Abstract: A computer-implemented method includes obtaining, by each secure multi-party computation (MPC) computation party of n secure MPC computation parties, a first data component sent by a data provider, obtained after the data provider splits to-be-processed data into n data components, and n is an integer not less than 3. M secure MPC computation parties are selected to respectively perform a shuffling operation on respectively held first data components, to obtain a second data component, so as to perform an MPC operation, wherein 1<m<n, and wherein m is a positive integer. Selecting m secure MPC computation parties is cyclically performed to perform a shuffling operation on first data components, until each secure MPC computation party is not selected for at least one time to perform the shuffling operation, where m secure MPC computation parties selected each time are not completely identical.

Abstract: Shared memory management methods and apparatuses are provided. In an implementation, an apparatus comprises a virtual machine monitor, a virtual machine, and a trusted execution environment (TEE). The virtual machine monitor is configured to determine, based on the address information, whether a first address is comprised in the shared memory when a page fault occurs in response to the trusted part requests to access the first address, and in response to determining that the first address is comprised in the shared memory, send an interrupt notification to the virtual machine. The virtual machine is configured to: in response to the interrupt notification and determining, based on the address information, that the first address is comprised in the shared memory, validate a first page table entry in the first page table, and return a response message to the virtual machine monitor, wherein the first page table entry comprises address mapping information of a first page that comprises the first address.

Abstract: For managing a translation lookaside buffer (TLB), an example computing device is deployed with virtual machines (VMs) by using a virtual machine monitor and has multiple CPU cores, where the VMs include a common VM running a common execution environment and a secure VM running a trusted execution environment (TEE) instance. In an example, in response to a target request for modifying a secure memory, the common execution environment sends an inter-processor interrupt (IPI) to one or more CPU cores that run the secure VM. Control data corresponding to the secure VM include a TLB control field set to a target value that indicates that all TLBs of the VM are flushed when exiting from the secure VM. In response to the IPI, the one or more CPU cores exit from a secure mode, and flushes all TLBs of the VM based on the target value.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for phone fraud prevention. One of the methods includes adding a first identifier of a first phone event of a first user into a blockchain managed by one or more devices on a decentralized network. The first identifier of the first phone event is classified into a list of phone fraud identifiers. A second identifier of a second phone event involving a second user is received. The second identifier is compared with the list of phone fraud identifiers that includes the first identifier. In a case where the second identifier matches a phone fraud identifier in the list of phone fraud identifiers, the first user is notified that the second phone event involves a risk of phone fraud.

Abstract: Cross-platform plug-in development is described. Cross-platform plug-in development includes acquiring a plug-in template corresponding to a plurality of integrated development environments, where the plug-in template includes pre-compiled execution code adapted to running environments corresponding to the plurality of integrated development environments. Service code is acquired, where the service coded is related to a service corresponding to a service plug-in developed for a target integrated development environment based on the plug-in template and where the service code is code developed based on a common development language supported by each of the plurality of integrated development environments. After the service code is filled into the plug-in template, the plug-in template is compiled to obtain the service plug-in corresponding to the target integrated development environment.

Abstract: This specification discloses model running methods, apparatuses, computer-readable storage media and systems. In an example method, an original model is split to obtain a basic model and a trusted execution environment (TEE) model; and data of the basic model and data of the TEE model are delivered to a terminal device, so that a rich execution environment (REE) in the terminal device runs the data of the basic model, and a TEE in the terminal device runs the data of the TEE model.

Abstract: In an implementation, a first party or a third party updates, by adding an offset to the first fragment, two local fragments held by the local party, where the offset enables offset data obtained by performing addition on updated fragments of each party to be greater than or equal to 0. Multi-party joint computation is performed by using the two updated local fragments together with fragments held by the other two parties to obtain two overflow fragments of an overflow bit and in a second ring for performing a modulo operation on a second value of an n power of 2, m is less than n; and the overflow bit indicates whether the offset data is greater than or equal to the first value. Two converted fragments are obtained in the second ring based on the two updated local fragments, the two overflow fragments, and the offset.

Abstract: Trusted grid construction includes respectively loading, by a plurality of computing nodes, uniform target code in trusted execution environments (TEEs) of the plurality of computing nodes. A target metric value corresponding to the target code is stored to form a plurality of trusted nodes, where target logic corresponding to the uniform target code includes trusted proxy logic configured to provide a security related service for an upper-layer application. Each trusted node performs mutual verification with another trusted node based on the target metric value. A secure connection is established to the another trusted node after the mutual verification is passed, where a plurality of trusted nodes that establish secure connections to each other form a trusted grid.

Abstract: This specification relates to the field of knowledge graphs, and in particular, to knowledge reuse methods, apparatuses, computer-readable media, and systems. In an example computer-implemented method, a child entity is defined based on a parent entity, where the parent entity is selected from entities in a knowledge graph. A knowledge inheritance method is performed to inherit a portion of instance data of the parent entity. Instance data of the child entity are determined. First graph increment information corresponding to the instance data of the child entity is stored.

Abstract: Embodiments of this specification disclose graph data partition computer-implemented methods, non-transitory, computer-readable media, and computer-implemented systems. A computer-implemented method includes partitioning vertices in graph data into a plurality of dataset. Edges in the graph data are partitioned into datasets that include target vertices of the edges, where the datasets are used by nodes in a distributed cluster to perform graph computation, and where computational loads of the plurality of datasets are similar Implementations of this specification can achieve load balancing between nodes in the distributed cluster and can reduce communication overhead.

Abstract: Implementations of this specification provide data processing methods, apparatuses, and systems. In one implementation, a method includes: obtaining a statement for a data operation, wherein the statement comprises a command field, parsing the statement by a compiler, wherein the compiler is configured to support at least one syntax and provide a field translation relation among different syntaxes, in response to determining that the command field is absent from the at least one syntax supported by the complier, determining a target field in the at least one syntax that corresponds to the command field, and performing the data operation based on the target field.

Abstract: This specification discloses model running methods, apparatuses, computer-readable storage media and systems. In an example method, an original model is split to obtain a basic model and a trusted execution environment (TEE) model; and data of the basic model and data of the TEE model are delivered to a terminal device, so that a rich execution environment (REE) in the terminal device runs the data of the basic model, and a TEE in the terminal device runs the data of the TEE model.

Abstract: A resource transfer method includes obtaining, by using a target application, a resource transfer request triggered by a target user, where the resource transfer request includes verification information used to perform resource transfer processing and identity feature information of the target user. By using the target application, verifying the verification information, and invoking, if the verification succeeds by using the target application, a local device management rule, and determining, by using the local device management rule, whether the identity feature information of the target user matches identity feature information of a pre-registered user. If the identity feature information of the target user matches the identity feature information of the pre-registered user, sending the resource transfer request to a first server corresponding to the target application to trigger, based on the resource transfer request, the first server to perform resource transfer processing.

Abstract: This specification discloses data storage methods, apparatuses, devices, and storage media. One method comprises receiving data to be stored, wherein the data comprise data corresponding to a plurality of fields, determining whether a size of the data exceeds a predetermined threshold, and in response to determining that the size of the data exceeds the predetermined threshold: splitting a portion of the data to obtain data blocks, determining block identifiers of the data blocks based on a sequence of the data blocks, storing a data identifier of the data and the block identifiers of the data blocks that correspond to each other, and storing the block identifiers and the data blocks that correspond to each other.

Abstract: Embodiments of this application provide methods and apparatuses for offline payment authorization. In an implementation, a method comprising: obtaining wallet account information, a current account balance, and current credit information of a target electronic wallet account in response to determining that a current state of the target electronic wallet account satisfies a predetermined certificate delivery condition, determining an offline payment limit based on the current account balance and the current credit information, signing summary information by using a private key of a server to obtain an electronic wallet signature, generating a user certificate based on the summary information and the electronic wallet signature, and sending the user certificate to a terminal device associated with the target electronic wallet account for an offline account corresponding to the target electronic wallet account to make offline payment within the offline payment limit based on the user certificate.

Abstract: This specification discloses methods, apparatus, devices, and systems for determining a feature effective value of business data. In one implementation, a method includes: obtaining a joint data share of a first participant based on joint data that includes feature values of a plurality of objects corresponding to a plurality of feature terms, obtaining a predictive value share and a model parameter share based on the joint data and a business prediction model, determining, through secure multi-party computation, a correlation data share corresponding to the plurality of participants, and determining, through a significance test method, an effective value of a feature term of the plurality of feature terms.

Abstract: A container group scheduling method includes obtaining multiple to-be-scheduled pods from a pod scheduling queue. Equivalence class partitioning on the multiple to-be-scheduled pods is performed to obtain at least one pod set. Each of the at least one pod set is determined as a target pod set. Scheduling processing is performed on the target pod set to bind each pod in the target pod set to a node configured to run the pod. A target schedulable node set corresponding to the target pod set is determined. A correspondence between the target pod set and the target schedulable node set is cached. From the target schedulable node set, a node corresponding to each pod in the target pod set is determined. Each pod in the target pod set is bound to the node corresponding to each pod in the target pod set. The cached correspondence is deleted.

Abstract: Example blockchain-based user element authentication methods, apparatuses, systems and computer-readable media are provided. In an example, a node device in a blockchain receives a smart contract invocation transaction, where the smart contract invocation transaction includes an encrypted to-be-authenticated user element provided by a user client. In response to the smart contract invocation transaction, the node device invokes encryption conversion logic in the smart contract, decrypts the encrypted to-be-authenticated user element in a trusted computing environment, and performs secondary encryption processing. The user element authentication authority decrypts the to-be-authenticated user element and performs user element authentication. The node device obtains an authentication result submitted by the user element authentication authority and stores the authentication result in the blockchain.

Abstract: Embodiments of this specification provide computer-implemented methods, apparatuses, and computer-readable storage media for interface invocation request processing. In an example interface invocation request processing method, an invocation request for a first interface of an operating system is received from a client application, and the first interface is configured to obtain privacy data. First scenario information is obtained, where the first scenario information is description information of a use scenario of the first interface declared when the client application applies for an invocation permission of the first interface. Current scenario information of the client application is obtained. The invocation request is executed in response to at least that the current scenario information matches the first scenario information.

Abstract: Embodiments of this specification disclose secure multi-party computation for privacy protection. In an implementation, a method includes obtaining a fragment of first gradient data and a fragment of noise data, where the first gradient data is gradient data of a loss function. Based on the fragment of first gradient data by performing secure multi-party computation with another participant, obtaining a fragment of second gradient data, where the second gradient data is gradient data obtained after the first gradient data is clipped. Based on the fragment of second gradient data and the fragment of noise data, determining a fragment of third gradient data, where the third gradient data is the second gradient data with the noise data added. A fragment of a model parameter is determined based on the fragment of third gradient data.