CN119520316A - Edge processing method, device, equipment and storage medium - Google Patents
Edge processing method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN119520316A CN119520316A CN202411645289.2A CN202411645289A CN119520316A CN 119520316 A CN119520316 A CN 119520316A CN 202411645289 A CN202411645289 A CN 202411645289A CN 119520316 A CN119520316 A CN 119520316A
- Authority
- CN
- China
- Prior art keywords
- information
- edge
- request
- edge computing
- model
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/16—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using machine learning or artificial intelligence
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/145—Network analysis or design involving simulating, designing, planning or modelling of a network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
- H04L67/025—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Artificial Intelligence (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Databases & Information Systems (AREA)
- Evolutionary Computation (AREA)
- Medical Informatics (AREA)
- Software Systems (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
本申请提供一种边缘处理方法、装置、设备和存储介质,涉及通信技术领域,用于实现人工智能模型的边缘可信验证,以安全、低时延地实现业务信息处理过程,避免业务数据泄露风险,并有效保护人工智能模型应用程序。该方法应用于业务方设备,包括:向边缘计算设备发送服务请求;服务请求用于请求边缘计算设备上人工智能模型的信息处理服务;接收来自边缘计算设备的远程证明信息;远程证明信息为预先在远程证明服务器中登记的部署有人工智能模型的可信执行环境实例的证明信息;向远程证明服务器发送第一证明请求;在接收到来自远程证明服务器的第一通过响应的情况下,向边缘计算设备发送携带有待处理信息的信息处理请求。
The present application provides an edge processing method, apparatus, device and storage medium, which relates to the field of communication technology and is used to implement edge trusted verification of artificial intelligence models, so as to implement business information processing processes safely and with low latency, avoid the risk of business data leakage, and effectively protect artificial intelligence model applications. The method is applied to business party devices, including: sending a service request to an edge computing device; the service request is used to request information processing services of artificial intelligence models on edge computing devices; receiving remote certification information from the edge computing device; the remote certification information is the certification information of a trusted execution environment instance deployed with an artificial intelligence model pre-registered in a remote certification server; sending a first certification request to the remote certification server; and upon receiving a first passing response from the remote certification server, sending an information processing request carrying information to be processed to the edge computing device.
Description
Technical Field
The present application belongs to the field of communications technologies, and in particular, to an edge processing method, an edge processing device, and a storage medium.
Background
With the rapid development of the fifth generation mobile communication technology (5th generation mobile communication technology,5G), multi-access edge computing (MEC) has been widely used. And a large number of artificial intelligence (ARTIFICIAL INTELLIGENCE, AI) models are deployed on the MEC server to execute the reasoning business such as product quality detection based on image recognition, traffic violation recognition and the like, so as to reduce the reasoning response time delay and reduce the data transmission bandwidth.
However, the MEC server is deployed at the network edge, its infrastructure and usage rights are respectively attributed to different owners, the network environment is complex, and there is a risk of privacy disclosure for services involving sensitive data such as face recognition, location data, production data, etc. And, protection of third party AI model applications deployed in the MEC environment needs to be considered.
Disclosure of Invention
The application provides an edge processing method, an edge processing device, edge processing equipment and a storage medium, which are used for realizing the edge credibility verification of an artificial intelligent model, realizing a service information processing process safely and with low time delay, avoiding the risk of service data leakage and effectively protecting an application program of the artificial intelligent model.
In order to achieve the above purpose, the application adopts the following technical scheme:
In a first aspect, an edge processing method is provided, applied to a service side device, and includes sending a service request to an edge computing device. The service request is for requesting an information processing service of the artificial intelligence model on the edge computing device. Remote attestation information is received from an edge computing device. The remote attestation information is attestation information of trusted execution environment instances deployed with artificial intelligence models registered in advance in a remote attestation server. A first attestation request is sent to a remote attestation server. The first attestation request is for requesting verification of remote attestation information. And sending an information processing request carrying information to be processed to the edge computing device in the case of receiving the first passing response from the remote proving server. The information processing request is used for requesting an information processing result of the information to be processed by the artificial intelligence model.
Optionally, the remote attestation information includes an identifier of a trusted execution environment instance deployed by the artificial intelligent model, an opening certificate of the trusted execution environment instance, a private key signature corresponding to the opening certificate, a trusted execution environment software version number, a processor identifier and trusted computing base information.
Optionally, the method for sending the information processing request carrying the information to be processed to the edge computing device comprises the step of establishing a transmission layer security protocol connection with the edge computing device based on an opening certificate of the trusted execution environment instance. And sending the information to be processed to the edge computing equipment through the transmission layer security protocol connection.
Optionally, after sending the information processing request carrying the information to be processed to the edge computing device, the method further comprises receiving an information processing result from the edge computing device.
Optionally, the artificial intelligence model determines for the operator device that the remote attestation server is deployed on the edge computing device when the remote attestation information is verified. The operator device comprises an operation support system, a multi-access edge computing orchestrator, a plurality of mobile edge platform managers, and a virtualized infrastructure management module. The operation support system is configured to send a second model instantiation request to the multi-access edge computation orchestrator in response to the first model instantiation request from the server device. The multi-access edge computing orchestrator is used for responding to the second model instantiation request, determining edge computing devices meeting preset conditions, and sending a third model instantiation request to a target mobile edge platform manager corresponding to the edge computing devices in the plurality of mobile edge platform managers. The preset conditions comprise the instantiation resources corresponding to the artificial intelligent model and the trusted execution environment capability. The target mobile edge platform manager is to send a fourth model instantiation request to the virtualized infrastructure management module in response to the third model instantiation request. The virtualization infrastructure management module is to determine, in response to the fourth model instantiation request, an instantiation resource of the artificial intelligence model on the edge computing device and remote attestation information of the trusted execution environment instance corresponding to the instantiation resource, and to send a second attestation request to the remote attestation server. The second attestation request is for requesting verification of whether the trusted execution environment instance is trusted. Instantiation resources include computing resources, storage resources, network resources, trusted execution environment resources. The virtualization infrastructure management module is further for instantiating the artificial intelligence model in the trusted execution environment instance based on the mirrored information of the artificial intelligence model upon receipt of the second pass response from the remote attestation server.
Optionally, the operator device further comprises a mobile edge platform. The mobile edge platform manager is further to send a service configuration request to the edge computing platform. The edge computing platform is used for responding to the service configuration request, acquiring remote attestation information and sending a third attestation request to the remote attestation server. The third attestation request is used to verify whether the trusted execution environment instance is trusted. The edge computing platform is further configured to determine configuration information for the artificial intelligence model upon receiving a third pass response from the remote attestation server. The configuration information comprises domain name system rule information, service discovery configuration information, stream rule information and trusted execution environment remote verification configuration information.
Optionally, the edge computing platform is further configured to send a service configuration response to the target mobile edge platform manager. The target mobile edge platform manager is further configured to send a first model instantiation response to the multi-access edge computing orchestrator. The multi-access edge computation orchestrator is further configured to send a second model instantiation response to the server device through the operations support system.
In a second aspect, an edge processing device is provided, and is applied to service side equipment, and the edge processing device comprises a sending module and a receiving module. And the sending module is used for sending the service request to the edge computing equipment. The service request is for requesting an information processing service of the artificial intelligence model on the edge computing device. And the receiving module is used for receiving the remote attestation information from the edge computing equipment. The remote attestation information is attestation information of trusted execution environment instances deployed with artificial intelligence models registered in advance in a remote attestation server. And the sending module is also used for sending the first proving request to the remote proving server. The first attestation request is for requesting verification of remote attestation information. And the sending module is also used for sending an information processing request carrying information to be processed to the edge computing equipment under the condition that the receiving module receives the first passing response from the remote proving server. The information processing request is used for requesting an information processing result of the information to be processed by the artificial intelligence model.
Optionally, the remote attestation information includes an identifier of a trusted execution environment instance deployed by the artificial intelligent model, an opening certificate of the trusted execution environment instance, a private key signature corresponding to the opening certificate, a trusted execution environment software version number, a processor identifier and trusted computing base information.
Optionally, the sending module is specifically configured to establish a transport layer security protocol connection with the edge computing device based on the provisioning certificate of the trusted execution environment instance. And sending the information to be processed to the edge computing equipment through the transmission layer security protocol connection.
Optionally, the receiving module is further configured to receive an information processing result from the edge computing device.
Optionally, the artificial intelligence model determines for the operator device that the remote attestation server is deployed on the edge computing device when the remote attestation information is verified. The operator device comprises an operation support system, a multi-access edge computing orchestrator, a plurality of mobile edge platform managers, and a virtualized infrastructure management module. The operation support system is configured to send a second model instantiation request to the multi-access edge computation orchestrator in response to the first model instantiation request from the server device. The multi-access edge computing orchestrator is used for responding to the second model instantiation request, determining edge computing devices meeting preset conditions, and sending a third model instantiation request to a target mobile edge platform manager corresponding to the edge computing devices in the plurality of mobile edge platform managers. The preset conditions comprise the instantiation resources corresponding to the artificial intelligent model and the trusted execution environment capability. The target mobile edge platform manager is to send a fourth model instantiation request to the virtualized infrastructure management module in response to the third model instantiation request. The virtualization infrastructure management module is to determine, in response to the fourth model instantiation request, an instantiation resource of the artificial intelligence model on the edge computing device and remote attestation information of the trusted execution environment instance corresponding to the instantiation resource, and to send a second attestation request to the remote attestation server. The second attestation request is for requesting verification of whether the trusted execution environment instance is trusted. Instantiation resources include computing resources, storage resources, network resources, trusted execution environment resources. The virtualization infrastructure management module is further for instantiating the artificial intelligence model in the trusted execution environment instance based on the mirrored information of the artificial intelligence model upon receipt of the second pass response from the remote attestation server.
Optionally, the operator device further comprises a mobile edge platform. The mobile edge platform manager is further to send a service configuration request to the edge computing platform. The edge computing platform is used for responding to the service configuration request, acquiring remote attestation information and sending a third attestation request to the remote attestation server. The third attestation request is used to verify whether the trusted execution environment instance is trusted. The edge computing platform is further configured to determine configuration information for the artificial intelligence model upon receiving a third pass response from the remote attestation server. The configuration information comprises domain name system rule information, service discovery configuration information, stream rule information and trusted execution environment remote verification configuration information.
Optionally, the edge computing platform is further configured to send a service configuration response to the target mobile edge platform manager. The target mobile edge platform manager is further configured to send a first model instantiation response to the multi-access edge computing orchestrator. The multi-access edge computation orchestrator is further configured to send a second model instantiation response to the server device through the operations support system.
In a third aspect, there is provided a computer device comprising a memory for storing computer-executable instructions and a processor connected to the memory by a bus, the processor executing the computer-executable instructions stored by the memory when the computer device is running to cause a base station to perform the method of any of the alternative edge processing methods of the first aspect.
The computer device may be a network device or may be a part of an apparatus in a network device, such as a chip system in a network device. The system-on-chip is adapted to support the network device to implement the functions involved in the first aspect and any one of its possible implementations, e.g. to receive, determine, and offload data and/or information involved in the above-mentioned edge processing method. The chip system includes a chip, and may also include other discrete devices or circuit structures.
In a fourth aspect, there is provided a computer readable storage medium comprising computer executable instructions which, when run on a base station, cause the base station to perform the method of edge processing as optional in any of the first aspects.
It should be noted that the above-mentioned computer instructions may be stored in whole or in part on the first computer readable storage medium. The first computer readable storage medium may be packaged together with the processor of the routing device or may be packaged separately from the processor of the routing device, which is not limited in the present application.
In the present application, the names of the above-described routing means do not constitute limitations on the devices or function modules themselves, and in actual implementation, these devices or function modules may appear under other names. Insofar as the function of each device or function module is similar to that of the present application, it falls within the scope of the claims of the present application and the equivalents thereof.
These and other aspects of the application will be more readily apparent from the following description.
The technical scheme provided by the application has at least the following beneficial effects:
Based on any one of the above aspects, in the present application, before sending the information to be processed to the edge computing device, the service side device may first obtain remote attestation information of the trusted execution environment instance where the artificial intelligent model is deployed from the edge computing device, and verify the remote attestation information through interaction with the remote attestation server, so as to implement edge trusted verification of the artificial intelligent model. Furthermore, the service side device can send the information to be processed to the edge computing device for processing under the condition that the remote certification information passes the verification, so that the service information processing process is safely realized with low time delay, and the risk of service data leakage is avoided. And the artificial intelligent model is deployed in a trusted execution environment instance, so that an artificial intelligent model application program can be effectively protected.
Drawings
FIG. 1 is a schematic diagram of an edge processing system according to an embodiment of the present application;
Fig. 2 is a schematic hardware structure of a service side device according to an embodiment of the present application;
FIG. 3 is a schematic flow chart of an edge processing method according to an embodiment of the present application;
FIG. 4 is a flowchart of an artificial intelligence model deployment provided in an embodiment of the present application;
FIG. 5 is a flowchart illustrating another edge processing method according to an embodiment of the present application;
FIG. 6 is a flowchart illustrating another edge processing method according to an embodiment of the present application;
FIG. 7 is a flowchart illustrating another edge processing method according to an embodiment of the present application;
Fig. 8 is a schematic structural diagram of an edge processing apparatus according to an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
It should be noted that, in the embodiments of the present application, words such as "exemplary" or "such as" are used to mean serving as an example, instance, or illustration. Any embodiment or design described herein as "exemplary" or "e.g." in an embodiment should not be taken as preferred or advantageous over other embodiments or designs. Rather, the use of words such as "exemplary" or "such as" is intended to present related concepts in a concrete fashion.
In order to clearly describe the technical solution of the embodiment of the present application, in the embodiment of the present application, the words "first", "second", etc. are used to distinguish identical items or similar items having substantially the same function and effect, and those skilled in the art will understand that the words "first", "second", etc. are not limited in number and execution order.
Furthermore, the terms "comprising" and "having" in the embodiments of the application and in the claims and drawings are not exclusive. For example, a process, method, system, article, or apparatus that comprises a list of steps or modules is not limited to only those steps or modules but may include other steps or modules not listed.
In order to facilitate understanding of the application, relevant elements to which the application relates will now be described.
1. Confidential computing technology-trusted execution environment (trusted execution environment, TEE).
A trusted execution environment is an execution environment that requires program code that is authorized to execute within a processor, and the data used by the program code cannot be read or tampered with by code outside of the TEE.
The TEE is a secure area within a central processing unit (central processing unit, CPU) or graphics processor (graphics processing unit, GPU), running in a stand-alone environment and running in parallel with the operating system. The CPU or GPU ensures that both the confidentiality and integrity of the code and data in the TEE are protected. Trusted applications running in the TEE may access all of the functionality of the device host processor and memory, while hardware isolation protects these applications from other applications running in the host operating system. Thus, some data sensitive data processing traffic may be performed in the TEE. For example, key generation and preservation, payment account authentication, privacy data processing, algorithm protection, and other data processing services. Alternatively, the hardware corresponding to the TEE may be deployed in a general purpose X86 server, or may be deployed in a part of the network device.
2. Multiple access edge computing (MEC).
MECs are systems that provide network services and cloud computing capabilities at the edge of an access network that contains one or more access technologies. The MEC has the advantage of approaching to users, and can better support data processing services with low delay processing and high privacy protection requirements. The MEC receives the user side requirements through a MEC orchestrator (MEC orchestrator, MEO) network element, orchestrates the unified resource of the MEC infrastructure as a service (IaaS) AS A SERVICE for managing the lifecycle of the MEC Application (APP). And the virtualized infrastructure management module (virtualization infrastructure manager, VIM) is used for managing IaaS resources of the local data center, including resource reporting and resource allocation, and operations such as pulling up and logging out of Virtual Machines (VMs) and dockers.
3. Artificial intelligence (ARTIFICIAL INTELLIGENCE, AI) reasoning.
In machine learning, AI reasoning is the process of running real-time data using a trained model to make predictions or solve tasks. Reasoning is the process by which an AI model generates an output by applying its training data knowledge to data that has not been seen before. The goal of AI reasoning is to compute and output an operational result.
Services after training of various AI models, such as image recognition, video recognition, voice recognition, decision making, etc., are finally provided by AI reasoning services, such as traffic violation recognition, product quality detection, automatic driving, etc.
The following briefly describes the application context of the application.
With the deployment of 5G, and in particular the deployment of 5G private networks, the need for data processing at the network edge increases. On one hand, the low-delay requirement of specific service requires the service to provide quick response, and on the other hand, the requirement of a data management policy makes the service data to be processed in a park. MECs can provide network services and cloud computing capabilities in data centers near the edge of the network, increasingly being used by video and data services (OTT) and operators to build the necessary infrastructure for edge business ecology.
With the maturation of AI technology, a large number of AI models are deployed in MEC to perform reasoning tasks, such as product quality detection based on image recognition, traffic violation recognition, automatic driving and the like, for reducing reasoning response delay and reducing bandwidth required by uploading data to the cloud. The edge reasoning technology improves the performance by shortening the time from inputting data to reasoning decision, reduces the dependence on network connection and finally improves the service profit. Because of the high cost of AI model training, a large amount of computational power resources are required, some small and medium enterprises tend to adopt AI model algorithms which have been trained by a third party, and the third party AI model algorithm provider is responsible for maintenance and updating of the AI model algorithms on the MEC side.
However, MECs are deployed at the network edge, where the environment is complex, the infrastructure and applications belong to different owners, and there is a risk of privacy disclosure for services involving sensitive data such as face recognition, location data, production data, etc. And, a third party AI model reasoning algorithm deployed in the MEC environment needs to be considered for protection.
In view of the above problems, an embodiment of the present application provides an edge processing method, where before sending information to be processed to an edge computing device, a service side device may first obtain remote attestation information of a trusted execution environment instance where an artificial intelligent model is deployed from the edge computing device, and verify the remote attestation information through interaction with a remote attestation server, so as to implement edge trusted verification of the artificial intelligent model. Furthermore, the service side device can send the information to be processed to the edge computing device for processing under the condition that the remote certification information passes the verification, so that the service information processing process is safely realized with low time delay, and the risk of service data leakage is avoided.
Also, confidential calculations based on hardware TEE are considered to be useful to implement a scalable solution where data availability is not available. The AI model is deployed in the edge computing infrastructure TEE example, the sensitive data is input into the TEE in a ciphertext form to complete AI reasoning, and the reasoning result is output, so that the artificial intelligent model application program is effectively protected.
Thus, the edge reasoning based on confidential calculation can protect the privacy of service information on one hand and can protect the artificial intelligent model application program on the other hand, wherein the artificial intelligent model application program cannot be acquired or changed by the tenant, the system administrator and the infrastructure provider of the edge computing equipment.
The edge processing method is suitable for business side equipment in an edge processing system. Fig. 1 is a schematic structural diagram of an edge processing system according to an embodiment of the present application. The edge processing system may include a business side device 101, an edge computing device 102, and a remote attestation server 103. The business side device 101 may be connected to the edge computing device 102 and the remote attestation server 103, respectively.
In practical applications, the number of business side devices 101, edge computing devices 102, and remote attestation servers 103 in the edge processing system may be multiple. For ease of illustration, the present application is described with respect to business side device 101, edge computing device 102, and remote attestation server 103 as one example.
The service side device 101 may be a device for managing the services of product quality detection, traffic violation identification or automatic driving, etc. The service side device 101 may send the image waiting processing information related to the services to the edge computing device 102 to obtain an information processing result of the edge computing device 102 on the waiting processing information, so as to implement services such as product quality detection, traffic violation identification or automatic driving.
Alternatively, the service-side device 101 may be a terminal or a server.
The edge computing device 102 is an edge infrastructure attributed to an operator, may be used to provide virtual resources or physical host resources, may have confidential computing capabilities based on a hardware TEE, and is capable of supporting deployment of artificial intelligence models in TEE instances. The hardware TEE may be implemented based on a CPU and GPU.
Alternatively, the edge computing device 102 may be a physical device (e.g., a server) or may be a virtual device deployed on a physical device.
The remote certification server 103 is used to provide a remote certification service. The remote attestation service is used to verify whether the trusted execution environment provided by the MEC operator is authentic. Optionally, the remote attestation service may be a remote attestation verification service provided by a CPU or GPU vendor for the TEE instance, or may be a data center local remote attestation verification service agent provided by an infrastructure provider, or may be a local remote attestation verification service agent provided by an MEC operator.
Alternatively, the server to which the present application relates may be a single server, or may be a server cluster made up of a plurality of servers. In some implementations, the server cluster may also be a distributed cluster. The embodiment of the present application is not limited in any way.
The terminal to which the present application relates may be a User Equipment (UE), an access terminal, a terminal unit, a user terminal terminal equipment, TE), a mobile device, a wireless communication device, a terminal agent, a tablet (pad), a handheld device with wireless communication function, a computing device or other processing device connected to a wireless modem, a wearable device, or a terminal apparatus, other processing device connected to a wireless modem in a 5G network or a public land mobile network (public land mobile network, PLMN) that evolves after 5G. And, the terminal may be mobile or fixed. The embodiments of the present application are not limited in this regard.
Fig. 2 is a schematic hardware structure diagram of a service side device according to an embodiment of the present application. The service side device comprises a processor 21, a memory 22, a communication interface 23, a bus 24. The processor 21, the memory 22 and the communication interface 23 may be connected by a bus 24.
The processor 21 is a control center of the service side device, and may be one processor or a collective name of a plurality of processing elements. For example, the processor 21 may be a CPU, or may be another general-purpose processor. Wherein the general purpose processor may be a microprocessor or any conventional processor or the like.
As one example, processor 21 may include one or more CPUs, such as CPU0 and CPU1 shown in fig. 2.
Memory 22 may be, but is not limited to, a read-only memory (ROM) or other type of static storage device that can store static information and instructions, a random access memory (random access memory, RAM) or other type of dynamic storage device that can store information and instructions, or an electrically erasable programmable read-only memory (EEPROM), magnetic disk storage or other magnetic storage device, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer.
In a possible implementation, the memory 22 may exist separately from the processor 21, and the memory 22 may be connected to the processor 21 by a bus 24 for storing instructions or program code. The processor 21, when calling and executing instructions or program code stored in the memory 22, is capable of implementing the edge processing method provided in the following embodiments of the present application.
In another possible implementation, the memory 22 may also be integrated with the processor 21.
A communication interface 23 for connecting the service side device with other devices via a communication network, which may be an ethernet, a radio access network, a wireless local area network (wireless local area networks, WLAN), etc. The communication interface 23 may include a receiving unit for receiving data, and a transmitting unit for transmitting data.
Bus 24 may be an industry standard architecture (industry standard architecture, ISA) bus, an external device interconnect (PERIPHERAL COMPONENT INTERCONNECT, PCI) bus, or an extended industry standard architecture (extended industry standard architecture, EISA) bus, among others. The bus may be classified as an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in fig. 2, but not only one bus or one type of bus.
It should be noted that the structure shown in fig. 2 does not constitute a limitation of the service side device, and the service side device may include more or less components than shown in fig. 2, or may combine some components, or may be arranged in different components.
Fig. 3 is a schematic flow chart of an edge processing method according to an embodiment of the present application. The edge processing method can be applied to the service side device shown in fig. 1 or fig. 2. The edge processing method comprises S301-S304.
S301, the business side equipment sends a service request to the edge computing equipment.
Wherein the service request is for requesting an information processing service of the artificial intelligence model on the edge computing device. The service request may include identification information for identifying the artificial intelligence model.
Alternatively, the artificial intelligence model may be a pre-trained machine learning model for processing data of the type video data, image data, audio data, or text data, or a non-machine learning model.
Alternatively, the information processing service may be a service for identifying workshop product image data, a service for identifying traffic intersection image data, or the like. The embodiments of the present application are not limited in this regard.
The service side device may send a service request to the edge computing device if the information to be processed needs to be processed. Accordingly, the edge computing device may receive a service request from the business side device and read attestation information of the trusted execution environment instance with the artificial intelligence model deployed. Further, the edge computing device may send the read attestation information to the business side device to facilitate the business side device to verify whether the deployment environment of the artificial intelligence model is trusted, thereby improving the security of the information processed by the artificial intelligence model.
It should be noted that the artificial intelligence model determines, for the operator device, that the remote attestation server is deployed on the edge computing device when the remote attestation server verifies that the remote attestation information is passed.
The operator device comprises an operation support system (operation support systems, OSS), a multi-access edge computing orchestrator (i.e., MEO), a plurality of mobile edge platform managers (ME platform manager, MEPM), and a virtualization infrastructure management module, in addition to the edge computing device.
The operation support system is configured to send a second model instantiation request to the multi-access edge computation orchestrator in response to the first model instantiation request from the server device.
The multi-access edge computing orchestrator is used for responding to the second model instantiation request, determining edge computing devices meeting preset conditions, and sending a third model instantiation request to a target mobile edge platform manager corresponding to the edge computing devices in the plurality of mobile edge platform managers. The preset conditions comprise the instantiation resources corresponding to the artificial intelligent model and the trusted execution environment capability.
The target mobile edge platform manager is to send a fourth model instantiation request to the virtualized infrastructure management module in response to the third model instantiation request.
The virtualization infrastructure management module is to determine, in response to the fourth model instantiation request, an instantiation resource of the artificial intelligence model on the edge computing device and remote attestation information of the trusted execution environment instance corresponding to the instantiation resource, and to send a second attestation request to the remote attestation server. The second attestation request is for requesting verification of whether the trusted execution environment instance is trusted. Instantiation resources include computing resources, storage resources, network resources, trusted execution environment resources.
The virtualization infrastructure management module is further for instantiating the artificial intelligence model in the trusted execution environment instance based on the mirrored information of the artificial intelligence model upon receipt of the second pass response from the remote attestation server.
Or further, the operator equipment may also include a Mobile Edge Platform (MEP). The mobile edge platform manager is further to send a service configuration request to the edge computing platform. The edge computing platform is used for responding to the service configuration request, acquiring remote attestation information and sending a third attestation request to the remote attestation server. The third attestation request is used to verify whether the trusted execution environment instance is trusted. The edge computing platform is further configured to determine configuration information for the artificial intelligence model upon receiving a third pass response from the remote attestation server. The configuration information comprises domain name system rule information, service discovery configuration information, stream rule information and trusted execution environment remote verification configuration information.
Or further, the edge computing platform is also configured to send a service configuration response to the target mobile edge platform manager. The target mobile edge platform manager is further configured to send a first model instantiation response to the multi-access edge computing orchestrator. The multi-access edge computation orchestrator is further configured to send a second model instantiation response to the server device through the operations support system.
It should be understood that the edge computing device, the operation support system, the multi-access edge computing orchestrator, the mobile edge platform manager, the virtualized infrastructure management module, and the mobile edge platform included in the operator device may be deployed on the same physical device, or may be deployed on different physical devices, which is not limited by the embodiment of the present application.
FIG. 4 is a flowchart of an artificial intelligence model deployment according to an embodiment of the present application. FIG. 4 illustrates a process for pre-deploying an artificial intelligence model on an edge computing device, comprising S1-S10.
S1, the service side equipment sends a first model instantiation request to an operation support system.
The first model instantiation request is for requesting that one virtual container or VM be instantiated on the edge computing device and that an application of the artificial intelligence model be instantiated in the one virtual container or VM.
S2, the operation support system sends a second model instantiation request to the multi-access edge calculation orchestrator.
S3, the multi-access edge calculation orchestrator processes the second model instantiation request and sends a third model instantiation request to the target mobile edge platform manager.
The preset conditions comprise instantiation resources corresponding to the artificial intelligent model and trusted execution environment capability.
The multi-access edge computing orchestrator may determine an edge computing device that meets the preset conditions and a target mobile edge platform manager of the plurality of mobile edge platform managers that corresponds to the edge computing device in response to the second model instantiation request. Specifically, the multi-access edge computing orchestrator may identify the configuration of the application packages of the artificial intelligence model, and select edge computing devices and associated MEPMs that meet preset conditions based on the resource requirements and TEE capability requirements in their description files.
And S4, the target mobile edge platform manager sends a fourth model instantiation request to the virtualized infrastructure management module.
The virtualized infrastructure management module is to manage TEE-capable edge computing devices.
The fourth model instantiation request is for requesting allocation of instantiation resources, and instantiating the artificial intelligence model may carry mirrored information (e.g., mirrored addresses) of the artificial intelligence model application.
S5, the virtualized infrastructure management module determines an instantiation resource of the artificial intelligent model on the edge computing device and remote proving information of the trusted execution environment instance corresponding to the instantiation resource, and sends a second proving request to the remote proving server.
Wherein the second attestation request is for requesting verification of whether the trusted execution environment instance is trusted. Instantiation resources include computing resources, storage resources, network resources, trusted execution environment resources.
And S6, under the condition that a second pass response from the remote proving server is received, the virtualization infrastructure management module instantiates the artificial intelligent model in the trusted execution environment instance based on the mirror image information of the artificial intelligent model, and sends the instantiated response to the target mobile edge platform manager.
The virtualization infrastructure management module can allocate respective resources on the edge computing device to create a container or VM instance. And, the virtualization infrastructure management module can obtain remote attestation information from the TEE instance environment distributed on the edge computing device, initiate remote attestation verification to the remote attestation service. If the remote attestation verification passes, the virtualization infrastructure management module can download the artificial intelligence model software image and instantiate the artificial intelligence model in the container or VM.
And S7, the mobile edge platform manager sends a service configuration request to the edge computing platform.
S8, the edge computing platform acquires remote proving information from the edge computing device and sends a third proving request to the remote proving server.
Wherein the third attestation request is used to verify whether the trusted execution environment instance is trusted.
And S9, under the condition that a third pass response from the remote proving server is received, the edge computing platform determines the configuration information of the artificial intelligent model and sends a service configuration response to the target mobile edge platform manager.
The configuration information comprises domain name system rule information, service discovery configuration information, stream rule information and trusted execution environment remote verification configuration information.
S10, the target mobile edge platform manager sends a model instantiation response to the server device through the multi-access edge calculation orchestrator and the operation support system.
Based on the flow, the application can realize the trusted deployment of the artificial intelligent model in the edge computing equipment through the interaction between the operator equipment and the remote proving server, and can effectively determine the trusted deployment environment. As such, the artificial intelligence model can be instantiated in the trusted execution environment instance of the edge computing device to effectively protect the server's artificial intelligence model application.
S302, the service side equipment receives remote proving information from the edge computing equipment.
The remote attestation information is attestation information of a trusted execution environment instance which is registered in the remote attestation server in advance and is provided with an artificial intelligent model.
The remote attestation information comprises an identifier of a trusted execution environment instance deployed by the artificial intelligent model, an opening certificate of the trusted execution environment instance, a private key signature corresponding to the opening certificate, a version number of trusted execution environment software, a processor identifier and trusted computing base information. The processor identification may be a CPU identification or a GPU identification.
S303, the service side equipment sends a first proving request to a remote proving server.
Wherein the first attestation request includes remote attestation information of the trusted execution environment instance for requesting verification of the remote attestation information to determine whether the trusted execution environment instance is trusted.
And S304, the service side equipment sends an information processing request carrying information to be processed to the edge computing equipment under the condition of receiving a first passing response from the remote proving server.
The information processing request is used for requesting an information processing result of the information to be processed by the artificial intelligent model.
The first pass response may be used to indicate that the remote attestation information verifies that the trusted execution environment instance deploying the artificial intelligence model is trusted.
Alternatively, the information to be processed may be video data, image data, audio data, text data, or the like.
If a first pass response from the remote attestation server is received, the information can be indicated to have higher security in the processing process of the artificial intelligence model. The business side device may send an information processing request carrying the information to be processed to the edge computing device. And the edge computing equipment can process the information to be processed through the artificial intelligent model to obtain an information processing result, and returns the information processing result to the service side equipment.
Based on the above embodiments, the application can realize the trusted verification of the artificial intelligent model operating environment through the interaction between the service side device, the edge computing device and the remote proving server respectively, so as to safely realize the service information processing process with low time delay and avoid the risk of service information leakage.
In a possible embodiment, as shown in fig. 5, a flow chart of another edge processing method according to an embodiment of the present application is shown. Referring to fig. 3, when the service side device sends an information processing request carrying information to be processed to the edge computing device in the above step S304, an embodiment of the present application provides an alternative implementation manner, including steps S3041-S3042.
S3041, the service side equipment establishes a transmission layer security protocol connection with the edge computing equipment based on an opening certificate of the trusted execution environment instance.
That is, the business side device establishes a transport layer security protocol connection with the artificial intelligence model on the edge computing device based on the provisioning credentials of the trusted execution environment instance.
S3042, the service side equipment sends information to be processed to the edge computing equipment through the transmission layer security protocol connection.
Based on this, a transport layer security protocol (transport layer security, TLS) connection may be established between the business side device and the edge computing device using the provisioning certificate of the TEE instance as a digital certificate authority (CERTIFICATE AUTHORITY, CA) certificate to enable transmission of the information to be processed.
In a possible embodiment, as shown in fig. 6, a flow chart of another edge processing method according to an embodiment of the present application is shown. With reference to fig. 3, after S304, the edge processing method provided in the embodiment of the present application further includes S305.
S305, the service side equipment receives the information processing result from the edge computing equipment.
The edge computing device can process the information to be processed based on the artificial intelligent model deployed in the trusted execution environment instance to obtain an information processing result. Furthermore, the edge computing device can send the information processing result to the business side device, so that the business side device can conveniently realize management business for workshop products or traffic intersections.
In a possible embodiment, as shown in fig. 7, a flow chart of another edge processing method according to an embodiment of the present application is shown. The edge processing method shown in fig. 7 is a remote attestation flow, and includes S401-S404.
S401, the service side equipment acquires remote attestation information from the edge computing equipment.
S402, the business side equipment sends a remote proving request to a remote proving server.
S403, the remote certification server verifies whether the remote certification information is correct.
S404, the remote attestation server sends a remote attestation response to the service party equipment.
Based on this, the business side device may obtain remote attestation information from the edge computing device and generate a remote attestation report. In turn, the business side device sends a remote attestation request (e.g., a first attestation request) carrying a remote attestation report to a remote attestation server. The remote attestation server may verify whether the remote attestation information is correct based on the locally stored pre-registered information of the TEE instance to determine whether the current TEE instance environment is trusted, and further return a remote attestation response to the business side device to indicate whether the current TEE instance environment is trusted. If the remote attestation response indicates that the current TEE instance environment is not trusted, the business side device may terminate interaction with the application (e.g., artificial intelligence model) in the TEE instance. If the remote attestation response indicates that the current TEE instance environment is trusted (e.g., a first pass response), the business side device may send information to be inferred to an application in the TEE instance (e.g., an artificial intelligence model) to implement the related business.
Before sending the information to be processed to the edge computing device, the service side device can acquire remote proving information of a trusted execution environment instance for deploying the artificial intelligent model from the edge computing device, and verify the remote proving information through interaction with a remote proving server, so that edge trusted verification of the artificial intelligent model is realized. Furthermore, the service side device can send the information to be processed to the edge computing device for processing under the condition that the remote certification information passes the verification, so that the service information processing process is safely realized with low time delay, and the risk of service data leakage is avoided.
Also, confidential calculations based on hardware TEE are considered to be useful to implement a scalable solution where data availability is not available. The AI model is deployed in the edge computing infrastructure TEE example, the sensitive data is input into the TEE in a ciphertext form to complete AI reasoning, and the reasoning result is output, so that the artificial intelligent model application program is effectively protected.
Thus, the edge reasoning based on confidential calculation can protect the privacy of service information on one hand and can protect the artificial intelligent model application program on the other hand, wherein the artificial intelligent model application program cannot be acquired or changed by the tenant, the system administrator and the infrastructure provider of the edge computing equipment.
The foregoing description of the solution provided by the embodiments of the present application has been mainly presented in terms of a method. To achieve the above functions, it includes corresponding hardware structures and/or software modules that perform the respective functions. Those of skill in the art will readily appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as hardware or combinations of hardware and computer software. Whether a function is implemented as hardware or computer software driven hardware depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The embodiment of the application can divide the functional modules of the service side equipment according to the method example, for example, each functional module can be divided corresponding to each function, and two or more functions can be integrated in one processing module. The integrated modules may be implemented in hardware or in software functional modules. Optionally, the division of the modules in the embodiment of the present application is schematic, which is merely a logic function division, and other division manners may be actually implemented.
Fig. 8 is a schematic structural diagram of an edge processing apparatus according to an embodiment of the present application. The edge processing device can be applied to business side equipment and comprises a sending module 501 and a receiving module 502. A sending module 501, configured to send a service request to an edge computing device. The service request is for requesting an information processing service of the artificial intelligence model on the edge computing device. A receiving module 502 is configured to receive remote attestation information from an edge computing device. The remote attestation information is attestation information of trusted execution environment instances deployed with artificial intelligence models registered in advance in a remote attestation server. The sending module 501 is further configured to send a first attestation request to a remote attestation server. The first attestation request is for requesting verification of remote attestation information. The sending module 501 is further configured to send, to the edge computing device, an information processing request carrying information to be processed, in a case where the receiving module 502 receives the first pass response from the remote attestation server. The information processing request is used for requesting an information processing result of the information to be processed by the artificial intelligence model.
Optionally, the remote attestation information includes an identifier of a trusted execution environment instance deployed by the artificial intelligent model, an opening certificate of the trusted execution environment instance, a private key signature corresponding to the opening certificate, a trusted execution environment software version number, a processor identifier and trusted computing base information.
Optionally, a sending module 501 is specifically configured to establish a transport layer security protocol connection with the edge computing device based on the provisioning certificate of the trusted execution environment instance. And sending the information to be processed to the edge computing equipment through the transmission layer security protocol connection.
Optionally, the receiving module 502 is further configured to receive an information processing result from the edge computing device.
Optionally, the artificial intelligence model determines for the operator device that the remote attestation server is deployed on the edge computing device when the remote attestation information is verified. The operator device comprises an operation support system, a multi-access edge computing orchestrator, a plurality of mobile edge platform managers, and a virtualized infrastructure management module. The operation support system is configured to send a second model instantiation request to the multi-access edge computation orchestrator in response to the first model instantiation request from the server device. The multi-access edge computing orchestrator is used for responding to the second model instantiation request, determining edge computing devices meeting preset conditions, and sending a third model instantiation request to a target mobile edge platform manager corresponding to the edge computing devices in the plurality of mobile edge platform managers. The preset conditions comprise the instantiation resources corresponding to the artificial intelligent model and the trusted execution environment capability. The target mobile edge platform manager is to send a fourth model instantiation request to the virtualized infrastructure management module in response to the third model instantiation request. The virtualization infrastructure management module is to determine, in response to the fourth model instantiation request, an instantiation resource of the artificial intelligence model on the edge computing device and remote attestation information of the trusted execution environment instance corresponding to the instantiation resource, and to send a second attestation request to the remote attestation server. The second attestation request is for requesting verification of whether the trusted execution environment instance is trusted. Instantiation resources include computing resources, storage resources, network resources, trusted execution environment resources. The virtualization infrastructure management module is further for instantiating the artificial intelligence model in the trusted execution environment instance based on the mirrored information of the artificial intelligence model upon receipt of the second pass response from the remote attestation server.
Optionally, the operator device further comprises a mobile edge platform. The mobile edge platform manager is further to send a service configuration request to the edge computing platform. The edge computing platform is used for responding to the service configuration request, acquiring remote attestation information and sending a third attestation request to the remote attestation server. The third attestation request is used to verify whether the trusted execution environment instance is trusted. The edge computing platform is further configured to determine configuration information for the artificial intelligence model upon receiving a third pass response from the remote attestation server. The configuration information comprises domain name system rule information, service discovery configuration information, stream rule information and trusted execution environment remote verification configuration information.
Optionally, the edge computing platform is further configured to send a service configuration response to the target mobile edge platform manager. The target mobile edge platform manager is further configured to send a first model instantiation response to the multi-access edge computing orchestrator. The multi-access edge computation orchestrator is further configured to send a second model instantiation response to the server device through the operations support system.
Those skilled in the art will appreciate that in one or more of the examples described above, the functions described in the present application may be implemented in hardware, software, firmware, or any combination thereof. When implemented in software, these functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium. Computer-readable media includes both computer-readable storage media and communication media including any medium that facilitates transfer of a computer program from one place to another. A storage media may be any available media that can be accessed by a general purpose or special purpose computer.
From the foregoing description of the embodiments, it will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-described division of functional modules is illustrated, and in practical application, the above-described functional allocation may be implemented by different functional modules according to needs, i.e. the internal structure of the apparatus is divided into different functional modules to implement all or part of the functions described above.
In the several embodiments provided by the present application, it should be understood that the disclosed apparatus and method may be implemented in other manners. For example, the above-described embodiments of the apparatus are merely illustrative, and the modules or units may be divided into only one type of logic function, and there may be other manners of dividing the modules or units when actually implemented. For example, multiple units or components may be combined or may be integrated into another device, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form. The units described as separate parts may or may not be physically separate, and the parts shown as units may be one physical unit or a plurality of physical units, may be located in one place, or may be distributed in a plurality of different places. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
The foregoing is merely illustrative of the present application, and the present application is not limited thereto, and any changes or substitutions easily contemplated by those skilled in the art within the scope of the present application should be included in the present application. Therefore, the protection scope of the application is subject to the protection scope of the claims.
Claims (10)
1. An edge processing method, applied to a service side device, comprising:
The method comprises the steps of sending a service request to edge computing equipment, wherein the service request is used for requesting information processing service of an artificial intelligent model on the edge computing equipment;
the remote attestation information is attestation information of a trusted execution environment instance which is registered in a remote attestation server in advance and is provided with the artificial intelligent model;
The method comprises the steps of sending a first certification request to the remote certification server, wherein the first certification request is used for requesting to verify the remote certification information;
And under the condition that a first passing response from the remote proving server is received, sending an information processing request carrying information to be processed to the edge computing equipment, wherein the information processing request is used for requesting an information processing result of the artificial intelligent model on the information to be processed.
2. The edge processing method according to claim 1, wherein the remote attestation information includes an identification of a trusted execution environment instance deployed by the artificial intelligence model, an opening certificate of the trusted execution environment instance, a private key signature corresponding to the opening certificate, a trusted execution environment software version number, a processor identification, and trusted computing base information.
3. The edge processing method according to claim 2, wherein the sending an information processing request carrying information to be processed to the edge computing device includes:
establishing a transport layer security protocol connection with the edge computing device based on an provisioning certificate of the trusted execution environment instance;
And sending the information to be processed to the edge computing equipment through the transmission layer security protocol connection.
4. The edge processing method according to claim 1, wherein after the sending of the information processing request carrying the information to be processed to the edge computing device, the method further comprises:
and receiving the information processing result from the edge computing device.
5. The edge processing method of claim 1, wherein the artificial intelligence model determines for an operator device that the remote attestation server is deployed on the edge computing device when the remote attestation information is verified; the operator equipment comprises an operation support system, a multi-access edge calculation orchestrator, a plurality of mobile edge platform managers and a virtualization infrastructure management module;
The operation support system is used for responding to a first model instantiation request from the server device and sending a second model instantiation request to the multi-access edge computation orchestrator;
The multi-access edge computing orchestrator is used for responding to the second model instantiation request, determining the edge computing device meeting preset conditions, and sending a third model instantiation request to a target mobile edge platform manager corresponding to the edge computing device in the plurality of mobile edge platform managers, wherein the preset conditions comprise having instantiation resources corresponding to the artificial intelligent model and having trusted execution environment capacity;
the target mobile edge platform manager is used for responding to the third model instantiation request and sending a fourth model instantiation request to the virtualized infrastructure management module;
The virtualization infrastructure management module is used for responding to the fourth model instantiation request, determining instantiation resources of the artificial intelligent model on the edge computing device and remote attestation information of a trusted execution environment instance corresponding to the instantiation resources, and sending a second attestation request to a remote attestation server, wherein the second attestation request is used for requesting to verify whether the trusted execution environment instance is trusted or not;
the virtualization infrastructure management module is further for instantiating the artificial intelligence model in the trusted execution environment instance based on the mirrored information of the artificial intelligence model upon receipt of a second pass response from the remote attestation server.
6. The edge processing method of claim 5, wherein the carrier device further comprises a mobile edge platform;
the mobile edge platform manager is further configured to send a service configuration request to the edge computing platform;
the edge computing platform is used for responding to the service configuration request, acquiring the remote certification information and sending a third certification request to a remote certification server, wherein the third certification request is used for verifying whether the trusted execution environment instance is trusted or not;
The edge computing platform is further used for determining configuration information of the artificial intelligent model under the condition that a third pass response from the remote proving server is received, wherein the configuration information comprises domain name system rule information, service discovery configuration information, flow rule information and trusted execution environment remote verification configuration information.
7. The edge processing method of claim 6 wherein the edge computing platform is further configured to send a service configuration response to the target mobile edge platform manager;
the target mobile edge platform manager is further configured to send a first model instantiation response to the multi-access edge computing orchestrator;
The multi-access edge computation orchestrator is further configured to send a second model instantiation response to the server device through the operations support system.
8. The edge processing device is characterized by being applied to business side equipment and comprising a sending module and a receiving module;
the system comprises a sending module, a service request and an information processing module, wherein the sending module is used for sending a service request to edge computing equipment, and the service request is used for requesting information processing service of an artificial intelligent model on the edge computing equipment;
The remote attestation information is attestation information of a trusted execution environment instance, which is registered in a remote attestation server in advance and provided with the artificial intelligent model, and is used for receiving the remote attestation information from the edge computing equipment;
the sending module is further used for sending a first certification request to the remote certification server, wherein the first certification request is used for requesting to verify the remote certification information;
The sending module is further configured to send an information processing request carrying information to be processed to the edge computing device when the receiving module receives a first passing response from the remote attestation server, where the information processing request is used to request an information processing result of the artificial intelligent model on the information to be processed.
9. A computer device comprising a memory for storing computer-executable instructions and a processor connected to the memory via a bus, the processor executing the computer-executable instructions stored in the memory when the computer device is in operation to cause the computer device to perform the edge processing method according to any one of claims 1 to 7.
10. A computer readable storage medium comprising computer executable instructions which, when run on a computer device, cause the computer device to perform the edge processing method of any of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202411645289.2A CN119520316A (en) | 2024-11-15 | 2024-11-15 | Edge processing method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202411645289.2A CN119520316A (en) | 2024-11-15 | 2024-11-15 | Edge processing method, device, equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN119520316A true CN119520316A (en) | 2025-02-25 |
Family
ID=94668082
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202411645289.2A Pending CN119520316A (en) | 2024-11-15 | 2024-11-15 | Edge processing method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN119520316A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN120354404A (en) * | 2025-06-19 | 2025-07-22 | 北京火山引擎科技有限公司 | Security verification method, medium, equipment and product of large model service operation environment |
| CN120512305A (en) * | 2025-07-17 | 2025-08-19 | 北京火山引擎科技有限公司 | Security verification methods, media, equipment and products for distributed large model services |
-
2024
- 2024-11-15 CN CN202411645289.2A patent/CN119520316A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN120354404A (en) * | 2025-06-19 | 2025-07-22 | 北京火山引擎科技有限公司 | Security verification method, medium, equipment and product of large model service operation environment |
| CN120512305A (en) * | 2025-07-17 | 2025-08-19 | 北京火山引擎科技有限公司 | Security verification methods, media, equipment and products for distributed large model services |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP7612419B2 (en) | Multi-entity Resource, Security, and Service Management in Edge Computing Deployments | |
| US12149519B2 (en) | MEC platform deployment method and apparatus | |
| US10884814B2 (en) | Mobile edge-cloud security infrastructure | |
| US20210099516A1 (en) | Technologies for transparent function as a service arbitration for edge systems | |
| CA2943250C (en) | Method and system for ensuring an application conforms with security and regulatory controls prior to deployment | |
| US20180367997A1 (en) | 5g dynamic slice and network identity instantiation, termination, and access management system and method | |
| US11082413B2 (en) | Secure network connections | |
| CN119520316A (en) | Edge processing method, device, equipment and storage medium | |
| CN111543029A (en) | Distributed autonomous identity for network function virtualization | |
| US9753786B2 (en) | Client server communication system | |
| WO2017148249A1 (en) | Resource configuration method and network device thereof | |
| US9729465B2 (en) | Policy based application elasticity across heterogeneous computing infrastructure | |
| CN106134141A (en) | A kind of method and device updating network service describer NSD | |
| WO2020098663A1 (en) | Method and device for internet of vehicles message notification | |
| KR20220088306A (en) | Automatic escalation of trust credentials | |
| US20230188341A1 (en) | Cryptographic operations in edge computing networks | |
| US12341776B2 (en) | Service to service communication and authentication via a central network mesh | |
| US20230106581A1 (en) | Confidential computing environment including devices connected to a network interface device | |
| US20130007094A1 (en) | Client server communication system | |
| CN119885157A (en) | Model training method, device and storage medium | |
| US12229580B2 (en) | Deploying virtual machines to a virtualization management environment using an agent to obtain remote virtual machine templates | |
| US11368459B2 (en) | Providing isolated containers for user request processing | |
| JP2023551837A (en) | Authenticity evaluation of request source based on communication request | |
| CN117121006A (en) | Attestation-as-service for confidential computation | |
| CN105103523B (en) | The transmission of high efficiency socket |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |