[go: up one dir, main page]

TW202403564A - Artificial intelligence apparatus - Google Patents

Artificial intelligence apparatus Download PDF

Info

Publication number
TW202403564A
TW202403564A TW112122173A TW112122173A TW202403564A TW 202403564 A TW202403564 A TW 202403564A TW 112122173 A TW112122173 A TW 112122173A TW 112122173 A TW112122173 A TW 112122173A TW 202403564 A TW202403564 A TW 202403564A
Authority
TW
Taiwan
Prior art keywords
secure
artificial intelligence
processor
security
intelligence device
Prior art date
Application number
TW112122173A
Other languages
Chinese (zh)
Other versions
TWI892155B (en
Inventor
蕭志祥
許嘉鋒
王澤宇
蘇軾詠
Original Assignee
聯發科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US18/332,346 external-priority patent/US20240411862A1/en
Application filed by 聯發科技股份有限公司 filed Critical 聯發科技股份有限公司
Publication of TW202403564A publication Critical patent/TW202403564A/en
Application granted granted Critical
Publication of TWI892155B publication Critical patent/TWI892155B/en

Links

Images

Landscapes

  • Storage Device Security (AREA)
  • Stored Programmes (AREA)

Abstract

Aspects of the present disclosure provide an apparatus that can execute an artificial intelligence (AI) model with IO changing. For example, the apparatus can include a first secured processor, a secured application embedded in the first secured processor and associated with an AI model, a secured memory configured to store an AI executable binary associated with the AI model, a second secured processor configured to execute the AI executable binary, a sub-system configured to trigger IO changing and trigger the second secured processor to execute the AI executable binary, IO meta data stored in the secured memory, an IO verifier configured to verify IO changing by determining the IO meta data, and an IO pre-fire module configured to patch the IO changing to the AI executable binary running on the second secured processor when the IO verifier determines that the IO changing matches the IO meta data.

Description

人工智慧裝置artificial intelligence device

本發明關於神經網路(neural network,簡稱 NN),並且更具體地,關於始終線上(always-on)的人工智慧(artificial intelligence,簡稱AI)安全。The present invention relates to neural networks (NN), and more specifically, to always-on artificial intelligence (AI) security.

本文所提供的背景技術描述出於概括地呈現本發明上下文的目的。當前提及的發明人的工作(到本背景技術部分中描述該工作的程度)以及描述的各個方面(其在提交時不以其他方式作為現有技術來描述)既不明確地、也不隱含地被承認為針對本發明的現有技術。The background description provided herein is for the purpose of generally presenting the context of the disclosure. The presently mentioned work of the inventors (to the extent that the work is described in this Background section) and aspects of the description (which are not otherwise described as prior art at the time of filing) are neither expressly nor implicitly are admitted as prior art to the present invention.

將機器學習(Machine learning,簡稱ML)功能整合到硬體路徑是趨勢,並且需要靈活和可擴展的設計來降低深度神經網路(deep neural network,簡稱DNN)加速器實現的設計複雜性。Integrating machine learning (ML) functions into hardware paths is a trend, and flexible and scalable designs are needed to reduce the design complexity of deep neural network (DNN) accelerator implementation.

本發明的各方面提供了一種可以在輸入/輸出(Input/Output,簡稱IO)變化的情況下執行人工智慧(AI)模型的裝置。例如,該裝置可以包括第一安全處理器和嵌入在第一安全處理器中的安全應用程式。安全應用程式可以與人工智慧(AI)模型相關聯。該裝置還可以包括耦接到第一安全處理器的安全記憶體。安全記憶體可以被配置為儲存與AI模型相關聯的AI可執行二進位檔案(executable binary)。該裝置還可以包括耦接到安全記憶體的第二安全處理器。第二安全處理器可以被配置為執行儲存在安全記憶體中的AI可執行二進位檔案。該裝置還可以包括耦接在第一安全處理器與第二安全處理器之間的子系統。子系統可以被配置為觸發IO變化並觸發第二安全處理器以執行儲存在安全記憶體中的AI可執行二進位檔案。該裝置還可以包括儲存在安全記憶體中的IO元資料(meta data)。該裝置還可以包括耦接到子系統和安全記憶體的IO驗證器。IO驗證器可以被配置為藉由確定IO元資料來驗證IO變化。該裝置還可以包括耦接到IO驗證器的IO預發模組。IO預發模組可以被配置為:當IO驗證器確定IO變化與IO元資料相匹配時,將IO變化修補(patch)到運行於第二安全處理器上的AI可執行二進位檔案。在一個實施方式中,IO驗證器可以被嵌入到第二安全處理器中。在另一實施方式中,IO預發模組可以被嵌入到第二安全處理器中。Aspects of the present invention provide a device that can execute an artificial intelligence (AI) model when input/output (IO) changes. For example, the device may include a first secure processor and a secure application embedded in the first secure processor. Security applications can be associated with artificial intelligence (AI) models. The apparatus may also include secure memory coupled to the first secure processor. The secure memory may be configured to store an AI executable binary associated with the AI model. The apparatus may also include a second secure processor coupled to the secure memory. The second secure processor may be configured to execute the AI executable binary file stored in the secure memory. The apparatus may also include a subsystem coupled between the first security processor and the second security processor. The subsystem may be configured to trigger IO changes and trigger the second secure processor to execute the AI executable binary stored in secure memory. The device may also include IO metadata stored in secure memory. The device may also include an IO validator coupled to the subsystem and the secure memory. The IO validator can be configured to verify IO changes by determining IO metadata. The device may also include an IO pre-release module coupled to the IO verifier. The IO pre-issue module can be configured to patch the IO changes to the AI executable binary file running on the second security processor when the IO validator determines that the IO changes match the IO metadata. In one embodiment, the IO validator may be embedded in the second security processor. In another implementation, the IO pre-issuance module may be embedded in the second security processor.

在一個實施方式中,IO元資料可以包括IO位址範圍,IO變化可以包括IO位址,IO驗證器可以驗證IO位址是否在IO位址範圍內,並且當IO驗證器確定IO位址在IO位址範圍內時,IO預發模組可以將IO位址修補到運行於第二安全處理器上的AI可執行二進位檔案。在另一實施方式中,IO元資料可以包括複數個不同的解析度(resolution),IO變化可以包括解析度變化,IO驗證器可以驗證解析度變化是否與IO元資料中指定的不同解析度中的任何一個解析度相匹配,並且當IO驗證器確定解析度變化與不同解析度中的一個解析度匹配時,IO預發模組可以將解析度變化修補到運行於第二安全處理器上的AI可執行二進位檔案。In one embodiment, the IO metadata may include an IO address range, the IO changes may include the IO address, the IO validator may verify whether the IO address is within the IO address range, and when the IO validator determines that the IO address is within When the IO address is within the range, the IO pre-issue module can patch the IO address to the AI executable binary file running on the second security processor. In another embodiment, the IO metadata may include a plurality of different resolutions, the IO changes may include resolution changes, and the IO validator may verify whether the resolution changes are consistent with the different resolutions specified in the IO metadata. matches any resolution of AI executable binary file.

在一個實施方式中,該裝置還可以包括嵌入在第一安全處理器中的安全作業系統(operating system,簡稱OS),該安全OS被配置為提供可信執行環境(trusted execution environment,簡稱TEE),在該可信執行環境中,安全應用程式受到保護。在另一實施方式中,安全記憶體和第二安全處理器可以由第一防火牆保護。在一些實施方式中,子系統可以由不同於第一防火牆的第二防火牆保護。在各種實施方式中,第一防火牆可以提供比第二防火牆更高的安全級別。In one embodiment, the device may further include a secure operating system (OS) embedded in the first secure processor, the secure OS being configured to provide a trusted execution environment (TEE) , in this trusted execution environment, secure applications are protected. In another embodiment, the secure memory and the second secure processor may be protected by the first firewall. In some implementations, a subsystem may be protected by a second firewall that is different from the first firewall. In various implementations, the first firewall may provide a higher level of security than the second firewall.

在一個實施方式中,該裝置還可以包括耦接到安全記憶體的圖像訊號處理器(image signal processor,簡稱ISP)。ISP可以被配置為處理圖像並將所處理的圖像儲存到安全記憶體中。在另一實施方式中,該裝置還可以包括面部生物特徵模式(facial biometric pattern),該面部生物特徵模式在TEE內是安全的。在一些實施方式中,第二安全處理器可以執行AI可執行二進位檔案,以確定所處理的圖像中的任何一個圖像是否與面部生物特徵模式相匹配。In one embodiment, the device may further include an image signal processor (ISP) coupled to the secure memory. The ISP can be configured to process images and store the processed images in secure memory. In another embodiment, the device may also include a facial biometric pattern that is secure within the TEE. In some implementations, the second security processor may execute an AI executable binary profile to determine whether any of the processed images match the facial biometric pattern.

在一個實施方式中,第一安全處理器可以包括安全中央處理單元(central processing unit,簡稱CPU)。在另一實施方式中,第二安全處理器可以包括安全深度學習加速器(deep learning accelerator,簡稱DLA)。在一些實施方式中,DLA可以包括加速處理單元(accelerated processing unit,簡稱APU)。In one embodiment, the first security processor may include a security central processing unit (CPU for short). In another implementation, the second secure processor may include a secure deep learning accelerator (DLA for short). In some embodiments, the DLA may include an accelerated processing unit (APU).

注意,本發明內容部分並沒有指定本發明或要求保護的發明的每個實施方式和/或遞增的新穎方面。相反,本發明內容僅提供了與常規技術相比的不同實施方式和對應新穎點的初步討論。對於本發明和實施方式的附加細節和/或可能的視角,請讀者參考本發明的具體實施方式部分和對應的圖式,如下面進一步討論的。Note that this summary does not identify every embodiment and/or incrementally novel aspect of the invention or claimed invention. Rather, this summary provides only a preliminary discussion of various embodiments and corresponding novelties compared to conventional techniques. For additional details and/or possible perspectives of the invention and embodiments, the reader is referred to the Detailed Description of the Invention and the corresponding drawings, as discussed further below.

提出環境智慧(AmI)(例如,環境感測),旨在增強環境和人彼此互動的方式。具體來說,AmI表示將不要求明確的輸入和輸出設備的智慧計算;相反,可以將各種感測器(例如,加速度計、全球定位系統(global positioning system,簡稱GPS)、麥克風、攝影機等)和處理器嵌入到日常電子設備(例如,行動電話)中,以使用人工智慧(AI)技術收集和處理上下文資訊,例如以便解釋環境狀態和使用者需求。Ambient intelligence (AmI) (e.g., environmental sensing) is proposed to enhance the way the environment and people interact with each other. Specifically, AmI stated that smart computing will not require explicit input and output devices; instead, various sensors (such as accelerometers, global positioning systems (GPS), microphones, cameras, etc.) can be and processors embedded in everyday electronic devices (e.g., mobile phones) to use artificial intelligence (AI) technology to collect and process contextual information, for example, to interpret environmental status and user needs.

例如,谷歌(Google)推出的“個人安全”應用程式具有如下功能,亦即,可以感測個體是否已發生車禍,如果已發生車禍,則可以代表該個體撥打緊急電話。作為另一示例,安裝在攝影機中的AI和機器學習(ML)演算法(或模型)能夠例如藉由確定攝影機捕獲的圖像是否與所有者面部的面部生物特徵模式相匹配來識別其所有者的面部。For example, the "Personal Safety" application launched by Google has the following functions, that is, it can sense whether an individual has been involved in a car accident, and if so, it can make an emergency call on behalf of the individual. As another example, AI and machine learning (ML) algorithms (or models) installed in a camera can identify its owner, such as by determining whether the image captured by the camera matches a facial biometric pattern of the owner's face. face.

為了使車禍感測功能真正發揮作用,行動電話需要能夠隨時檢測車禍。例如,可以藉由連續輪詢加速度計和麥克風、然後處理由此收集的資料(例如,藉由執行始終線上的人工智慧(AI))來確定是否發生車禍。然而,持續始終線上的感測任務消耗了行動電話大量寶貴的電力資源。For crash sensing to be truly effective, mobile phones need to be able to detect crashes at any time. For example, one could determine whether a car accident has occurred by continuously polling accelerometers and microphones and then processing the data thus collected (e.g., by executing artificial intelligence (AI) that is always online). However, the continuous online sensing tasks consume a lot of valuable power resources of mobile phones.

感測器集線器(或上下文集線器)是一種低功率子系統(例如,處理器),其可以被設計成處理和解釋從感測器收集的資料,並喚醒主應用處理器(application processor,簡稱AP)採取行動。例如,在處理和解釋所收集到的資料並確定發生了車禍之後,感測器集線器可以喚醒AP,並且行動電話可以呼叫緊急服務。A sensor hub (or context hub) is a low-power subsystem (e.g., processor) that can be designed to process and interpret data collected from sensors and wake up the main application processor (AP) ) take action. For example, after processing and interpreting the collected data and determining that a car accident has occurred, the sensor hub can wake up the AP and the mobile phone can call emergency services.

圖1是啟用AmI的裝置100(例如,行動電話)的功能方塊圖。裝置100可以包括AP 110、耦接到AP 110的低功率子系統120(例如,感測器集線器)、耦接到感測器集線器120的訊號處理器130(例如,低功率圖像訊號處理器(low-power image signal processor,簡稱ISP))、耦接到感測器集線器120的處理器140(例如,AI加速器(諸如深度學習加速器(deep learning accelerator,簡稱DLA)、例如加速處理單元(accelerated processing unit,簡稱APU))、以及耦接到感測器集線器120、ISP 130和APU 140的記憶體150。1 is a functional block diagram of an AmI-enabled device 100 (eg, a mobile phone). Device 100 may include AP 110, a low power subsystem 120 (eg, a sensor hub) coupled to AP 110, a signal processor 130 (eg, a low power image signal processor) coupled to sensor hub 120 (low-power image signal processor, ISP for short), a processor 140 (for example, an AI accelerator (such as a deep learning accelerator (DLA for short)) coupled to the sensor hub 120, such as an accelerated processing unit (accelerated processing unit) processing unit, referred to as APU)), and the memory 150 coupled to the sensor hub 120, the ISP 130 and the APU 140.

AP 110可以啟用環境感測功能,例如,始終線上的視覺(always-on vision,簡稱AOV)客戶端111,並將AI模型122載入到感測器集線器120,以將從嵌入式感測器(例如,攝影機(未圖示))收集的大量處理資料卸載到感測器集線器120。在感測器集線器120中,攝影機驅動器123可以基於AOV客戶端111來驅動ISP 130,以處理由攝影機捕獲的圖像(例如,使用者面部),並將經處理的圖像發送到記憶體150的攝影機輸入151。軟體開發套件(software development kit,簡稱SDK)121(例如,AI推理SDK)可以驅動APU 140對經處理的圖像執行AI模型122。例如,APU 140可以利用與AI模型122相對應的AI可執行二進位檔案來對從攝影機輸入151發送的經處理的圖像執行AI模型122,並生成輸出152,例如,輸出152可以是相關聯於所捕獲的客戶面部是否與所有者面部的面部生物特徵模式相匹配的分類結果。The AP 110 can enable environment sensing functions, such as an always-on vision (AOV) client 111 , and load the AI model 122 to the sensor hub 120 to collect data from embedded sensors. A large amount of processing data collected (eg, a camera (not shown)) is offloaded to the sensor hub 120 . In the sensor hub 120 , the camera driver 123 may drive the ISP 130 based on the AOV client 111 to process images captured by the camera (eg, a user's face) and send the processed images to the memory 150 The camera input is 151. A software development kit (SDK for short) 121 (eg, AI inference SDK) can drive the APU 140 to execute the AI model 122 on the processed image. For example, APU 140 may utilize an AI executable binary archive corresponding to AI model 122 to execute AI model 122 on processed images sent from camera input 151 and generate output 152. For example, output 152 may be associated Classification results based on whether the captured customer's face matches the facial biometric pattern of the owner's face.

在裝置100中,感測器集線器120可以提供具有有限靈活性的安全計算。例如,當行動電話正在運行時,感測器集線器120可以在安全引導階段保護固定的功能和安全。環境感測持續感測資料,這些資料包括使用者隱私,例如語音、視覺、周圍、位置等。如果這種資料以及載入到感測器集線器122中的AI模型122沒有受到良好的保護,它們很可能會被攻擊、竊取或篡改。此外,APU 140在其上執行AI模型122的經處理的圖像可能不是從攝影機捕獲的,而是由攻擊者從外部發送的。In device 100, sensor hub 120 may provide secure computing with limited flexibility. For example, the sensor hub 120 can protect fixed functionality and security during the secure boot phase while the mobile phone is running. Environmental sensing continuously senses data, which includes user privacy, such as voice, vision, surroundings, location, etc. If this information and the AI model 122 loaded into the sensor hub 122 are not well protected, they are likely to be attacked, stolen, or tampered with. Furthermore, the processed images on which the APU 140 executes the AI model 122 may not be captured from a camera, but may be sent externally by the attacker.

防火牆是一種網路安全裝置,其可以監測所有傳入和傳出流量,並根據定義的一組安全規則來接受、拒絕或丟棄所述流量。例如,防火牆可以藉由如下方式來控制網路訪問,亦即,監測任何開放系統互相連線(open systems interconnection ,簡稱OSI)層、直到應用層上的傳入和傳出資料封包,並允許它們基於來源和目的地IP位址、協定、埠以及狀態表中資料封包的歷史記錄來通過或停止,以保護資料封包免受攻擊、竊取或篡改。防火牆可以是基於硬體的,也可以是基於軟體的。A firewall is a network security device that monitors all incoming and outgoing traffic and accepts, denies, or drops said traffic based on a defined set of security rules. For example, a firewall can control network access by monitoring incoming and outgoing data packets at any open systems interconnection (OSI) layer up to the application layer and allowing them Pass or stop data packets based on source and destination IP addresses, protocols, ports, and the history of data packets in state tables to protect data packets from attack, theft, or tampering. Firewalls can be hardware-based or software-based.

圖2是啟用AmI的裝置200(例如,行動電話)的功能方塊圖。裝置200與裝置100的不同之處在於,在裝置200中,感測器集線器120和記憶體150受到良好的保護(例如,經由防火牆290)(以黑色背景示出)。因此,感測到的資料和AI模型122是安全的,並且攻擊者不能將圖像發送到記憶體150中。然而,AI模型122需要不時地被恢復或更新(例如,使用新AI模型112),以根據裝置訓練或網際網路來持續增強性能或安全。AP 110不能恢復或更新儲存在感測器集線器120中的AI模型122,因為感測器集線器120受到防火牆290的保護,並且AP 110沒有訪問感測器集線器120的許可權。FIG. 2 is a functional block diagram of an AmI-enabled device 200 (eg, a mobile phone). Device 200 differs from device 100 in that in device 200, sensor hub 120 and memory 150 are well protected (eg, via firewall 290) (shown with a black background). Therefore, the sensed data and AI model 122 are secure, and an attacker cannot send the image to memory 150 . However, the AI model 122 needs to be restored or updated from time to time (eg, with a new AI model 112) to continuously enhance performance or security based on device training or the Internet. AP 110 cannot restore or update the AI model 122 stored in sensor hub 120 because sensor hub 120 is protected by firewall 290 and AP 110 does not have permission to access sensor hub 120.

圖3是啟用AmI的裝置300(例如,行動電話)的功能方塊圖。裝置300可以包括安全作業系統(operating system,簡稱OS)360。安全OS 360可以為安卓(Android)提供可信執行環境(trusted execution environment,簡稱TEE)393(以黑色背景示出),其中代碼和資料(例如,可信應用程式(trusted application,簡稱TA))可以在機密性和完整性方面得到保護。安全OS 360可以在與Android運行的處理器(例如,AP 110)相同的處理器上運行,但是藉由硬體和軟體與在富執行環境(rich execution environment,簡稱REE)內運行富OS的系統的其餘部分隔離。3 is a functional block diagram of an AmI-enabled device 300 (eg, a mobile phone). The device 300 may include a secure operating system (OS) 360 . Secure OS 360 may provide a trusted execution environment (TEE) 393 (shown with a black background) for Android, in which code and data (e.g., trusted application (TA)) Can be protected in terms of confidentiality and integrity. Secure OS 360 can run on the same processor that Android runs on (e.g., AP 110), but by combining the hardware and software with a rich OS system running within a rich execution environment (REE). The rest is isolated.

AI模型322可以載入在由安全OS 360提供的TEE 393內,並且可以準備AI模型322的AI可執行二進位檔案381和控制流(包括AI會話(session)327,例如AI模型322的識別字(identifier,簡稱ID),以及AI執行器328),統稱為AI準備361。AI可執行二進位檔案381可以被發送到安全記憶體380,並且AI會話327和AI執行器328可以被發送至低功率子系統320,例如感測器集線器。諸如AI加速器(諸如DLA,例如APU)之類的處理器340可以藉由確定AI會話327和AI執行器328來執行AI可執行二進位檔案381。在一個實施方式中,記憶體380和APU 340也是安全的(以黑色背景示出)(例如,經由防火牆391),以保護AI可執行二進位檔案381不被攻擊、竊取或篡改。在圖3所示的示例實施方式中,感測器集線器320不受保護,因為它僅提供用於AI模型322的控制流,而不涉及任何感測資料。在一些實施方式中,感測器集線器320也可以受到保護(例如,經由防火牆)。例如,該防火牆可以提供比防火牆391更低的安全級別,因為AI會話327和AI執行器328不如AI可執行二進位檔案381重要。The AI model 322 can be loaded in the TEE 393 provided by the secure OS 360, and the AI executable binary archive 381 and the control flow (including the AI session (session) 327, such as the identifier of the AI model 322) of the AI model 322 can be prepared. (identifier, referred to as ID), and AI executor 328), collectively referred to as AI preparation 361. AI executable binary archive 381 can be sent to secure memory 380, and AI session 327 and AI executor 328 can be sent to low power subsystem 320, such as a sensor hub. A processor 340 such as an AI accelerator (such as a DLA, eg, an APU) may execute the AI executable binary 381 by determining the AI session 327 and the AI executor 328 . In one embodiment, memory 380 and APU 340 are also secure (shown with a black background) (eg, via firewall 391) to protect AI executable binary 381 from attack, theft, or tampering. In the example implementation shown in Figure 3, sensor hub 320 is not protected because it only provides control flow for AI model 322 and does not involve any sensed data. In some implementations, sensor hub 320 may also be protected (eg, via a firewall). For example, the firewall may provide a lower level of security than the firewall 391 because the AI session 327 and the AI executor 328 are less important than the AI executable binary 381 .

在一個實施方式中,資料(例如,面部生物特徵模式363)在TEE 393內也是安全的,並且被下載和儲存到安全記憶體380中。例如,APU 340可以利用AI可執行二進位檔案381對從ISP 130(如圖1所示)發送的經處理的圖像(例如,使用者面部)執行AI模型322,並生成與所捕獲的客戶面部是否與所有者面部(亦即,面部生物特徵模式363)相匹配相關聯的輸出,例如,分類結果。In one embodiment, data (eg, facial biometric pattern 363) is also secure within TEE 393 and is downloaded and stored in secure memory 380. For example, the APU 340 may utilize the AI executable binary 381 to execute the AI model 322 on the processed image (eg, the user's face) sent from the ISP 130 (shown in FIG. 1 ) and generate a user image corresponding to the captured image. An output, such as a classification result, associated with whether the face matches the owner's face (ie, facial biometric pattern 363).

由於硬體的各種實現(例如,裝置300的安全記憶體380和AI加速器340),輸入/輸出(input/output,簡稱IO)資料以及與其相關的資訊(例如,IO資料的位址)可能需要修改,以便在被部署到AI加速器340的AI模型322上運行。例如,在為了提高性能而捕獲複數個圖像幀的場景中,安全攝影機可以包括環形緩衝器(或迴圈緩衝器),該環形緩衝器被配置為使所捕獲的圖像幀序列化。每當圖像幀在環形緩衝器中被消耗時,指向環形緩衝器中的圖像幀的開始和結束的指標會被更新,並且輸入到AI模型322的位址會變化。作為另一示例,在AI模型322被用於識別模式(patterns)並且包括複數個連接的子圖(subgraphs)(例如,特徵提取和檢測子圖以及識別子圖)的場景中,如果APU 340具有有限的能力,則輸入到特徵提取和檢測子圖並由其檢測的模式可以由識別子圖基於它們的大小(size)利用不同的(例如,高或低)解析度來識別。Due to various implementations of hardware (for example, the secure memory 380 and the AI accelerator 340 of the device 300), input/output (IO) data and information related thereto (for example, the address of the IO data) may be required Modified to run on AI model 322 deployed to AI accelerator 340. For example, in scenarios where multiple image frames are captured to improve performance, a security camera may include a ring buffer (or loop buffer) configured to serialize the captured image frames. Whenever an image frame is consumed in the ring buffer, the pointers pointing to the start and end of the image frame in the ring buffer are updated, and the addresses input to the AI model 322 change. As another example, in a scenario where the AI model 322 is used to recognize patterns and includes a plurality of connected subgraphs (eg, feature extraction and detection subgraphs and recognition subgraphs), if the APU 340 has limited capabilities, then the patterns input to and detected by the feature extraction and detection subgraphs can be identified by the recognition subgraphs using different (eg, high or low) resolutions based on their size.

然而,當IO資料和/或與其相關的資訊變化時,因為AI可執行二進位檔案381在安全記憶體380和AI加速器340中受到保護,所以AI執行器328不能修改AI可執行二進位檔案381。例如,如圖4的裝置400所示,嵌入在由安全OS 360提供的TEE 393內的IO預發(pre-fire)模組420不能將IO變化(例如,IO 410的位址)修補到被載入到AI加速器340的AI可執行二進位檔案381,並且AI執行器328不能修改AI可執行二進位檔案381。作為另一示例,如圖5的裝置500所示,其包括複數個隔離的虛擬機器(virtual machine,簡稱VM),第一VM(VM0)501具有比Android系統502和第二VM(VM1)503更高的特權,Android系統502和第二VM(VM1)503兩者都連接到AI加速器340,嵌入在VM0 501內的IO預發模組520不能將IO變化(例如,IO 510的位址)修補到由VM0 501準備並載入到AI加速器340的AI可執行二進位檔案381,並且Android系統502的AI執行器528和VM1 503的AI執行器538不能修改AI可執行二進位檔案381。However, when the IO data and/or information related thereto changes, the AI executable binary file 381 cannot be modified by the AI executor 328 because the AI executable binary file 381 is protected in the secure memory 380 and the AI accelerator 340 . For example, as shown in the device 400 of Figure 4, the IO pre-fire module 420 embedded in the TEE 393 provided by the secure OS 360 cannot patch the IO changes (eg, the address of the IO 410) to the The AI executable binary file 381 is loaded into the AI accelerator 340, and the AI executable binary file 381 cannot be modified by the AI executor 328. As another example, as shown in the device 500 of FIG. 5 , which includes a plurality of isolated virtual machines (VMs), the first VM (VM0) 501 has a higher performance than the Android system 502 and the second VM (VM1) 503 With higher privileges, both the Android system 502 and the second VM (VM1) 503 are connected to the AI accelerator 340, and the IO pre-release module 520 embedded in the VM0 501 cannot change the IO (for example, the address of the IO 510) Patches to the AI executable binary file 381 prepared by VM0 501 and loaded into the AI accelerator 340, and the AI executable binary file 381 cannot be modified by the AI executor 528 of the Android system 502 and the AI executor 538 of VM1 503.

圖6是根據本發明的一些實施方式的啟用AmI的裝置600(例如,行動電話)的功能方塊圖。裝置600可以在IO變化的情況下執行AI模型。與裝置300相比,裝置600還可以包括IO元資料640、IO驗證器/檢查器630和IO預發模組620。在一個實施方式中,IO元資料640可以由安全OS 360提供,同時準備AI模型322的AI可執行二進位檔案381和控制流(包括AI會話327和AI執行器328),統稱為AI準備361,並將其發送到安全記憶體380並嵌入安全記憶體380中。在圖6的示例實施方式中,由於安全記憶體380受到保護(例如,經由防火牆391),因此還可以保護IO元資料640不被攻擊、竊取或篡改。在另一實施方式中,IO驗證器/檢查器630和IO預發模組620可以嵌入AI加速器340中,並且也可以受到保護(例如,經由防火牆391)。在一個實施方式中,安全OS 360或VM(例如,VM0 501)可以嵌入TEE 393內。在另一實施方式中,子系統320可以是感測器集線器或VM(例如,VM1 503)。在圖6的示例實施方式中,子系統320不受保護。在一些實施方式中,子系統320也可以受到保護(例如,經由防火牆)。例如,防火牆可以提供比防火牆391更低的安全級別,因為AI會話327和AI執行器328不如AI可執行二進位檔案381重要。Figure 6 is a functional block diagram of an AmI-enabled device 600 (eg, a mobile phone) in accordance with some embodiments of the invention. Apparatus 600 can execute AI models in the presence of IO changes. Compared with the device 300, the device 600 may also include an IO metadata 640, an IO validator/checker 630, and an IO pre-release module 620. In one embodiment, IO metadata 640 may be provided by the secure OS 360 while preparing the AI executable binary archive 381 of the AI model 322 and the control flow (including the AI session 327 and the AI executor 328), collectively referred to as AI preparation 361 , and send it to the secure memory 380 and embed it in the secure memory 380 . In the example implementation of Figure 6, because secure memory 380 is protected (eg, via firewall 391), IO metadata 640 may also be protected from attack, theft, or tampering. In another embodiment, IO validator/checker 630 and IO pre-release module 620 may be embedded in AI accelerator 340 and may also be protected (eg, via firewall 391). In one implementation, secure OS 360 or VM (eg, VMO 501) may be embedded within TEE 393. In another implementation, subsystem 320 may be a sensor hub or VM (eg, VM1 503). In the example implementation of Figure 6, subsystem 320 is not protected. In some implementations, subsystem 320 may also be protected (eg, via a firewall). For example, a firewall may provide a lower level of security than a firewall 391 because the AI session 327 and the AI executor 328 are less important than the AI executable binary 381 .

在一個實施方式中,IO元資料640可以包括IO位址修補資訊和/或有效/可訪問的IO(位址)範圍。例如,IO元資料640可以包括指向安全攝影機的環形緩衝器的開始和結束的指標(或位址)。在另一實施方式中,IO驗證器/檢查器630可以驗證/檢查IO變化(例如,IO位址610)是否在IO元資料640中指定的IO位址範圍內,並且如果IO位址610在IO位址範圍內,則IO預發模組620可以將IO位址610修補到AI可執行二進位檔案381。例如,由於在示例實施方式中子系統320沒有受到良好的保護,因此IO位址610可能是由惡意實體(例如駭客)提供的。在這種場景下,IO驗證器/檢查器630可以驗證/檢查IO位址610,並確定IO位址610不在IO位址範圍內,因此IO預發模組620不會將未被驗證(unverified)的IO位址610修補到被分配到並運行於AI加速器340上的AI可執行二進位檔案381。作為另一示例,當IO驗證器/檢查器630驗證/檢查IO位址610,並確定IO位址610在IO位址範圍內時,IO預發模組620可以將IO位址610修補到運行於AI加速器340上的AI可執行二進位檔案381。因此,APU 340可以將動態形狀資訊應用於AI可執行二進位檔案381並執行推理。In one embodiment, IO metadata 640 may include IO address patch information and/or valid/accessible IO (address) ranges. For example, IO metadata 640 may include pointers (or addresses) to the beginning and end of the security camera's ring buffer. In another embodiment, IO validator/checker 630 may verify/check whether the IO change (e.g., IO address 610) is within the IO address range specified in IO metadata 640, and if IO address 610 is within Within the IO address range, the IO pre-issue module 620 can patch the IO address 610 to the AI executable binary file 381. For example, since subsystem 320 is not well protected in the example embodiment, IO address 610 may be provided by a malicious entity (eg, a hacker). In this scenario, the IO verifier/checker 630 can verify/check the IO address 610 and determine that the IO address 610 is not within the IO address range, so the IO pre-issue module 620 will not be unverified. ) is patched to the AI executable binary file 381 assigned to and run on the AI accelerator 340 . As another example, when the IO verifier/checker 630 verifies/checks the IO address 610 and determines that the IO address 610 is within the IO address range, the IO pre-issue module 620 can patch the IO address 610 to run AI executable binary file 381 on AI accelerator 340. Therefore, the APU 340 can apply the dynamic shape information to the AI executable binary file 381 and perform inference.

圖7是根據本發明的一些實施方式的啟用AmI的裝置700(例如,行動電話)的功能方塊圖。裝置700可以在IO變化的情況下執行AI模型。與裝置300相比,裝置700還可以包括IO元資料740、(形狀)IO驗證器730和(形狀)IO預發模組720。在一個實施方式中,可以提供IO元資料740,同時準備AI可執行二進位檔案381,並將IO元資料740發送並嵌入到安全記憶體380中。由於安全記憶體380受到保護(例如,經由防火牆391),IO元資料740也可以受到保護而不被攻擊、竊取或篡改。在另一實施方式中,(形狀)IO驗證器730和(形狀)I/O預發模組720可以嵌入AI加速器340中,並且也可以受到保護(例如,經由防火牆391)。Figure 7 is a functional block diagram of an AmI-enabled device 700 (eg, a mobile phone) in accordance with some embodiments of the invention. Apparatus 700 can execute AI models in the presence of IO changes. Compared to the device 300, the device 700 may also include an IO metadata 740, a (shape) IO validator 730, and a (shape) IO pre-issue module 720. In one implementation, IO metadata 740 may be provided, while the AI executable binary archive 381 is prepared, and the IO metadata 740 is sent and embedded into the secure memory 380 . Because secure memory 380 is protected (eg, via firewall 391), IO metadata 740 may also be protected from attack, theft, or tampering. In another embodiment, (shape)IO validator 730 and (shape)I/O pre-release module 720 may be embedded in AI accelerator 340 and may also be protected (eg, via firewall 391).

在一個實施方式中,IO元資料740可以包括許多不同的解析度,例如,低解析度和高解析度。在另一實施方式中,(形狀)IO驗證器730可以驗證觸發解析度變化的控制件710是否與IO元資料740中指定的不同解析度中的任何一個解析度相匹配,並且如果解析度變化與IO元資料740中指定的不同解析度中的任何一個解析度相匹配,則(形狀)IO預發模組720可以將解析度變化修補到AI可執行二進位檔案381。例如,由於在示例實施方式中子系統320沒有受到良好的保護,因此解析度變化可能是由惡意實體(例如,駭客)提供的。在這樣的場景中,(形狀)IO驗證器730可以驗證解析度變化,並確定解析度變化與不同解析度中的任何一個解析度不匹配,因此,(形狀)I/O預發模組720不會將未經驗證的解析度變化修補到被分配到並運行於AI加速器340上的AI可執行二進位檔案381。作為另一示例,當(形狀)IO驗證器730驗證解析度變化,並確定解析度變化與IO元資料740中指定的不同解析度中的一個解析度相匹配時,(形狀)I/O預發模組720可以將解析度變化修補到運行於AI加速器340上的AI可執行二進位檔案381。因此,APU 340可以將動態形狀資訊應用於AI可執行二進位檔案381並執行推理。In one implementation, IO metadata 740 may include a number of different resolutions, such as low resolution and high resolution. In another embodiment, the (shape) IO validator 730 can verify whether the control 710 that triggered the resolution change matches any of the different resolutions specified in the IO metadata 740, and if the resolution change Matches any of the different resolutions specified in IO metadata 740 , then the (shape) IO pre-release module 720 can patch the resolution change into the AI executable binary file 381 . For example, because subsystem 320 is not well protected in the example embodiment, resolution changes may be provided by malicious entities (eg, hackers). In such a scenario, (shape) IO validator 730 can verify the resolution change and determine that the resolution change does not match any of the different resolutions, and therefore (shape) I/O pre-release module 720 Unvalidated resolution changes will not be patched to AI executable binaries 381 distributed to and running on AI accelerator 340 . As another example, when the (shape) IO validator 730 verifies the resolution change and determines that the resolution change matches one of the different resolutions specified in the IO metadata 740, the (shape) I/O preset The development module 720 can patch the resolution change to the AI executable binary file 381 running on the AI accelerator 340. Therefore, the APU 340 can apply the dynamic shape information to the AI executable binary file 381 and perform inference.

雖然已經結合作為示例提出的本發明的具體實施方式描述了本發明的各方面,但可以對這些示例進行替換、修改和變化。因此,本文所闡述的實施方式旨在例示而非限制。在不脫離下面所闡述的申請專利範圍的情況下,可以進行一些變化。Although aspects of the invention have been described in conjunction with specific embodiments of the invention set forth as examples, substitutions, modifications and variations may be made to these examples. Accordingly, the embodiments set forth herein are intended to be illustrative and not limiting. Some changes may be made without departing from the scope of the patent claims set forth below.

110:主應用處理器(AP) 111:始終線上的視覺(AOV)客戶端 112:新AI模型 120:感測器集線器 121:軟體開發套件(SDK) 123:攝影機驅動器 130:圖像訊號處理器(ISP) 141:工作緩衝區 150:記憶體 151:攝影機輸入 152:輸出 320:低功率子系統(感測器集線器) 328:AI執行器 360:安全OS 361:AI準備 363:面部生物特徵模式 380:安全記憶體 381:二進位檔案 393:可信執行環境(TEE) 501:第一虛擬機器(VM0) 502:Android系統 503:第二虛擬機器(VM1) 610:IO位址 630:IO驗證器/檢查器 710:控制項 720:(形狀)I/O預發模組 730:(形狀)IO驗證器 122,322:AI模型 140,340:加速處理單元(APU) 290,391:防火牆 410,510:IO 528,538:AI執行器 640,740:IO元資料 327,527,537:AI會話 420,520,620:IO預發模組 100,200,300,400,500,600,700:裝置 110: Main application processor (AP) 111:Always Online Vision (AOV) Client 112:New AI model 120: Sensor Hub 121:Software Development Kit (SDK) 123:Camera driver 130:Image signal processor (ISP) 141: working buffer 150:Memory 151:Camera input 152:Output 320: Low Power Subsystem (Sensor Hub) 328:AI actuator 360:Secure OS 361:AI preparation 363: Facial biometric mode 380:Secure memory 381:Binary file 393: Trusted Execution Environment (TEE) 501: First virtual machine (VM0) 502:Android system 503: Second virtual machine (VM1) 610:IO address 630:IO validator/checker 710:Control items 720: (Shape) I/O pre-release module 730:(shape)IO validator 122,322:AI model 140,340: Accelerated Processing Unit (APU) 290,391: Firewall 410,510:IO 528,538:AI actuator 640,740:IO metadata 327,527,537:AI session 420,520,620: IO pre-release module 100,200,300,400,500,600,700:Device

將參考以下圖式詳細描述作為示例而提出的本發明的各種實施方式,其中相同的數字指代相同的元件,並且其中: 圖1是第一啟用環境智慧(ambient intelligence,簡稱AmI)的裝置的功能方塊圖; 圖2是第二啟用AmI的裝置的功能方塊圖; 圖3是第三啟用AmI的裝置的功能方塊圖; 圖4是第四啟用AmI的裝置的功能方塊圖; 圖5是第五啟用AmI的裝置的功能方塊圖; 圖6是根據本發明的一些實施方式的第一啟用AmI的裝置的功能方塊圖;以及 圖7是根據本發明的一些實施方式的第二啟用AmI的裝置的功能方塊圖。 Various embodiments of the present invention, presented by way of example, will be described in detail with reference to the following drawings, in which like numerals refer to like elements, and in which: Figure 1 is a functional block diagram of the first device that enables ambient intelligence (AmI); Figure 2 is a functional block diagram of a second AmI enabled device; Figure 3 is a functional block diagram of a third AmI enabled device; Figure 4 is a functional block diagram of a fourth AmI enabled device; Figure 5 is a functional block diagram of a fifth AmI-enabled device; Figure 6 is a functional block diagram of a first AmI enabled device in accordance with some embodiments of the invention; and Figure 7 is a functional block diagram of a second AmI enabled device in accordance with some embodiments of the invention.

100:裝置 100:Device

110:主應用處理器(AP) 110: Main application processor (AP)

111:始終線上的視覺(AOV)客戶端 111:Always Online Vision (AOV) Client

112:新AI模型 112:New AI model

120:感測器集線器 120: Sensor Hub

121:軟體開發套件(SDK) 121:Software Development Kit (SDK)

122:AI模型 122:AI model

123:攝影機驅動器 123:Camera driver

130:圖像訊號處理器(ISP) 130:Image signal processor (ISP)

140:加速處理單元(APU) 140: Accelerated Processing Unit (APU)

141:工作緩衝區 141: working buffer

150:記憶體 150:Memory

151:攝影機輸入 151:Camera input

152:輸出 152:Output

Claims (13)

一種人工智慧裝置,所述人工智慧裝置包括: 第一安全處理器; 安全應用程式,所述安全應用程式嵌入在所述第一安全處理器中,所述安全應用程式與人工智慧(artificial intelligence ,簡稱AI)模型相關聯; 安全記憶體,所述安全記憶體耦接到所述第一安全處理器,所述安全記憶體被配置為儲存與所述AI模型相關聯的AI可執行二進位檔案; 第二安全處理器,所述第二安全處理器耦接到所述安全記憶體,所述第二安全處理器被配置為執行儲存在所述安全記憶體中的所述AI可執行二進位檔案; 子系統,所述子系統耦接在所述第一安全處理器與所述第二安全處理器之間,所述子系統被配置為觸發輸入/輸出(Input/Output,簡稱IO)變化並觸發所述第二安全處理器以執行儲存在所述安全記憶體中的所述AI可執行二進位檔案; IO元資料,所述IO元資料儲存在所述安全記憶體中; IO驗證器,所述IO驗證器耦接到所述子系統和所述安全記憶體,所述IO驗證器被配置為藉由確定所述IO元資料來驗證IO變化;以及 IO預發模組,所述IO預發模組耦接到所述IO驗證器,所述IO預發模組被配置為,當所述IO驗證器確定所述IO變化與所述IO元資料相匹配時,將所述IO變化修補到運行於所述第二安全處理器上的所述AI可執行二進位檔案。 An artificial intelligence device, the artificial intelligence device includes: first security processor; A security application, the security application is embedded in the first security processor, the security application is associated with an artificial intelligence (artificial intelligence, AI for short) model; a secure memory coupled to the first secure processor, the secure memory configured to store an AI executable binary file associated with the AI model; a second secure processor coupled to the secure memory, the second secure processor configured to execute the AI executable binary file stored in the secure memory ; Subsystem, the subsystem is coupled between the first security processor and the second security processor, the subsystem is configured to trigger input/output (Input/Output, IO for short) changes and trigger the second secure processor to execute the AI executable binary file stored in the secure memory; IO metadata, the IO metadata is stored in the secure memory; an IO validator coupled to the subsystem and the secure memory, the IO validator configured to validate IO changes by determining the IO metadata; and IO pre-issue module, the IO pre-issue module is coupled to the IO verifier, the IO pre-issue module is configured to, when the IO verifier determines that the IO change is consistent with the IO metadata When matched, the IO changes are patched to the AI executable binary file running on the second security processor. 如請求項1之人工智慧裝置,其中,所述IO元資料包括IO位址範圍,所述IO變化包括IO位址,所述IO驗證器驗證所述IO位址是否在所述IO位址範圍內,並且當所述IO驗證器確定所述IO位址在所述IO位址範圍內時,所述IO預發模組將所述IO位址修補到運行於第二安全處理器上的所述AI可執行二進位檔案。The artificial intelligence device of claim 1, wherein the IO metadata includes an IO address range, the IO change includes an IO address, and the IO verifier verifies whether the IO address is within the IO address range. Within, and when the IO verifier determines that the IO address is within the IO address range, the IO pre-issue module patches the IO address to all the devices running on the second security processor. The AI executable binary file described above. 如請求項1之人工智慧裝置,其中,所述IO元資料包括複數個不同的解析度,所述IO變化包括解析度變化,所述IO驗證器驗證所述解析度變化是否與所述IO元資料中指定的不同解析度中的任何一個解析度相匹配,並且當所述IO驗證器確定所述解析度變化與所述不同解析度中的一個解析度相匹配時,所述IO預發模組將所述解析度變化修補到運行於所述第二安全處理器上的所述AI可執行二進位檔案。The artificial intelligence device of claim 1, wherein the IO metadata includes a plurality of different resolutions, the IO changes include resolution changes, and the IO verifier verifies whether the resolution changes are consistent with the IO metadata. Any one of the different resolutions specified in the information matches, and when the IO verifier determines that the resolution change matches one of the different resolutions, the IO pre-generated model The group patches the resolution change to the AI executable binary running on the second secure processor. 如請求項1之人工智慧裝置,其中,所述IO驗證器嵌入在所述第二安全處理器中。The artificial intelligence device of claim 1, wherein the IO verifier is embedded in the second security processor. 如請求項1之人工智慧裝置,其中,所述IO預發模組嵌入在所述第二安全處理器中。The artificial intelligence device of claim 1, wherein the IO pre-issuance module is embedded in the second security processor. 如請求項1之人工智慧裝置,所述人工智慧裝置還包括嵌入在所述第一安全處理器中的安全作業系統(operating system,簡稱OS),所述安全OS被配置為提供可信執行環境(trusted execution environment,簡稱TEE),在所述可信執行環境內,所述安全應用程式受到保護。As in claim 1, the artificial intelligence device further includes a secure operating system (OS) embedded in the first secure processor, and the secure OS is configured to provide a trusted execution environment. (trusted execution environment, TEE for short), in the trusted execution environment, the secure application is protected. 如請求項6之人工智慧裝置,其中,所述安全記憶體和所述第二安全處理器由第一防火牆保護。The artificial intelligence device of claim 6, wherein the secure memory and the second secure processor are protected by a first firewall. 如請求項7之人工智慧裝置,其中,所述子系統由不同於所述第一防火牆的第二防火牆保護。The artificial intelligence device of claim 7, wherein the subsystem is protected by a second firewall different from the first firewall. 如請求項8之人工智慧裝置,其中,所述第一防火牆提供比所述第二防火牆更高的安全級別。The artificial intelligence device of claim 8, wherein the first firewall provides a higher security level than the second firewall. 如請求項6之人工智慧裝置,所述人工智慧裝置還包括: 圖像訊號處理器(image signal processor,簡稱ISP),所述ISP耦接到所述安全記憶體,所述ISP被配置為處理圖像並將所處理的圖像儲存到所述安全記憶體中,以及 面部生物特徵模式,所述面部生物特徵模式在TEE內是安全的, 其中,所述第二安全處理器執行所述AI可執行二進位檔案,以確定所處理的圖像中的任何一個圖像是否與所述面部生物特徵模式相匹配。 As claimed in claim 6, the artificial intelligence device further includes: Image signal processor (ISP for short), the ISP is coupled to the secure memory, the ISP is configured to process images and store the processed images in the secure memory ,as well as a facial biometric pattern that is secure within the TEE, wherein the second security processor executes the AI executable binary file to determine whether any of the processed images matches the facial biometric pattern. 如請求項1之人工智慧裝置,其中,所述第一安全處理器包括安全中央處理單元(central processing unit,簡稱CPU)。The artificial intelligence device of claim 1, wherein the first security processor includes a security central processing unit (CPU for short). 如請求項1之人工智慧裝置,其中,所述第二安全處理器包括安全深度學習加速器(deep learning accelerator,簡稱DLA)。The artificial intelligence device of claim 1, wherein the second security processor includes a secure deep learning accelerator (DLA for short). 如請求項12之人工智慧裝置,其中,所述DLA包括加速處理單元(accelerated processing unit,簡稱APU)。The artificial intelligence device of claim 12, wherein the DLA includes an accelerated processing unit (APU for short).
TW112122173A 2022-06-16 2023-06-14 Artificial intelligence apparatus TWI892155B (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US202263352706P 2022-06-16 2022-06-16
US63/352,706 2022-06-16
US18/332,346 2023-06-09
US18/332,346 US20240411862A1 (en) 2023-06-09 2023-06-09 Always-on artificial intelligence (ai) security harware assisted input/output shape changing

Publications (2)

Publication Number Publication Date
TW202403564A true TW202403564A (en) 2024-01-16
TWI892155B TWI892155B (en) 2025-08-01

Family

ID=90457457

Family Applications (1)

Application Number Title Priority Date Filing Date
TW112122173A TWI892155B (en) 2022-06-16 2023-06-14 Artificial intelligence apparatus

Country Status (1)

Country Link
TW (1) TWI892155B (en)

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10742405B2 (en) * 2016-12-16 2020-08-11 The Boeing Company Method and system for generation of cipher round keys by bit-mixers
US10540509B2 (en) * 2017-06-08 2020-01-21 Cisco Technology, Inc. File-type whitelisting
US10762198B1 (en) * 2019-09-25 2020-09-01 Richard Dea Artificial intelligence system and method for instantly identifying and blocking unauthorized cyber intervention into computer application object code
US11475131B2 (en) * 2020-01-27 2022-10-18 Red Hat, Inc. Hypervisor level signature checks for encrypted trusted execution environments

Also Published As

Publication number Publication date
TWI892155B (en) 2025-08-01

Similar Documents

Publication Publication Date Title
JP7338044B2 (en) Face image transmission method, value transfer method, device and electronic device
US11461146B2 (en) Scheduling sub-thread on a core running a trusted execution environment
US11270306B2 (en) Asset management method and apparatus, and electronic device
EP3207680B1 (en) Method and device for using behavioral analysis towards efficient continuous authentication
CN107111715B (en) Using a trusted execution environment for security of code and data
JP7072123B2 (en) Graphics processing unit with accelerated trusted execution environment
CA3083806A1 (en) Asset management method and apparatus, and electronic device
Alotaibi Identifying malicious software using deep residual long-short term memory
US20230095576A1 (en) Data protection for computing device
WO2015094870A1 (en) Automatic strong identity generation for cluster nodes
US20230259636A1 (en) Security assessment apparatus and method for processor
US11971990B2 (en) System and method for container validation
US20220311792A1 (en) Forensics Analysis for Malicious Insider Attack Attribution based on Activity Monitoring and Behavioral Biometrics Profiling
TWI892155B (en) Artificial intelligence apparatus
US20240411862A1 (en) Always-on artificial intelligence (ai) security harware assisted input/output shape changing
CN116415247A (en) Method and device for container safety verification
TWI831662B (en) Artificial intelligence (ai) security apparatus
WO2020191547A1 (en) Biometric recognition method and apparatus
EP4357951B1 (en) Method and system for computational storage attack reduction
Xiao et al. TrustZone-based mobile terminal security system
US20250291885A1 (en) Systems and methods for providing multifactor authentication for immersive environments
Serban Adversarial Machine Learning
HK40022185A (en) Face image transmission method, numerical transfer method, device and electronic apparatus