Abstract: Examples in this application disclose data recording methods, media, and systems. One example method includes receiving an access request for target data from a data user, obtaining the target data from a data owner, generating a blockchain transaction based on the target data, transmitting the blockchain transaction to a blockchain node, where the blockchain node performs a transaction consensus with remaining blockchain nodes, stores the blockchain transaction in the blockchain upon the transaction consensus is reached, and generates index information for the blockchain transaction when the data user is determined to have an access permission to the target data, receiving the index information from the blockchain node, where the index information is used to generate a request transaction to obtain the blockchain transaction or the target data from the blockchain, and sending the target data or the index information to the data user.

Abstract: Computer-implemented methods, apparatuses and systems for obtaining data authorization are described. In an example method, a first computing node in a trusted computing center receives an authentication request from a first provider. Authentication information is returned to the first provider, where the authentication information comprises a first code hash of a first computing logic running in the first computing node. A channel establishment request sent by the first provider is received after determining that the first computing node passes trusted authentication and the first code hash passes correctness verification. A first trusted channel is established between the first provider and the first computing node according to the channel establishment request. A target encryption key is received through the first trusted channel, thereby authorization to perform computation on a target encrypted shard corresponding to the target encryption key based on the first computing logic is obtained.

Abstract: Computer-implemented methods, apparatus, and systems for data storage and data query are described. During data storage, the number of neighboring graph nodes in each starting graph node in directed graph graph data to be stored is determined, and a data storage mode is determined according to the number of neighboring graph nodes. When the data storage mode is not an ultra-large node data storage, node data, neighbor information, outgoing edge index feature information, and outgoing edge data of the starting graph node are stored in the same data fragment. When the data storage mode is an ultra-large node data storage, node data, neighbor information, outgoing edge index feature range information, and outgoing edge data are stored in a starting graph node data fragment, and the outgoing edge data and outgoing edge data storage address information of the starting graph node are stored in at least two outgoing edge data fragments.

Abstract: This specification discloses model running methods, apparatuses, computer-readable storage media and systems. In an example method, an original model is split to obtain a basic model and a trusted execution environment (TEE) model; and data of the basic model and data of the TEE model are delivered to a terminal device, so that a rich execution environment (REE) in the terminal device runs the data of the basic model, and a TEE in the terminal device runs the data of the TEE model.

Abstract: Embodiments of this specification provide distributed data processing methods, apparatuses, and devices. One method includes: determining an active vertex set that currently participates in data processing in target graph data, in response to determining that an external memory of a first distributed node stores an active vertex in the active vertex set, determining, from a plurality of predetermined data processing modes, a target data processing mode that matches the active vertex set, determining, based on the target data processing mode, a to-be-updated vertex according to the association relationship with the active vertex, and sending, based on first data of the active vertex in the external memory, a first update message to a target distributed node in which the to-be-updated vertex is located.

Abstract: Embodiments of this specification provide multi-party data query methods and apparatuses for data privacy protection. One implementation of the methods includes obtaining, from each of a plurality of data owners, attribute value ciphertexts of N target objects to form a ciphertext table, disordering the ciphertext table in units of rows to obtain a disordered table, sorting, in response to a query instruction of querying sorting-related data for a target attribute item in the plurality of attribute items, attribute value ciphertexts corresponding to the target attribute item in the disordered table to obtain a target sorted table, and obtaining the sorting-related data as a query result based on the target sorted table.

Abstract: This specification provide example Java bytecode injection methods, apparatuses and machine-readable storage media, which can be applied to a Javaagent framework deployed in a Java virtual machine. In an example, a to-be-injected Java bytecode submitted by a target service module in at least one service module is obtained, and a target implementation class corresponding to the to-be-injected Java bytecode is determined. A target injection point type corresponding to the target implementation class is determined, and the target injection point type is respectively matched with mapping relationships maintained in the Java virtual machine to determine a target injection mode corresponding to the target injection point type. A globally unique class transformer is invoked so that the class transformer injects, based on the target injection mode, the Java bytecode into a class file that corresponds to the target service module and that is to be loaded by the Java virtual machine.

Abstract: This specification discloses a container quantity adjustment method and apparatus for an application. One method includes: determining historical data of an application, predicting traffic distribution of the application within a predetermined duration based on the historical data by using a pre-trained traffic prediction model, predicting container quantity distribution of the application within the predetermined duration based on the traffic distribution and a predetermined target utilization of a container by using a pre-trained quantity prediction model, and adjusting a container quantity of the application at each of a plurality of predetermined moments within the predetermined duration based on the container quantity distribution.

Abstract: Embodiments of this specification provide methods and apparatuses for performing model ownership verification based on an exogenous feature. An implementation of the methods includes: selecting initial samples from an initial sample set to form a selected sample set, processing sample data of the initial samples to obtain transform samples that form a transform sample set, training a meta-classifier based on a target model, an auxiliary model, and the transform sample set, inputting data associated with a suspicious model into the meta-classifier, and determining, based on an output result of the meta-classifier, whether the suspicious model is stolen from a deployment model, wherein the deployment model has feature knowledge of the exogenous feature.

Abstract: Embodiments of this specification provide methods and apparatuses for data privacy protection. An embodiment of the methods comprises receiving, by a first party from a second party, an encrypted integrated vector, determining an encrypted result vector based on the original matrix and the encrypted integrated vector, determining a data processing result based on the encrypted result vector, and sending the data processing result to the second party for the second party to obtain a multiplication calculation result of the original matrix and the n original vectors based on the data processing result.

Abstract: Embodiments of this specification provide methods, apparatuses systems, and computer-readable media for data privacy-preserving training of a service prediction model. In an example training process, a member device performs prediction by using the service prediction model and object feature data held by the member device, and determines, by using a prediction result, update parameters used to update model parameters, where the update parameters include sub-parameters for computational layers of the service prediction model; and divides the computational layers into first-type and second-type computational layers using the sub-parameters; and performs privacy processing on sub-parameters of the first-type computational layers, and outputs processed sub-parameters. Processed sub-parameters of member devices can be aggregated into aggregated sub-parameters.

Abstract: A computer-implemented system for encoding includes an encoding layer and at least one joint encoding unit. The encoding layer encodes a received first modal initial feature vector and a received second modal initial feature vector, to generate, respectively, a first modal feature vector and a second modal feature vector, joint encoded by the at least one joint encoding unit, where the at least one joint encoding unit includes an encoding module and a modal input switching module. The modal input switching module processes the first modal feature vector and the second modal feature vector, to obtain, respectively a first modal switching encoding vector and a second modal switching encoding vector. The encoding module processes the first modal switching encoding vector and the second modal switching encoding vector, to generate, respectively a first target modal fusion vector and a second target modal fusion vector.

Abstract: Computer-implemented methods, non-transitory, computer-readable media, and computer-implemented systems implementing a one-touch login service are described. Information about a first IP address is obtained from a verification request sent by an application client device. A token is sent to the application client device. Information about a second IP address is obtained from a number acquisition request sent by an application server. Whether the first IP address is the same as the second IP address is determined. If the same, based on a token carried in the number acquisition request, a mobile phone number of a terminal device in which the application client device is located is obtained and the mobile phone number is sent to the application server. If not the same, sending the mobile phone number of the terminal device to the application server is refused.

Abstract: Example methods, apparatuses, and computer-readable media for offline transaction processing are disclosed.

Abstract: A query request is received for querying graph data, including a filtering condition for an attribute value of a first attribute, and used to query a destination edge in a neighboring edge of a first node that satisfies the filtering condition. Graph data includes point data of the first node and edge data of a neighboring edge stored in a single-point data block corresponding to the first node and comprising index data of the edge data used to index a first attribute of the edge data, record the attribute value of the first attribute, and record a storage location of an edge corresponding to the attribute value of the first attribute in the single-point data block. Using the index data and filtering condition, a storage location of the destination edge in the single-point data block is determined and data of the destination edge obtained.

Abstract: Embodiments of this application provide methods and apparatuses for offline payment authorization. In an implementation, a method comprising: obtaining wallet account information, a current account balance, and current credit information of a target electronic wallet account in response to determining that a current state of the target electronic wallet account satisfies a predetermined certificate delivery condition, determining an offline payment limit based on the current account balance and the current credit information, signing summary information by using a private key of a server to obtain an electronic wallet signature, generating a user certificate based on the summary information and the electronic wallet signature, and sending the user certificate to a terminal device associated with the target electronic wallet account for an offline account corresponding to the target electronic wallet account to make offline payment within the offline payment limit based on the user certificate.

Abstract: A container kernel upgrade based on a programmable container kernel, includes, in response to receiving a container kernel upgrade request, freezing an application container in which a to-be-upgraded first container kernel is located. Current container status data of an application container including first container kernel status data and application status data is stored. The application container is restarted by using a second container kernel used for upgrading a container kernel, where restarted container status data of the restarted application container includes second container kernel status data corresponding to the second container kernel when the application container is restarted. Using the stored current container status data, a corresponding data field is updated in a data structure of the restarted container status data.

Abstract: This specification discloses data storage methods, apparatuses, devices, and storage media. One method comprises receiving data to be stored, wherein the data comprise data corresponding to a plurality of fields, determining whether a size of the data exceeds a predetermined threshold, and in response to determining that the size of the data exceeds the predetermined threshold: splitting a portion of the data to obtain data blocks, determining block identifiers of the data blocks based on a sequence of the data blocks, storing a data identifier of the data and the block identifiers of the data blocks that correspond to each other, and storing the block identifiers and the data blocks that correspond to each other.

Abstract: A resource transfer method includes obtaining, by using a target application, a resource transfer request triggered by a target user, where the resource transfer request includes verification information used to perform resource transfer processing and identity feature information of the target user. By using the target application, verifying the verification information, and invoking, if the verification succeeds by using the target application, a local device management rule, and determining, by using the local device management rule, whether the identity feature information of the target user matches identity feature information of a pre-registered user. If the identity feature information of the target user matches the identity feature information of the pre-registered user, sending the resource transfer request to a first server corresponding to the target application to trigger, based on the resource transfer request, the first server to perform resource transfer processing.

Abstract: Implementations of the present specification provide an inter-thread interrupt signal sending method and apparatus. In the inter-thread interrupt signal sending method, a processor in which a first thread is located sends a notification message to a PCI device via a PCI bus by using an MMIO write operation. The MMIO write operation is implemented based on a virtual space address of the first thread to which a memory address of an MMIO memory of the PCI device is mapped. The PCI device generates an interrupt signal for a second thread in response to receiving the notification message, and sends the interrupt signal to a processor in which the second thread is located based on an interrupt signal sending manner configured in interrupt configuration information of the PCI device.