Abstract: The present disclosure provides a method for interconnecting a data lake and a relational database, including the following steps: S1: adding a data source class of a relational database to a data lake; S2: matching and using, by the data lake, a data source class of the relational database; and S3: determining and loading a corresponding driver according to the data source class, so as to connect the corresponding relational database. By cascading a data source registering configuration file, a relational database configuration file and a driver package catalog in a parameter passing method, when the data lake is started, a specific database to be used is designated unnecessarily, but a corresponding database is used directly. The configuration file is also traversed unnecessarily, but the user acquires configuration information as required in the parameter passing method.

Abstract: The present invention discloses a method for protecting a deep learning model based on confidential computing. In this solution, a use process of a deep learning model is divided into two stages: Data preprocessing and inference. At the data preprocessing stage, a data preprocessing model is mainly used to process inference data of an authorized user. The data preprocessing model is a lightweight processing module, which occupies less computing resources, and the data preprocessing model is deployed in a confidential computing environment. At the inference stage, an inference model is used to perform inference on preprocessed data, and the inference model is deployed in a common computing environment. In the entire process, copyright attestation of the deep learning model can be implemented without affecting inference accuracy of the model, and the infringement of the model copyright can be effectively resisted through model forgery, transfer learning, knowledge distillation, and the like.

Abstract: A method for encrypting and decrypting data across domains based on privacy computing is provided. A data provider deploys a base key for a data user in advance, and when the data user needs to use the data at a later stage, the data provider generates a data token about a data key based on the base key, and then transmits encrypted data and the data token to the data user. The user obtains the data key based on its own base key in a privacy environment according to the data token, and uses the data key in the privacy environment to realize use of the encrypted data. A transmission process does not involve transmission of the key; therefore, even if a transmission channel is not secure, security of the data can still be ensured, and even if private data is used, the data itself cannot be obtained.

Abstract: The present disclosure provides a high-performance data lake system and a data storage method. The data storage method includes the following steps: S1: converting a file into a file stream; S2: converting the file stream into an array in which multiple subarrays are nested; and S3: converting the array into a resilient distributed dataset (RDD), and storing the RDD to a storage layer of a data lake. The present disclosure provides a nested field structure, which lays the foundation for parallel processing in reading, and effectively improves read performance. Furthermore, the present disclosure flexibly generates a number of nested subarrays according to hardware cores, such that the data lake achieves better extension performance, and can keep optimal writing efficiency for different users.

Abstract: Disclosed is a multi-source encrypted image retrieval method based on federated learning and secret sharing, including the following steps: S1. performing model training on a convolutional neural network of double cloud platforms based on federated learning, with an image owner joining the double cloud platforms as a coalition member; and S2. completing, by an authorized user, encrypted image retrieval based on additive secret sharing with the assistance of the double cloud platforms. The present disclosure provides a multi-source encrypted retrieval scheme based on federated learning and secret sharing, which simplifies the neural network model structure for retrieval by using federated learning, to obtain better network parameters. Better neural network parameters and a more simplified network model structure are achieved by compromising overheads on the image owner side, such that a better convolutional neural network can be used in encrypted image retrieval.

Abstract: A new method for trusted data decryption is disclosed. A data user provides a public key Pk of an encryption key generation algorithm G. A data provider calculates an encryption key K based on an application A, a device C, and a token T by using G, encrypts a data set D by using K, encrypts G by using Pk to obtain Ge, and transmits ED and Ge to the data user. The data user can obtain a private key generation algorithm G? by using a locally stored private key Ps, and measures, in a trusted execution environment, the application A and the device C that request data to obtain MA? and CID?, calculates an encryption key K? based on MA?, CID? and a user-input token T by using G?, and decrypts ED by using K?. If K?=K, the decryption succeeds, and data D is obtained; otherwise, the decryption fails.

Abstract: The present disclosure provides a remote host monitoring method based on chip-level privacy-preserving computation (PPC), including: S1: allowing monitoring software in a user-side host to start in a chip-level trusted execution environment (TEE); S2: determining whether the user-side host locally stores valid private data, directly going to step S4 if yes, or otherwise, going to step S3; S3: establishing a secure connection with a supervisor and capturing private data; and S4: allowing monitoring software running in the TEE to execute a related monitoring instruction based on the private data, encrypting and signing a monitoring result, and transmitting the monitoring result to the supervisor. The present disclosure ensures validity, tamper resistance and security of monitoring information of the user with a TEE based on PCC, encrypts and signs the monitoring information based on an encryption key and a signature key of the supervisor, can locally store the monitoring information.

Abstract: The present disclosure provides a high-performance data lake system and a data storage method. The data storage method includes the following steps: S1: converting a file into a file stream; S2: converting the file stream into an array in which multiple subarrays are nested; and S3: converting the array into a resilient distributed dataset (RDD), and storing the RDD to a storage layer of a data lake. The present disclosure provides a nested field structure, which lays the foundation for parallel processing in reading, and effectively improves read performance. Furthermore, the present disclosure flexibly generates a number of nested subarrays according to hardware cores, such that the data lake achieves better extension performance, and can keep optimal writing efficiency for different users.

Abstract: The present disclosure provides a remote host monitoring method based on chip-level privacy-preserving computation (PPC), including: S1: allowing monitoring software in a user-side host to start in a chip-level trusted execution environment (TEE); S2: determining whether the user-side host locally stores valid private data, directly going to step S4 if yes, or otherwise, going to step S3; S3: establishing a secure connection with a supervisor and capturing private data; and S4: allowing monitoring software running in the TEE to execute a related monitoring instruction based on the private data, encrypting and signing a monitoring result, and transmitting the monitoring result to the supervisor. The present disclosure ensures validity, tamper resistance and security of monitoring information of the user with a TEE based on PCC, encrypts and signs the monitoring information based on an encryption key and a signature key of the supervisor, can locally store the monitoring information.