Abstract: A privacy computing-enabled migration method for large-scale persistent data across platforms is provided. By virtue of a sealing key management service SKMS, based on trusted sealing and trusted connection which are the basic functions of privacy computing, large-scale migration of privacy data with low deployment cost, high security and high efficiency can be realized by providing download links to platforms that meet requirements, thus greatly improving the flexibility of data deployment and use and the landing of trusted sealing technology.

Abstract: The present invention discloses a method for protecting a deep learning model based on confidential computing. In this solution, a use process of a deep learning model is divided into two stages: Data preprocessing and inference. At the data preprocessing stage, a data preprocessing model is mainly used to process inference data of an authorized user. The data preprocessing model is a lightweight processing module, which occupies less computing resources, and the data preprocessing model is deployed in a confidential computing environment. At the inference stage, an inference model is used to perform inference on preprocessed data, and the inference model is deployed in a common computing environment. In the entire process, copyright attestation of the deep learning model can be implemented without affecting inference accuracy of the model, and the infringement of the model copyright can be effectively resisted through model forgery, transfer learning, knowledge distillation, and the like.

Abstract: The present disclosure provides a high-performance data lake system and a data storage method. The data storage method includes the following steps: S1: converting a file into a file stream; S2: converting the file stream into an array in which multiple subarrays are nested; and S3: converting the array into a resilient distributed dataset (RDD), and storing the RDD to a storage layer of a data lake. The present disclosure provides a nested field structure, which lays the foundation for parallel processing in reading, and effectively improves read performance. Furthermore, the present disclosure flexibly generates a number of nested subarrays according to hardware cores, such that the data lake achieves better extension performance, and can keep optimal writing efficiency for different users.

Abstract: Disclosed is a multi-source encrypted image retrieval method based on federated learning and secret sharing, including the following steps: S1. performing model training on a convolutional neural network of double cloud platforms based on federated learning, with an image owner joining the double cloud platforms as a coalition member; and S2. completing, by an authorized user, encrypted image retrieval based on additive secret sharing with the assistance of the double cloud platforms. The present disclosure provides a multi-source encrypted retrieval scheme based on federated learning and secret sharing, which simplifies the neural network model structure for retrieval by using federated learning, to obtain better network parameters. Better neural network parameters and a more simplified network model structure are achieved by compromising overheads on the image owner side, such that a better convolutional neural network can be used in encrypted image retrieval.

Abstract: A new method for trusted data decryption is disclosed. A data user provides a public key Pk of an encryption key generation algorithm G. A data provider calculates an encryption key K based on an application A, a device C, and a token T by using G, encrypts a data set D by using K, encrypts G by using Pk to obtain Ge, and transmits ED and Ge to the data user. The data user can obtain a private key generation algorithm G? by using a locally stored private key Ps, and measures, in a trusted execution environment, the application A and the device C that request data to obtain MA? and CID?, calculates an encryption key K? based on MA?, CID? and a user-input token T by using G?, and decrypts ED by using K?. If K?=K, the decryption succeeds, and data D is obtained; otherwise, the decryption fails.

Abstract: The present disclosure provides a remote host monitoring method based on chip-level privacy-preserving computation (PPC), including: S1: allowing monitoring software in a user-side host to start in a chip-level trusted execution environment (TEE); S2: determining whether the user-side host locally stores valid private data, directly going to step S4 if yes, or otherwise, going to step S3; S3: establishing a secure connection with a supervisor and capturing private data; and S4: allowing monitoring software running in the TEE to execute a related monitoring instruction based on the private data, encrypting and signing a monitoring result, and transmitting the monitoring result to the supervisor. The present disclosure ensures validity, tamper resistance and security of monitoring information of the user with a TEE based on PCC, encrypts and signs the monitoring information based on an encryption key and a signature key of the supervisor, can locally store the monitoring information.

Abstract: The present disclosure provides a high-performance data lake system and a data storage method. The data storage method includes the following steps: S1: converting a file into a file stream; S2: converting the file stream into an array in which multiple subarrays are nested; and S3: converting the array into a resilient distributed dataset (RDD), and storing the RDD to a storage layer of a data lake. The present disclosure provides a nested field structure, which lays the foundation for parallel processing in reading, and effectively improves read performance. Furthermore, the present disclosure flexibly generates a number of nested subarrays according to hardware cores, such that the data lake achieves better extension performance, and can keep optimal writing efficiency for different users.

Abstract: The present disclosure provides a remote host monitoring method based on chip-level privacy-preserving computation (PPC), including: S1: allowing monitoring software in a user-side host to start in a chip-level trusted execution environment (TEE); S2: determining whether the user-side host locally stores valid private data, directly going to step S4 if yes, or otherwise, going to step S3; S3: establishing a secure connection with a supervisor and capturing private data; and S4: allowing monitoring software running in the TEE to execute a related monitoring instruction based on the private data, encrypting and signing a monitoring result, and transmitting the monitoring result to the supervisor. The present disclosure ensures validity, tamper resistance and security of monitoring information of the user with a TEE based on PCC, encrypts and signs the monitoring information based on an encryption key and a signature key of the supervisor, can locally store the monitoring information.