is improved, when the to-be-encrypted model comprises the multiple original model files, the multiple original model files are uniformly protected in the redefined model templates, and the error probability is reduced.
Further, the segment index information in the segment information area can be accurately positioned to the segment data area corresponding to the file segment, the segment data area comprises a segment indication area and a data filling area, the data filling area is used for accommodating a specific file segment, the segment index information in the segment indication area can be accurately positioned to the data filling area in the segment data area, and the storage precision of the file segment is improved.
S205: and generating a target encryption model corresponding to the model to be encrypted based on the filled redefined model template.
Specifically, a filled redefined model template is obtained, supplemental information is determined to be added to a model head area based on the filled redefined model template, and a target encryption model corresponding to the model to be encrypted is generated.
In an application mode, obtaining the number of segments corresponding to all file segments, and model identification information and model size information corresponding to the filled redefined model template, and adding the model identification information, the model size information and the number of segments to a model head area to generate a target encryption model corresponding to the model to be encrypted; the model identification information comprises an identification header and version information, the identification header characterizes the target encryption model as an encrypted model, the version information characterizes the format version of redefined model templates, the model size information comprises a model header size and a target total size, the model header size characterizes the size of a model header area, and the target total size characterizes the size of the target encryption model.
Specifically, the identification header is used for indicating that the file is in a protected model file format, the version information is used for recording the format version of the redefined model template, the format version of the redefined model template is related to byte definitions of a model header area, a file area and an extra information area, the model header size represents the byte size occupied by the information section of the model header area, the target total size represents the byte size occupied by the whole encrypted model file, and the number of segments represents the corresponding number of all file segments, so that the various types of information are added in the model header area as supplementary information, whether the model file is encrypted or not is conveniently distinguished, more information can be obtained in the decryption process, and the probability of errors in the decryption stage is reduced.
In this embodiment, the encrypted models obtained by training the models to be encrypted by different training frameworks correspond to the same format, and when the models to be encrypted correspond to a plurality of original model files, the file encryption mode matched with the original model files is determined from a plurality of preset encryption modes according to the levels to be encrypted corresponding to the original model files, so that the plurality of original model files are uniformly protected in redefined model templates, and the error probability is reduced.
Referring to fig. 4, fig. 4 is a flow chart illustrating an embodiment of a decryption method according to the model of the present application, the method includes:
s401: and obtaining a target encryption model to be decrypted, and obtaining first verification information and second verification information from a model head area of the target encryption model.
Specifically, the target encryption model is obtained based on the method in any of the above embodiments, which is not described in detail in this application. After the target encryption model to be decrypted is obtained, the first check information and the second check information are extracted from a model head area of the target encryption model so as to facilitate subsequent comparison.
S402: and acquiring an encryption model file from the file area of the target encryption model, checking, obtaining first verification information and comparing the first verification information with second verification information.
Specifically, an encryption model file is extracted from a file area of a target encryption model, and verification is performed on the encryption model file, so that first verification information is obtained.
Further, the first verification information and the second verification information are compared, and the subsequent steps are executed only when the comparison result is that the first verification information is consistent with the second verification information.
S403: and responding to the first verification information and the second verification information to be consistent, acquiring a file encryption mode of the encryption model file from a model header area of the target encryption model, and decrypting the encryption model file by using a file decryption mode corresponding to the file encryption mode to obtain a reference decryption file.
Specifically, when the first verification information is consistent with the second verification information, a file encryption mode of the encryption model file is extracted from a model header area of the target encryption model, a file decryption mode corresponding to the file encryption mode is determined, and the encryption model file is decrypted by using the file decryption mode, so that a reference decryption file is obtained.
S404: and checking the reference decryption file to obtain second verification information and comparing the second verification information with the first verification information.
Specifically, the reference decryption file is checked to obtain second verification information, so that the second verification information is compared with the first verification information.
It can be understood that the subsequent steps are only executed when the comparison result is that the second verification information is consistent with the first verification information, so that the probability that the encrypted model is used for decryption after data errors is reduced through double verification of the two verification information in the decryption stage.
S405: and in response to the second verification information being consistent with the first verification information, taking the reference decryption file as a target decryption file.
Specifically, when the second verification information is consistent with the first verification information, the reference decryption file is used as the target decryption file, so that the error probability of the target decryption file is reduced, and the data integrity of the target decryption file is improved.
In this embodiment, the first verification information and the second verification information are obtained from the model header area, the encrypted model file is verified to obtain the first verification information, the encrypted model file is decrypted only when the first verification information is consistent with the second verification information, the reference decryption file is obtained, the reference decryption file is further verified to obtain the second verification information, the reference decryption file is used as the target decryption file only when the second verification information is consistent with the first verification information, the error probability of the target decryption file is reduced, and the data integrity of the target decryption file is improved.
Referring to fig. 5, fig. 5 is a schematic structural diagram of an embodiment of an encryption device according to the present application, where the encryption device 50 includes an input unit 500, a processing unit 502 and an output unit 504, the input unit 500 is configured to receive an original model file corresponding to a model to be encrypted, the processing unit 502 includes a memory 5020 and a processor 5022 that are coupled to each other, where the memory 5020 stores program data, and the processor 5022 invokes the program data to execute the method in any embodiment, and the description of the related content is omitted herein. The output unit 504 is configured to output a target encryption model corresponding to the model to be encrypted.
It can be understood that the input unit 500 is used for receiving the input original model file of the model to be encrypted, which is a repository of the model to be encrypted that needs to be protected. The processing unit 502 is a processing logic unit for model protection, the memory 5020 further stores a plurality of different encryption modes and encryption modes, and the processor 5022 may include a collection module (not labeled) and a format redefinition module (not labeled), where the collection module is mainly used to process the data integrity of the model files before and after encryption, and collect the model basic information such as the size and the function of the files when protecting the model of the multi-algorithm file, and is used for assisting in data integrity verification. The format redefinition module is mainly used for defining and expanding the encrypted model format and ensuring the uniqueness and the integrity of the protected model. The output unit 504 is configured to output the protected target encryption model, which is an output port of the final result.
Referring to fig. 6, fig. 6 is a schematic structural diagram of an embodiment of a computer readable storage medium 60 of the present application, where the computer readable storage medium 60 stores program data 600, and when the program data 600 is executed by a processor, the method in any embodiment is implemented, and details of the related content are described in the embodiment of the method, which will not be described herein.
The units described as separate units may or may not be physically separate, and units displayed as units may or may not be physical units, may be located in one place, or may be distributed over a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the embodiment.
In addition, each functional unit in each embodiment of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be embodied essentially or in part or all or part of the technical solution contributing to the prior art or in the form of a software product stored in a storage medium, including several instructions to cause a computer device (which may be a personal computer, a server, or a network device, etc.) or a processor (processor) to perform all or part of the steps of the methods of the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The foregoing description is only of embodiments of the present application, and is not intended to limit the scope of the patent application, and all equivalent structures or equivalent processes using the descriptions and the contents of the present application or other related technical fields are included in the scope of the patent application.
Claims (10)
1. A method of model encryption, the method comprising:
obtaining an original model file and redefined model template corresponding to a model to be encrypted; the redefined model template comprises a model head area and a file area;
checking the original model file to obtain first check information, and adding the first check information to the model head area;
determining a file encryption mode matched with the original model file, encrypting the original model file by using the file encryption mode to obtain an encrypted model file, checking the encrypted model file to obtain second check information, and adding the file encryption mode and the second check information into the model header area;
and adding the encryption model file into the file area to obtain a target encryption model corresponding to the to-be-encrypted model.
2. The method for encrypting a model according to claim 1, wherein the model to be encrypted includes at least one of the original model files, the verifying the original model files to obtain first verification information, and adding the first verification information to the model header area includes:
acquiring all the grades to be encrypted corresponding to the original model files corresponding to the models to be encrypted;
splicing and checking the original model files with the same grade to be encrypted to obtain at least one piece of first check information;
at least one of the first verification information is added to the model header area.
3. The method for encrypting a model according to claim 2, wherein the determining a file encryption manner in which the original model file matches, encrypting the original model file using the file encryption manner to obtain an encrypted model file, and verifying the encrypted model file to obtain second verification information, and adding the file encryption manner and the second verification information to the model header area includes:
determining a file encryption mode matched with the original model file from a plurality of preset encryption modes based on the grade to be encrypted for each original model file to obtain at least one file encryption mode; the model file is divided into a plurality of file segments by a part of the preset encryption mode to be encrypted respectively;
Encrypting the original model file by using a file encryption mode matched with the original model file to obtain the encrypted model file composed of at least one file segment;
splicing and checking the encryption model files with the same grade to be encrypted to obtain at least one piece of second checking information;
adding at least one of the file encryption modes and at least one of the second verification information to the model header area.
4. A model encryption method according to claim 3, wherein when the number of the original model files corresponding to the model to be encrypted is plural, all the original model files correspond to at least two levels to be encrypted, each level to be encrypted corresponds to a set of check information including the first check information, the second check information, and the file encryption mode that correspond to each other;
the redefined model template further comprises an extra information area, and all the check information sets are included in the extra information area.
5. A model encryption method according to claim 3, wherein the plurality of alternative encryption modes correspond to alternative encryption levels with sequentially increasing levels; wherein the selectable encryption mode corresponds to one preset encryption mode or a combination of a plurality of preset encryption modes, and the selectable encryption level represents the complexity of the encryption mode;
The determining the file encryption mode matched with the original model file from a plurality of preset encryption modes based on the to-be-encrypted grade comprises the following steps:
obtaining a grade to be encrypted corresponding to the original model file, and matching the grade to be encrypted with the optional encryption grade; wherein the optional encryption level matched with the level to be encrypted is a matched encryption level;
responding to the obtained matched encryption grade, and taking an encryption mode corresponding to the matched encryption grade as a file encryption mode matched with the model to be encrypted;
and generating an extended encryption mode based on at least two preset encryption modes in response to the matching encryption level not being obtained, taking the extended encryption mode as a file encryption mode matched with the to-be-encrypted model, and updating the extended encryption mode into the optional encryption mode.
6. The model encryption method according to any one of claims 1 to 5, wherein the file area includes a segment information area and at least one segment data area, and the encryption model file includes at least one file segment;
the step of adding the encryption model file to the file area to obtain a target encryption model corresponding to the to-be-encrypted model, including:
Sequentially adding each file segment corresponding to all the encryption model files to the segment data area, sequentially adding segment index information corresponding to each file segment corresponding to all the encryption model files to the segment information area, and obtaining the filled redefined model template;
generating a target encryption model corresponding to the model to be encrypted based on the filled redefined model template;
the segmented data area comprises a segmented indication area and a data filling area, the file segments are added in the data filling area, the segmented index information represents the positions of the segmented data areas corresponding to the file segments, the segmented indication area comprises data index information, and the data index information represents the positions of the data filling areas in the segmented data area.
7. The method for encrypting a model according to claim 6, wherein generating a target encryption model corresponding to the model to be encrypted based on the filled redefined model template comprises:
obtaining the number of segments corresponding to all the file segments, and model identification information and model size information corresponding to the filled redefined model template, and adding the model identification information, the model size information and the number of segments to the model head area to generate a target encryption model corresponding to the model to be encrypted;
The model identification information comprises an identification header and version information, the identification header represents that the target encryption model is an encrypted model, the version information represents a format version of the redefined model template, the model size information comprises a model header size and a target total size, the model header size represents the size of the model header area, and the target total size represents the size of the target encryption model.
8. A method of model decryption, the method comprising:
obtaining a target encryption model to be decrypted, and obtaining first check information and second check information from a model head area of the target encryption model; wherein the target encryption model is obtained based on the method of any one of claims 1-7;
obtaining an encryption model file from a file area of the target encryption model, checking the encryption model file to obtain first verification information, and comparing the first verification information with the second verification information;
responding to the first verification information and the second verification information to be consistent, acquiring a file encryption mode of the encryption model file from a model header area of the target encryption model, and decrypting the encryption model file by using a file decryption mode corresponding to the file encryption mode to obtain a reference decryption file;
Checking the reference decryption file to obtain second verification information and comparing the second verification information with the first verification information;
and taking the reference decryption file as a target decryption file in response to the second verification information being consistent with the first verification information.
9. An encryption apparatus, comprising: the system comprises an input unit, a processing unit and an output unit which are connected with each other, wherein the input unit is used for receiving an original model file corresponding to a model to be encrypted, the processing unit comprises a memory and a processor which are mutually coupled, wherein the memory stores program data, the processor calls the program data to execute the method according to any one of claims 1-7, and the output unit is used for outputting a target encryption model corresponding to the model to be encrypted.
10. A computer readable storage medium having stored thereon program data, which when executed by a processor implements the method of any of claims 1-7 or 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311162414.XA CN117371002A (en) | 2023-09-08 | 2023-09-08 | Model encryption method, model decryption method, encryption device, and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311162414.XA CN117371002A (en) | 2023-09-08 | 2023-09-08 | Model encryption method, model decryption method, encryption device, and readable storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117371002A true CN117371002A (en) | 2024-01-09 |
Family
ID=89395297
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311162414.XA Pending CN117371002A (en) | 2023-09-08 | 2023-09-08 | Model encryption method, model decryption method, encryption device, and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117371002A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117828649A (en) * | 2024-03-06 | 2024-04-05 | 天津帕克耐科技有限公司 | Micro data center system |
-
2023
- 2023-09-08 CN CN202311162414.XA patent/CN117371002A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117828649A (en) * | 2024-03-06 | 2024-04-05 | 天津帕克耐科技有限公司 | Micro data center system |
| CN117828649B (en) * | 2024-03-06 | 2024-05-28 | 天津帕克耐科技有限公司 | Micro data center system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10778441B2 (en) | Redactable document signatures | |
| US10922435B2 (en) | Image encryption method, image viewing method, system, and terminal | |
| US20170331635A1 (en) | System and method for file time-stamping using a blockchain network | |
| CN100547590C (en) | DPS (Document Processing System) | |
| US20120096564A1 (en) | Data integrity protecting and verifying methods, apparatuses and systems | |
| US7158892B2 (en) | Genomic messaging system | |
| CN1979478B (en) | File processing system and file processing method | |
| CN1979511B (en) | File data safety management system and method | |
| CN111131278A (en) | Data processing method and device, computer storage medium and electronic equipment | |
| CN117371002A (en) | Model encryption method, model decryption method, encryption device, and readable storage medium | |
| CN112949275B (en) | Method, device, equipment and storage medium for importing electronic form into database | |
| CN110929291A (en) | Method and device for accessing text file and computer readable storage medium | |
| CN103890734A (en) | Telemetry file hash and conflict detection | |
| CN113065169A (en) | File storage method, device and equipment | |
| CN114253484B (en) | Big data cloud storage server | |
| CN107171808A (en) | A kind of verification method and device of electronic record authenticity | |
| US11354427B2 (en) | Encrypting/decrypting method for multi-digit number and encrypting/decrypting server | |
| CN112635008A (en) | Medical examination report generation method based on digital signature | |
| CN111400771A (en) | Target partition checking method and device, storage medium and computer equipment | |
| CN115828322A (en) | Method and device for verifying integrity of data storage, electronic equipment and storage medium | |
| CN112614557A (en) | Electronic medical record encryption archiving method | |
| CN111740817A (en) | Code tampering detection method and system for concentrator in electric power data acquisition system | |
| CN1979479B (en) | File processing system and file processing method | |
| CN114697119B (en) | Data checking method, device, computer readable storage medium and electronic equipment | |
| CN115827940B (en) | Method and device for archiving electronic files, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |