Abstract: Bandwidth-controlled, private, multi-party joint data processing is described. When performing an nth iteration of joint data processing on service data, multiple participants separately determine a same nth identifier at the current iteration and includes sub-identifiers separately corresponding to service data of the multiple participants. The multiple participants are enabled to separately determine their respective random arrays in a predetermined trusted interaction manner and based on the nth identifier and initial seeds of the multiple participants. When a first sub-identifier exists in a correspondence between sub-identifiers and confidential data, the multiple participants separately obtain first confidential data corresponding to the first sub-identifier and perform the current iteration of joint data processing with another participant using secure multi-party computation (MPC) based on exchange of other confidential data and respective first confidential data.

Abstract: Implementations disclose data processing methods, apparatuses, and computer devices for privacy protection in secure multi-party computation, including encoding private data to a coefficient of a first polynomial function. A plurality of function values of the first polynomial function are obtained as a plurality of fragments obtained after the private data is split, where the fragments of the private data are used for computation by using a secret sharing algorithm to obtain fragments of target data.

Abstract: Embodiments of this specification disclose computer-implemented methods, apparatuses, systems, mediums, and program products related to batch encryption. In an example computer-implemented method, N first plaintexts are obtained. The N first plaintexts are spliced based on a first predetermined rule to obtain a first target plaintext. The first target plaintext are encrypted by using a predetermined encryption algorithm to obtain a first target ciphertext. N is a positive integer greater than or equal to 2.

Abstract: Embodiments of this specification provide computer-implemented methods, apparatuses, computer-readable media, and systems for secure multi-party computation. In an example secure multi-party computation method, a first party encrypts a first plaintext segment of target data by using a homomorphic encryption algorithm based on a public key held by the first party in a first key pair to obtain a first ciphertext segment. A second plaintext segment of the target data is owned by a second party. The first party sends the first ciphertext segment to the second party. The second party performs a homomorphic addition operation in the homomorphic encryption algorithm on the first ciphertext segment and the second plaintext segment of the target data to obtain ciphertext data of the target data. The ciphertext data is decrypted based on a private key in the first key pair.

Abstract: Some embodiments of the present specification provide a method and an apparatus for establishing a trusted channel between a user and a trusted computing cluster. According to the method, when a user wants to establish a trusted channel with a trusted computing cluster, the user only negotiates a session key with any first trusted computing unit in the cluster to establish the trusted channel. Then, the first trusted computing unit encrypts the session key using a cluster key common to the trusted computing cluster to which the first trusted computing unit belongs, and sends the encrypted session key to a cluster manager. The cluster manager transmits the encrypted session key in the trusted computing cluster, so that other trusted computing units in the cluster obtain the session key and join the trusted channel. Thus, the user establishes a trusted channel with the entire trusted computing cluster.

Abstract: The present invention relates to the technical field of detection of the appearance of electronic components, and in particular to a method for detecting the appearance of six sides of a chip multi-layer ceramic capacitor based on artificial intelligence. In the method for detecting the appearance of six sides of a chip multi-layer ceramic capacitor based on artificial intelligence as provided by the present invention, a picture is automatically divided, by AI, into regions which are then classified, and extracted features are judged by conventional algorithms. It is more flexible to deal with various defects. Defect missing is avoided, and the false rate is reduced.

Abstract: Some embodiments of the present specification provide a method and an apparatus for establishing a trusted channel between a user and a trusted computing cluster. According to the method, when a user wants to establish a trusted channel with a trusted computing cluster, the user only negotiates a session key with any first trusted computing unit in the cluster to establish the trusted channel. Then, the first trusted computing unit encrypts the session key using a cluster key common to the trusted computing cluster to which the first trusted computing unit belongs, and sends the encrypted session key to a cluster manager. The cluster manager transmits the encrypted session key in the trusted computing cluster, so that other trusted computing units in the cluster obtain the session key and join the trusted channel. Thus, the user establishes a trusted channel with the entire trusted computing cluster.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for providing certifications.

Abstract: This disclosure relates to providing a high availability computing service in a distributed system. In one aspect, a method includes sending, by a computing unit of multiple computing units that are each executing a respective copy of a computing task, a certificate request to a trusted certificate generator. The request includes authentication information. The authentication information includes a code hash of the computing task. The computing unit receives a certificate report including a public key certificate in a certificate chain generated for the code hash and a private key corresponding to the public key certificate. The public key certificate and the private key form a certificate pair. The certificate chain includes multiple certificates including the public key certificate and a root certificate corresponding to the public key certificate. The computing unit is used as a TLS server. The certificate pair is set as a certificate pair of the TLS server.

Abstract: Some embodiments of the present specification provide a method and an apparatus for establishing a trusted channel between a user and a trusted computing cluster. According to the method, when a user wants to establish a trusted channel with a trusted computing cluster, the user only negotiates a session key with any first trusted computing unit in the cluster to establish the trusted channel. Then, the first trusted computing unit encrypts the session key using a cluster key common to the trusted computing cluster to which the first trusted computing unit belongs, and sends the encrypted session key to a cluster manager. The cluster manager transmits the encrypted session key in the trusted computing cluster, so that other trusted computing units in the cluster obtain the session key and join the trusted channel. Thus, the user establishes a trusted channel with the entire trusted computing cluster.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for providing certifications.

Abstract: This disclosure relates to providing a high availability computing service in a distributed system. In one aspect, a method includes sending, by a computing unit of multiple computing units that are each executing a respective copy of a computing task, a certificate request to a trusted certificate generator. The request includes authentication information. The authentication information includes a code hash of the computing task. The computing unit receives a certificate report including a public key certificate in a certificate chain generated for the code hash and a private key corresponding to the public key certificate. The public key certificate and the private key form a certificate pair. The certificate chain includes multiple certificates including the public key certificate and a root certificate corresponding to the public key certificate. The computing unit is used as a TLS server. The certificate pair is set as a certificate pair of the TLS server.

Abstract: Some embodiments of the present specification provide a method and an apparatus for establishing a trusted channel between a user and a trusted computing cluster. According to the method, when a user wants to establish a trusted channel with a trusted computing cluster, the user only negotiates a session key with any first trusted computing unit in the cluster to establish the trusted channel. Then, the first trusted computing unit encrypts the session key using a cluster key common to the trusted computing cluster to which the first trusted computing unit belongs, and sends the encrypted session key to a cluster manager. The cluster manager transmits the encrypted session key in the trusted computing cluster, so that other trusted computing units in the cluster obtain the session key and join the trusted channel. Thus, the user establishes a trusted channel with the entire trusted computing cluster.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for providing certifications.

Abstract: Implementations of the present specification provide a data processing method and apparatus. A method performed by a data provider includes: obtaining first encrypted data of first plaintext data, a first key used to decrypt the first encrypted data, and authorization information about the first plaintext data; sending a verification request to a data manager, the data manager including a first trusted execution environment; receiving authentication information from the data manager, and performing verification based on the authentication information; when the verification succeeds, securely transmitting the first key and the authorization information to the first trusted execution environment; and providing the first encrypted data to the data manager.

Abstract: Implementations of the present specification provide a data processing method and apparatus. A method performed by a data provider includes: obtaining first encrypted data of first plaintext data, a first key used to decrypt the first encrypted data, and authorization information about the first plaintext data; sending a verification request to a data manager, the data manager including a first trusted execution environment; receiving authentication information from the data manager, and performing verification based on the authentication information; when the verification succeeds, securely transmitting the first key and the authorization information to the first trusted execution environment; and providing the first encrypted data to the data manager.

Abstract: This disclosure relates to providing a high availability computing service in a distributed system. In one aspect, a method includes sending, by a computing unit of multiple computing units that are each executing a respective copy of a computing task, a certificate request to a trusted certificate generator. The request includes authentication information. The authentication information includes a code hash of the computing task. The computing unit receives a certificate report including a public key certificate in a certificate chain generated for the code hash and a private key corresponding to the public key certificate. The public key certificate and the private key form a certificate pair. The certificate chain includes multiple certificates including the public key certificate and a root certificate corresponding to the public key certificate. The computing unit is used as a TLS server. The certificate pair is set as a certificate pair of the TLS server.

Abstract: This disclosure relates to providing a high availability computing service in a distributed system. In one aspect, a method includes sending, by a computing unit of multiple computing units that are each executing a respective copy of a computing task, a certificate request to a trusted certificate generator. The request includes authentication information. The authentication information includes a code hash of the computing task. The computing unit receives a certificate report including a public key certificate in a certificate chain generated for the code hash and a private key corresponding to the public key certificate. The public key certificate and the private key form a certificate pair. The certificate chain includes multiple certificates including the public key certificate and a root certificate corresponding to the public key certificate. The computing unit is used as a TLS server. The certificate pair is set as a certificate pair of the TLS server.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for providing certifications.

Abstract: This disclosure relates to providing a high availability computing service in a distributed system. In one aspect, a method includes sending, by a computing unit of multiple computing units that are each executing a respective copy of a computing task, a certificate request to a trusted certificate generator. The request includes authentication information. The authentication information includes a code hash of the computing task. The computing unit receives a certificate report including a public key certificate in a certificate chain generated for the code hash and a private key corresponding to the public key certificate. The public key certificate and the private key form a certificate pair. The certificate chain includes multiple certificates including the public key certificate and a root certificate corresponding to the public key certificate. The computing unit is used as a TLS server. The certificate pair is set as a certificate pair of the TLS server.