[go: up one dir, main page]

TWI892155B - Artificial intelligence apparatus - Google Patents

Artificial intelligence apparatus

Info

Publication number
TWI892155B
TWI892155B TW112122173A TW112122173A TWI892155B TW I892155 B TWI892155 B TW I892155B TW 112122173 A TW112122173 A TW 112122173A TW 112122173 A TW112122173 A TW 112122173A TW I892155 B TWI892155 B TW I892155B
Authority
TW
Taiwan
Prior art keywords
secure
processor
artificial intelligence
security
verifier
Prior art date
Application number
TW112122173A
Other languages
Chinese (zh)
Other versions
TW202403564A (en
Inventor
蕭志祥
許嘉鋒
王澤宇
蘇軾詠
Original Assignee
聯發科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US18/332,346 external-priority patent/US20240411862A1/en
Application filed by 聯發科技股份有限公司 filed Critical 聯發科技股份有限公司
Publication of TW202403564A publication Critical patent/TW202403564A/en
Application granted granted Critical
Publication of TWI892155B publication Critical patent/TWI892155B/en

Links

Landscapes

  • Stored Programmes (AREA)
  • Storage Device Security (AREA)

Abstract

Aspects of the present disclosure provide an apparatus that can execute an artificial intelligence (AI) model with IO changing. For example, the apparatus can include a first secured processor, a secured application embedded in the first secured processor and associated with an AI model, a secured memory configured to store an AI executable binary associated with the AI model, a second secured processor configured to execute the AI executable binary, a sub-system configured to trigger IO changing and trigger the second secured processor to execute the AI executable binary, IO meta data stored in the secured memory, an IO verifier configured to verify IO changing by determining the IO meta data, and an IO pre-fire module configured to patch the IO changing to the AI executable binary running on the second secured processor when the IO verifier determines that the IO changing matches the IO meta data.

Description

人工智慧裝置artificial intelligence devices

本發明關於神經網路(neural network,簡稱 NN),並且更具體地,關於始終線上(always-on)的人工智慧(artificial intelligence,簡稱AI)安全。This invention relates to neural networks (NNs), and more specifically, to the security of always-on artificial intelligence (AI).

本文所提供的背景技術描述出於概括地呈現本發明上下文的目的。當前提及的發明人的工作(到本背景技術部分中描述該工作的程度)以及描述的各個方面(其在提交時不以其他方式作為現有技術來描述)既不明確地、也不隱含地被承認為針對本發明的現有技術。The background description provided herein is for the purpose of generally presenting the context of the present invention. The work of the presently mentioned inventors (to the extent that such work is described in this background section) and aspects of the description (which are not otherwise described as prior art at the time of filing) are neither explicitly nor implicitly admitted to being prior art with respect to the present invention.

將機器學習(Machine learning,簡稱ML)功能整合到硬體路徑是趨勢,並且需要靈活和可擴展的設計來降低深度神經網路(deep neural network,簡稱DNN)加速器實現的設計複雜性。Integrating machine learning (ML) capabilities into hardware pathways is a trend, and flexible and scalable designs are needed to reduce the design complexity of deep neural network (DNN) accelerator implementations.

本發明的各方面提供了一種可以在輸入/輸出(Input/Output,簡稱IO)變化的情況下執行人工智慧(AI)模型的裝置。例如,該裝置可以包括第一安全處理器和嵌入在第一安全處理器中的安全應用程式。安全應用程式可以與人工智慧(AI)模型相關聯。該裝置還可以包括耦接到第一安全處理器的安全記憶體。安全記憶體可以被配置為儲存與AI模型相關聯的AI可執行二進位檔案(executable binary)。該裝置還可以包括耦接到安全記憶體的第二安全處理器。第二安全處理器可以被配置為執行儲存在安全記憶體中的AI可執行二進位檔案。該裝置還可以包括耦接在第一安全處理器與第二安全處理器之間的子系統。子系統可以被配置為觸發IO變化並觸發第二安全處理器以執行儲存在安全記憶體中的AI可執行二進位檔案。該裝置還可以包括儲存在安全記憶體中的IO元資料(meta data)。該裝置還可以包括耦接到子系統和安全記憶體的IO驗證器。IO驗證器可以被配置為藉由確定IO元資料來驗證IO變化。該裝置還可以包括耦接到IO驗證器的IO預發模組。IO預發模組可以被配置為:當IO驗證器確定IO變化與IO元資料相匹配時,將IO變化修補(patch)到運行於第二安全處理器上的AI可執行二進位檔案。在一個實施方式中,IO驗證器可以被嵌入到第二安全處理器中。在另一實施方式中,IO預發模組可以被嵌入到第二安全處理器中。Aspects of the present invention provide a device that can execute an artificial intelligence (AI) model under input/output (IO) changes. For example, the device may include a first security processor and a security application embedded in the first security processor. The security application may be associated with the artificial intelligence (AI) model. The device may also include a secure memory coupled to the first security processor. The secure memory may be configured to store an AI executable binary associated with the AI model. The device may also include a second security processor coupled to the secure memory. The second security processor may be configured to execute the AI executable binary stored in the secure memory. The device may also include a subsystem coupled between the first security processor and the second security processor. The subsystem can be configured to trigger IO changes and trigger the second security processor to execute the AI executable binary file stored in the secure memory. The device may also include IO metadata stored in the secure memory. The device may also include an IO verifier coupled to the subsystem and the secure memory. The IO verifier can be configured to verify the IO changes by determining the IO metadata. The device may also include an IO pre-launch module coupled to the IO verifier. The IO pre-launch module can be configured to: when the IO verifier determines that the IO changes match the IO metadata, patch the IO changes to the AI executable binary file running on the second security processor. In one embodiment, the IO verifier can be embedded in the second security processor. In another embodiment, the IO pre-issuance module may be embedded in the second security processor.

在一個實施方式中,IO元資料可以包括IO位址範圍,IO變化可以包括IO位址,IO驗證器可以驗證IO位址是否在IO位址範圍內,並且當IO驗證器確定IO位址在IO位址範圍內時,IO預發模組可以將IO位址修補到運行於第二安全處理器上的AI可執行二進位檔案。在另一實施方式中,IO元資料可以包括複數個不同的解析度(resolution),IO變化可以包括解析度變化,IO驗證器可以驗證解析度變化是否與IO元資料中指定的不同解析度中的任何一個解析度相匹配,並且當IO驗證器確定解析度變化與不同解析度中的一個解析度匹配時,IO預發模組可以將解析度變化修補到運行於第二安全處理器上的AI可執行二進位檔案。In one embodiment, the IO metadata may include an IO address range, the IO variation may include an IO address, the IO verifier may verify whether the IO address is within the IO address range, and when the IO verifier determines that the IO address is within the IO address range, the IO pre-release module may patch the IO address to the AI executable binary file running on the second secure processor. In another embodiment, the IO metadata may include a plurality of different resolutions, the IO variation may include a resolution variation, the IO verifier may verify whether the resolution variation matches any one of the different resolutions specified in the IO metadata, and when the IO verifier determines that the resolution variation matches one of the different resolutions, the IO pre-release module may patch the resolution variation to the AI executable binary file running on the second secure processor.

在一個實施方式中,該裝置還可以包括嵌入在第一安全處理器中的安全作業系統(operating system,簡稱OS),該安全OS被配置為提供可信執行環境(trusted execution environment,簡稱TEE),在該可信執行環境中,安全應用程式受到保護。在另一實施方式中,安全記憶體和第二安全處理器可以由第一防火牆保護。在一些實施方式中,子系統可以由不同於第一防火牆的第二防火牆保護。在各種實施方式中,第一防火牆可以提供比第二防火牆更高的安全級別。In one embodiment, the device may further include a secure operating system (OS) embedded in the first secure processor, the secure OS being configured to provide a trusted execution environment (TEE) in which secure applications are protected. In another embodiment, the secure memory and the second secure processor may be protected by a first firewall. In some embodiments, the subsystem may be protected by a second firewall that is different from the first firewall. In various embodiments, the first firewall may provide a higher level of security than the second firewall.

在一個實施方式中,該裝置還可以包括耦接到安全記憶體的圖像訊號處理器(image signal processor,簡稱ISP)。ISP可以被配置為處理圖像並將所處理的圖像儲存到安全記憶體中。在另一實施方式中,該裝置還可以包括面部生物特徵模式(facial biometric pattern),該面部生物特徵模式在TEE內是安全的。在一些實施方式中,第二安全處理器可以執行AI可執行二進位檔案,以確定所處理的圖像中的任何一個圖像是否與面部生物特徵模式相匹配。In one embodiment, the device may further include an image signal processor (ISP) coupled to the secure memory. The ISP may be configured to process images and store the processed images in the secure memory. In another embodiment, the device may further include a facial biometric pattern that is secure within the TEE. In some embodiments, the second secure processor may execute an AI executable binary to determine whether any of the processed images matches the facial biometric pattern.

在一個實施方式中,第一安全處理器可以包括安全中央處理單元(central processing unit,簡稱CPU)。在另一實施方式中,第二安全處理器可以包括安全深度學習加速器(deep learning accelerator,簡稱DLA)。在一些實施方式中,DLA可以包括加速處理單元(accelerated processing unit,簡稱APU)。In one embodiment, the first security processor may include a secure central processing unit (CPU). In another embodiment, the second security processor may include a secure deep learning accelerator (DLA). In some embodiments, the DLA may include an accelerated processing unit (APU).

注意,本發明內容部分並沒有指定本發明或要求保護的發明的每個實施方式和/或遞增的新穎方面。相反,本發明內容僅提供了與常規技術相比的不同實施方式和對應新穎點的初步討論。對於本發明和實施方式的附加細節和/或可能的視角,請讀者參考本發明的具體實施方式部分和對應的圖式,如下面進一步討論的。Note that this summary does not specify every embodiment and/or incremental novel aspect of the present invention or the claimed invention. Rather, this summary merely provides an initial discussion of various embodiments and corresponding novelties compared to conventional techniques. For additional details and/or possible perspectives of the present invention and its embodiments, the reader is referred to the detailed description of the present invention and the corresponding figures, as discussed further below.

提出環境智慧(AmI)(例如,環境感測),旨在增強環境和人彼此互動的方式。具體來說,AmI表示將不要求明確的輸入和輸出設備的智慧計算;相反,可以將各種感測器(例如,加速度計、全球定位系統(global positioning system,簡稱GPS)、麥克風、攝影機等)和處理器嵌入到日常電子設備(例如,行動電話)中,以使用人工智慧(AI)技術收集和處理上下文資訊,例如以便解釋環境狀態和使用者需求。Ambient intelligence (AmI) (e.g., environmental sensing) is proposed to enhance the way the environment and people interact with each other. Specifically, AmI represents intelligent computing that does not require explicit input and output devices; instead, various sensors (e.g., accelerometers, global positioning systems (GPS), microphones, cameras, etc.) and processors can be embedded in everyday electronic devices (e.g., mobile phones) to collect and process contextual information using artificial intelligence (AI) techniques, for example, to interpret the state of the environment and user needs.

例如,谷歌(Google)推出的“個人安全”應用程式具有如下功能,亦即,可以感測個體是否已發生車禍,如果已發生車禍,則可以代表該個體撥打緊急電話。作為另一示例,安裝在攝影機中的AI和機器學習(ML)演算法(或模型)能夠例如藉由確定攝影機捕獲的圖像是否與所有者面部的面部生物特徵模式相匹配來識別其所有者的面部。For example, Google's "Personal Safety" app has the ability to detect whether an individual has been in a car accident and, if so, to place an emergency call on the individual's behalf. As another example, AI and machine learning (ML) algorithms (or models) installed in cameras can recognize the face of their owner, for example, by determining whether an image captured by the camera matches the owner's facial biometric pattern.

為了使車禍感測功能真正發揮作用,行動電話需要能夠隨時檢測車禍。例如,可以藉由連續輪詢加速度計和麥克風、然後處理由此收集的資料(例如,藉由執行始終線上的人工智慧(AI))來確定是否發生車禍。然而,持續始終線上的感測任務消耗了行動電話大量寶貴的電力資源。For crash sensing to be truly effective, mobile phones need to be able to detect crashes at all times. For example, this can be done by continuously polling the accelerometer and microphone, then processing the collected data (e.g., by running always-on artificial intelligence (AI)) to determine if a crash has occurred. However, this constant on-line sensing consumes a significant amount of the phone's precious battery.

感測器集線器(或上下文集線器)是一種低功率子系統(例如,處理器),其可以被設計成處理和解釋從感測器收集的資料,並喚醒主應用處理器(application processor,簡稱AP)採取行動。例如,在處理和解釋所收集到的資料並確定發生了車禍之後,感測器集線器可以喚醒AP,並且行動電話可以呼叫緊急服務。A sensor hub (or context hub) is a low-power subsystem (e.g., a processor) that can be designed to process and interpret data collected from sensors and wake up the main application processor (AP) to take action. For example, after processing and interpreting the collected data and determining that a car accident has occurred, the sensor hub can wake up the AP, and the mobile phone can call emergency services.

圖1是啟用AmI的裝置100(例如,行動電話)的功能方塊圖。裝置100可以包括AP 110、耦接到AP 110的低功率子系統120(例如,感測器集線器)、耦接到感測器集線器120的訊號處理器130(例如,低功率圖像訊號處理器(low-power image signal processor,簡稱ISP))、耦接到感測器集線器120的處理器140(例如,AI加速器(諸如深度學習加速器(deep learning accelerator,簡稱DLA)、例如加速處理單元(accelerated processing unit,簡稱APU))、以及耦接到感測器集線器120、ISP 130和APU 140的記憶體150。Figure 1 is a functional block diagram of an AmI-enabled device 100 (e.g., a mobile phone). The device 100 may include an access point (AP) 110, a low-power subsystem 120 (e.g., a sensor hub) coupled to the AP 110, a signal processor 130 (e.g., a low-power image signal processor (ISP)) coupled to the sensor hub 120, a processor 140 (e.g., an AI accelerator (e.g., a deep learning accelerator (DLA) or an accelerated processing unit (APU)) coupled to the sensor hub 120, and a memory 150 coupled to the sensor hub 120, the ISP 130, and the APU 140.

AP 110可以啟用環境感測功能,例如,始終線上的視覺(always-on vision,簡稱AOV)客戶端111,並將AI模型122載入到感測器集線器120,以將從嵌入式感測器(例如,攝影機(未圖示))收集的大量處理資料卸載到感測器集線器120。在感測器集線器120中,攝影機驅動器123可以基於AOV客戶端111來驅動ISP 130,以處理由攝影機捕獲的圖像(例如,使用者面部),並將經處理的圖像發送到記憶體150的攝影機輸入151。軟體開發套件(software development kit,簡稱SDK)121(例如,AI推理SDK)可以驅動APU 140對經處理的圖像執行AI模型122。例如,APU 140可以利用與AI模型122相對應的AI可執行二進位檔案來對從攝影機輸入151發送的經處理的圖像執行AI模型122,並生成輸出152,例如,輸出152可以是相關聯於所捕獲的客戶面部是否與所有者面部的面部生物特徵模式相匹配的分類結果。AP 110 can enable environmental sensing functions, such as always-on vision (AOV) client 111, and load AI model 122 into sensor hub 120 to offload large amounts of processed data collected from embedded sensors (e.g., a camera (not shown)) to sensor hub 120. In sensor hub 120, camera driver 123 can drive ISP 130 based on AOV client 111 to process images captured by the camera (e.g., a user's face) and send the processed images to camera input 151 of memory 150. A software development kit (SDK) 121 (e.g., an AI inference SDK) can drive the APU 140 to execute the AI model 122 on the processed image. For example, the APU 140 can use the AI executable binary file corresponding to the AI model 122 to execute the AI model 122 on the processed image sent from the camera input 151 and generate an output 152. For example, the output 152 can be a classification result related to whether the captured customer's face matches the facial biometric feature pattern of the owner's face.

在裝置100中,感測器集線器120可以提供具有有限靈活性的安全計算。例如,當行動電話正在運行時,感測器集線器120可以在安全引導階段保護固定的功能和安全。環境感測持續感測資料,這些資料包括使用者隱私,例如語音、視覺、周圍、位置等。如果這種資料以及載入到感測器集線器122中的AI模型122沒有受到良好的保護,它們很可能會被攻擊、竊取或篡改。此外,APU 140在其上執行AI模型122的經處理的圖像可能不是從攝影機捕獲的,而是由攻擊者從外部發送的。In the device 100, the sensor hub 120 can provide secure computing with limited flexibility. For example, when the mobile phone is running, the sensor hub 120 can protect fixed functions and security during the secure boot phase. Environmental sensing continuously senses data, which includes user privacy such as voice, vision, surroundings, location, etc. If such data and the AI model 122 loaded into the sensor hub 122 are not well protected, they are likely to be attacked, stolen, or tampered with. In addition, the processed image on which the APU 140 executes the AI model 122 may not be captured from a camera, but may be sent from the outside by an attacker.

防火牆是一種網路安全裝置,其可以監測所有傳入和傳出流量,並根據定義的一組安全規則來接受、拒絕或丟棄所述流量。例如,防火牆可以藉由如下方式來控制網路訪問,亦即,監測任何開放系統互相連線(open systems interconnection ,簡稱OSI)層、直到應用層上的傳入和傳出資料封包,並允許它們基於來源和目的地IP位址、協定、埠以及狀態表中資料封包的歷史記錄來通過或停止,以保護資料封包免受攻擊、竊取或篡改。防火牆可以是基於硬體的,也可以是基於軟體的。A firewall is a network security device that monitors all incoming and outgoing traffic and accepts, denies, or discards it based on a defined set of security rules. For example, a firewall can control network access by monitoring incoming and outgoing data packets at any Open Systems Interconnection (OSI) layer up to the application layer and allowing or stopping them based on the source and destination IP addresses, protocols, ports, and the packet's history in a state table to protect the packets from attacks, eavesdropping, or tampering. Firewalls can be hardware-based or software-based.

圖2是啟用AmI的裝置200(例如,行動電話)的功能方塊圖。裝置200與裝置100的不同之處在於,在裝置200中,感測器集線器120和記憶體150受到良好的保護(例如,經由防火牆290)(以黑色背景示出)。因此,感測到的資料和AI模型122是安全的,並且攻擊者不能將圖像發送到記憶體150中。然而,AI模型122需要不時地被恢復或更新(例如,使用新AI模型112),以根據裝置訓練或網際網路來持續增強性能或安全。AP 110不能恢復或更新儲存在感測器集線器120中的AI模型122,因為感測器集線器120受到防火牆290的保護,並且AP 110沒有訪問感測器集線器120的許可權。Figure 2 is a functional block diagram of an AmI-enabled device 200 (e.g., a mobile phone). Device 200 differs from device 100 in that, in device 200, sensor hub 120 and memory 150 are well protected (e.g., via firewall 290) (shown with a black background). Therefore, the sensed data and AI model 122 are secure, and attackers cannot send images to memory 150. However, AI model 122 needs to be restored or updated from time to time (e.g., with a new AI model 112) to continuously enhance performance or security based on device training or the internet. The AP 110 cannot restore or update the AI model 122 stored in the sensor hub 120 because the sensor hub 120 is protected by the firewall 290 and the AP 110 does not have permission to access the sensor hub 120.

圖3是啟用AmI的裝置300(例如,行動電話)的功能方塊圖。裝置300可以包括安全作業系統(operating system,簡稱OS)360。安全OS 360可以為安卓(Android)提供可信執行環境(trusted execution environment,簡稱TEE)393(以黑色背景示出),其中代碼和資料(例如,可信應用程式(trusted application,簡稱TA))可以在機密性和完整性方面得到保護。安全OS 360可以在與Android運行的處理器(例如,AP 110)相同的處理器上運行,但是藉由硬體和軟體與在富執行環境(rich execution environment,簡稱REE)內運行富OS的系統的其餘部分隔離。3 is a functional block diagram of an AmI-enabled device 300 (e.g., a mobile phone). The device 300 may include a secure operating system (OS) 360. The secure OS 360 may provide a trusted execution environment (TEE) 393 (shown against a black background) for Android, where code and data (e.g., trusted applications (TAs)) may be protected in terms of confidentiality and integrity. The secure OS 360 may run on the same processor as Android (e.g., AP 110), but may be isolated by hardware and software from the rest of the system running a rich OS within a rich execution environment (REE).

AI模型322可以載入在由安全OS 360提供的TEE 393內,並且可以準備AI模型322的AI可執行二進位檔案381和控制流(包括AI會話(session)327,例如AI模型322的識別字(identifier,簡稱ID),以及AI執行器328),統稱為AI準備361。AI可執行二進位檔案381可以被發送到安全記憶體380,並且AI會話327和AI執行器328可以被發送至低功率子系統320,例如感測器集線器。諸如AI加速器(諸如DLA,例如APU)之類的處理器340可以藉由確定AI會話327和AI執行器328來執行AI可執行二進位檔案381。在一個實施方式中,記憶體380和APU 340也是安全的(以黑色背景示出)(例如,經由防火牆391),以保護AI可執行二進位檔案381不被攻擊、竊取或篡改。在圖3所示的示例實施方式中,感測器集線器320不受保護,因為它僅提供用於AI模型322的控制流,而不涉及任何感測資料。在一些實施方式中,感測器集線器320也可以受到保護(例如,經由防火牆)。例如,該防火牆可以提供比防火牆391更低的安全級別,因為AI會話327和AI執行器328不如AI可執行二進位檔案381重要。The AI model 322 may be loaded into the TEE 393 provided by the secure OS 360, and an AI executable binary file 381 and control flow (including an AI session 327, such as an identifier (ID) of the AI model 322, and an AI executive 328) of the AI model 322 may be prepared, collectively referred to as AI preparation 361. The AI executable binary file 381 may be sent to the secure memory 380, and the AI session 327 and the AI executive 328 may be sent to the low-power subsystem 320, such as a sensor hub. A processor 340, such as an AI accelerator (such as a DLA, such as an APU), may execute the AI executable binary file 381 by determining the AI session 327 and the AI executive 328. In one embodiment, memory 380 and APU 340 are also secured (shown with a black background) (e.g., via firewall 391) to protect AI executable binary 381 from being attacked, stolen, or tampered with. In the example embodiment shown in FIG3 , sensor hub 320 is not secured because it only provides control flow for AI model 322 and does not involve any sensor data. In some embodiments, sensor hub 320 can also be secured (e.g., via a firewall). For example, this firewall may provide a lower level of security than firewall 391 because AI session 327 and AI executive 328 are less critical than AI executable binary 381.

在一個實施方式中,資料(例如,面部生物特徵模式363)在TEE 393內也是安全的,並且被下載和儲存到安全記憶體380中。例如,APU 340可以利用AI可執行二進位檔案381對從ISP 130(如圖1所示)發送的經處理的圖像(例如,使用者面部)執行AI模型322,並生成與所捕獲的客戶面部是否與所有者面部(亦即,面部生物特徵模式363)相匹配相關聯的輸出,例如,分類結果。In one embodiment, data (e.g., facial biometric pattern 363) is also secure within TEE 393 and is downloaded and stored in secure memory 380. For example, APU 340 may utilize AI executable binary 381 to execute AI model 322 on a processed image (e.g., a user's face) sent from ISP 130 (as shown in FIG1 ) and generate an output, e.g., a classification result, associated with whether the captured customer face matches the owner's face (i.e., facial biometric pattern 363).

由於硬體的各種實現(例如,裝置300的安全記憶體380和AI加速器340),輸入/輸出(input/output,簡稱IO)資料以及與其相關的資訊(例如,IO資料的位址)可能需要修改,以便在被部署到AI加速器340的AI模型322上運行。例如,在為了提高性能而捕獲複數個圖像幀的場景中,安全攝影機可以包括環形緩衝器(或迴圈緩衝器),該環形緩衝器被配置為使所捕獲的圖像幀序列化。每當圖像幀在環形緩衝器中被消耗時,指向環形緩衝器中的圖像幀的開始和結束的指標會被更新,並且輸入到AI模型322的位址會變化。作為另一示例,在AI模型322被用於識別模式(patterns)並且包括複數個連接的子圖(subgraphs)(例如,特徵提取和檢測子圖以及識別子圖)的場景中,如果APU 340具有有限的能力,則輸入到特徵提取和檢測子圖並由其檢測的模式可以由識別子圖基於它們的大小(size)利用不同的(例如,高或低)解析度來識別。Due to various hardware implementations (e.g., the secure memory 380 and the AI accelerator 340 of the device 300), input/output (IO) data and information related thereto (e.g., the address of the IO data) may need to be modified in order to run on the AI model 322 deployed to the AI accelerator 340. For example, in a scenario where multiple image frames are captured to improve performance, the security camera may include a ring buffer (or loop buffer) configured to serialize the captured image frames. Whenever an image frame is consumed from the annular buffer, pointers to the start and end of the image frame in the annular buffer are updated, and the address input to the AI model 322 changes. As another example, in a scenario where the AI model 322 is used to recognize patterns and includes a plurality of connected subgraphs (e.g., a feature extraction and detection subgraph and a recognition subgraph), if the APU 340 has limited capabilities, the patterns input to and detected by the feature extraction and detection subgraph may be recognized by the recognition subgraph using different (e.g., high or low) resolutions based on their sizes.

然而,當IO資料和/或與其相關的資訊變化時,因為AI可執行二進位檔案381在安全記憶體380和AI加速器340中受到保護,所以AI執行器328不能修改AI可執行二進位檔案381。例如,如圖4的裝置400所示,嵌入在由安全OS 360提供的TEE 393內的IO預發(pre-fire)模組420不能將IO變化(例如,IO 410的位址)修補到被載入到AI加速器340的AI可執行二進位檔案381,並且AI執行器328不能修改AI可執行二進位檔案381。作為另一示例,如圖5的裝置500所示,其包括複數個隔離的虛擬機器(virtual machine,簡稱VM),第一VM(VM0)501具有比Android系統502和第二VM(VM1)503更高的特權,Android系統502和第二VM(VM1)503兩者都連接到AI加速器340,嵌入在VM0 501內的IO預發模組520不能將IO變化(例如,IO 510的位址)修補到由VM0 501準備並載入到AI加速器340的AI可執行二進位檔案381,並且Android系統502的AI執行器528和VM1 503的AI執行器538不能修改AI可執行二進位檔案381。However, when IO data and/or information related thereto changes, AI executor 328 cannot modify AI executable binary file 381 because AI executable binary file 381 is protected in secure memory 380 and AI accelerator 340. For example, as shown in device 400 of FIG4 , IO pre-fire module 420 embedded in TEE 393 provided by secure OS 360 cannot patch IO changes (e.g., the address of IO 410) to AI executable binary file 381 loaded into AI accelerator 340, and AI executor 328 cannot modify AI executable binary file 381. As another example, as shown in device 500 of FIG. 5 , it includes multiple isolated virtual machines (VMs). A first VM (VM0) 501 has higher privileges than an Android system 502 and a second VM (VM1) 503. Both the Android system 502 and the second VM (VM1) 503 are connected to an AI accelerator 340. An IO pre-launch module 520 embedded in VM0 501 cannot patch IO changes (e.g., the address of IO 510) to an AI executable binary file 381 prepared by VM0 501 and loaded into the AI accelerator 340. Furthermore, the AI executor 528 of the Android system 502 and the AI executor 538 of VM1 503 cannot modify the AI executable binary file 381.

圖6是根據本發明的一些實施方式的啟用AmI的裝置600(例如,行動電話)的功能方塊圖。裝置600可以在IO變化的情況下執行AI模型。與裝置300相比,裝置600還可以包括IO元資料640、IO驗證器/檢查器630和IO預發模組620。在一個實施方式中,IO元資料640可以由安全OS 360提供,同時準備AI模型322的AI可執行二進位檔案381和控制流(包括AI會話327和AI執行器328),統稱為AI準備361,並將其發送到安全記憶體380並嵌入安全記憶體380中。在圖6的示例實施方式中,由於安全記憶體380受到保護(例如,經由防火牆391),因此還可以保護IO元資料640不被攻擊、竊取或篡改。在另一實施方式中,IO驗證器/檢查器630和IO預發模組620可以嵌入AI加速器340中,並且也可以受到保護(例如,經由防火牆391)。在一個實施方式中,安全OS 360或VM(例如,VM0 501)可以嵌入TEE 393內。在另一實施方式中,子系統320可以是感測器集線器或VM(例如,VM1 503)。在圖6的示例實施方式中,子系統320不受保護。在一些實施方式中,子系統320也可以受到保護(例如,經由防火牆)。例如,防火牆可以提供比防火牆391更低的安全級別,因為AI會話327和AI執行器328不如AI可執行二進位檔案381重要。Figure 6 is a functional block diagram of an AmI-enabled device 600 (e.g., a mobile phone) according to some embodiments of the present invention. The device 600 can execute an AI model under IO changes. Compared to the device 300, the device 600 may further include IO metadata 640, an IO validator/checker 630, and an IO pre-launch module 620. In one embodiment, the IO metadata 640 may be provided by the secure OS 360, while preparing the AI executable binary file 381 and control flow (including the AI session 327 and the AI executor 328) of the AI model 322, collectively referred to as AI preparation 361, and sending it to the secure memory 380 and embedding it in the secure memory 380. In the example embodiment of FIG6 , because the secure memory 380 is protected (e.g., via a firewall 391), the IO metadata 640 can also be protected from attack, theft, or tampering. In another embodiment, the IO validator/checker 630 and the IO pre-launch module 620 can be embedded in the AI accelerator 340 and can also be protected (e.g., via a firewall 391). In one embodiment, the secure OS 360 or VM (e.g., VM0 501) can be embedded in the TEE 393. In another embodiment, the subsystem 320 can be a sensor hub or a VM (e.g., VM1 503). In the example embodiment of FIG6 , the subsystem 320 is not protected. In some embodiments, the subsystem 320 can also be protected (e.g., via a firewall). For example, a firewall may provide a lower level of security than firewall 391 because the AI session 327 and AI executor 328 are not as important as the AI executable binary 381.

在一個實施方式中,IO元資料640可以包括IO位址修補資訊和/或有效/可訪問的IO(位址)範圍。例如,IO元資料640可以包括指向安全攝影機的環形緩衝器的開始和結束的指標(或位址)。在另一實施方式中,IO驗證器/檢查器630可以驗證/檢查IO變化(例如,IO位址610)是否在IO元資料640中指定的IO位址範圍內,並且如果IO位址610在IO位址範圍內,則IO預發模組620可以將IO位址610修補到AI可執行二進位檔案381。例如,由於在示例實施方式中子系統320沒有受到良好的保護,因此IO位址610可能是由惡意實體(例如駭客)提供的。在這種場景下,IO驗證器/檢查器630可以驗證/檢查IO位址610,並確定IO位址610不在IO位址範圍內,因此IO預發模組620不會將未被驗證(unverified)的IO位址610修補到被分配到並運行於AI加速器340上的AI可執行二進位檔案381。作為另一示例,當IO驗證器/檢查器630驗證/檢查IO位址610,並確定IO位址610在IO位址範圍內時,IO預發模組620可以將IO位址610修補到運行於AI加速器340上的AI可執行二進位檔案381。因此,APU 340可以將動態形狀資訊應用於AI可執行二進位檔案381並執行推理。In one embodiment, the IO metadata 640 may include IO address patching information and/or a valid/accessible IO (address) range. For example, the IO metadata 640 may include pointers (or addresses) to the start and end of the circular buffer of the security camera. In another embodiment, the IO validator/checker 630 may verify/check whether the IO change (e.g., IO address 610) is within the IO address range specified in the IO metadata 640, and if the IO address 610 is within the IO address range, the IO pre-release module 620 may patch the IO address 610 to the AI executable binary file 381. For example, because the subsystem 320 is not well protected in the example embodiment, the IO address 610 may be provided by a malicious entity (e.g., a hacker). In this scenario, the IO verifier/checker 630 can verify/check the IO address 610 and determine that the IO address 610 is not within the IO address range. Therefore, the IO pre-issue module 620 does not patch the unverified IO address 610 to the AI executable binary file 381 allocated to and running on the AI accelerator 340. As another example, when the IO verifier/checker 630 verifies/checks the IO address 610 and determines that the IO address 610 is within the IO address range, the IO pre-issue module 620 can patch the IO address 610 to the AI executable binary file 381 running on the AI accelerator 340. As a result, the APU 340 can apply the dynamic shape information to the AI executable binary file 381 and perform inference.

圖7是根據本發明的一些實施方式的啟用AmI的裝置700(例如,行動電話)的功能方塊圖。裝置700可以在IO變化的情況下執行AI模型。與裝置300相比,裝置700還可以包括IO元資料740、(形狀)IO驗證器730和(形狀)IO預發模組720。在一個實施方式中,可以提供IO元資料740,同時準備AI可執行二進位檔案381,並將IO元資料740發送並嵌入到安全記憶體380中。由於安全記憶體380受到保護(例如,經由防火牆391),IO元資料740也可以受到保護而不被攻擊、竊取或篡改。在另一實施方式中,(形狀)IO驗證器730和(形狀)I/O預發模組720可以嵌入AI加速器340中,並且也可以受到保護(例如,經由防火牆391)。Figure 7 is a functional block diagram of an AmI-enabled device 700 (e.g., a mobile phone) according to some embodiments of the present invention. The device 700 can execute an AI model in the presence of IO changes. Compared to the device 300, the device 700 can also include IO metadata 740, a (shape) IO validator 730, and a (shape) IO pre-release module 720. In one embodiment, the IO metadata 740 can be provided while the AI executable binary file 381 is prepared, and the IO metadata 740 is sent and embedded in the secure memory 380. Because the secure memory 380 is protected (e.g., via a firewall 391), the IO metadata 740 can also be protected from being attacked, stolen, or tampered with. In another embodiment, the (shape) IO validator 730 and the (shape) I/O pre-module 720 can be embedded in the AI accelerator 340 and can also be protected (e.g., via the firewall 391).

在一個實施方式中,IO元資料740可以包括許多不同的解析度,例如,低解析度和高解析度。在另一實施方式中,(形狀)IO驗證器730可以驗證觸發解析度變化的控制件710是否與IO元資料740中指定的不同解析度中的任何一個解析度相匹配,並且如果解析度變化與IO元資料740中指定的不同解析度中的任何一個解析度相匹配,則(形狀)IO預發模組720可以將解析度變化修補到AI可執行二進位檔案381。例如,由於在示例實施方式中子系統320沒有受到良好的保護,因此解析度變化可能是由惡意實體(例如,駭客)提供的。在這樣的場景中,(形狀)IO驗證器730可以驗證解析度變化,並確定解析度變化與不同解析度中的任何一個解析度不匹配,因此,(形狀)I/O預發模組720不會將未經驗證的解析度變化修補到被分配到並運行於AI加速器340上的AI可執行二進位檔案381。作為另一示例,當(形狀)IO驗證器730驗證解析度變化,並確定解析度變化與IO元資料740中指定的不同解析度中的一個解析度相匹配時,(形狀)I/O預發模組720可以將解析度變化修補到運行於AI加速器340上的AI可執行二進位檔案381。因此,APU 340可以將動態形狀資訊應用於AI可執行二進位檔案381並執行推理。In one embodiment, the IO metadata 740 may include a number of different resolutions, such as low resolution and high resolution. In another embodiment, the (shape) IO verifier 730 may verify whether the control 710 that triggers the resolution change matches any of the different resolutions specified in the IO metadata 740, and if the resolution change matches any of the different resolutions specified in the IO metadata 740, the (shape) IO pre-release module 720 may patch the resolution change to the AI executable binary 381. For example, because the subsystem 320 is not well protected in the example embodiment, the resolution change may be provided by a malicious entity (e.g., a hacker). In such a scenario, the (shape) IO verifier 730 may verify the resolution change and determine that the resolution change does not match any of the different resolutions. Therefore, the (shape) I/O pre-issue module 720 does not patch the unverified resolution change to the AI executable binary file 381 that is distributed and runs on the AI accelerator 340. As another example, when the (shape) IO verifier 730 verifies the resolution change and determines that the resolution change matches one of the different resolutions specified in the IO metadata 740, the (shape) I/O pre-issue module 720 may patch the resolution change to the AI executable binary file 381 that runs on the AI accelerator 340. Therefore, the APU 340 can apply the dynamic shape information to the AI executable binary file 381 and perform inference.

雖然已經結合作為示例提出的本發明的具體實施方式描述了本發明的各方面,但可以對這些示例進行替換、修改和變化。因此,本文所闡述的實施方式旨在例示而非限制。在不脫離下面所闡述的申請專利範圍的情況下,可以進行一些變化。While aspects of the present invention have been described with reference to specific embodiments provided as examples, these examples are susceptible to alterations, modifications, and variations. Therefore, the embodiments described herein are intended to be illustrative rather than restrictive. Certain variations are possible without departing from the scope of the claims set forth below.

110:主應用處理器(AP) 111:始終線上的視覺(AOV)客戶端 112:新AI模型 120:感測器集線器 121:軟體開發套件(SDK) 123:攝影機驅動器 130:圖像訊號處理器(ISP) 141:工作緩衝區 150:記憶體 151:攝影機輸入 152:輸出 320:低功率子系統(感測器集線器) 328:AI執行器 360:安全OS 361:AI準備 363:面部生物特徵模式 380:安全記憶體 381:二進位檔案 393:可信執行環境(TEE) 501:第一虛擬機器(VM0) 502:Android系統 503:第二虛擬機器(VM1) 610:IO位址 630:IO驗證器/檢查器 710:控制項 720:(形狀)I/O預發模組 730:(形狀)IO驗證器 122,322:AI模型 140,340:加速處理單元(APU) 290,391:防火牆 410,510:IO 528,538:AI執行器 640,740:IO元資料 327,527,537:AI會話 420,520,620:IO預發模組 100,200,300,400,500,600,700:裝置 110: Main Application Processor (AP) 111: Always-On Vision (AOV) Client 112: New AI Models 120: Sensor Hub 121: Software Development Kit (SDK) 123: Camera Driver 130: Image Signal Processor (ISP) 141: Working Buffer 150: Memory 151: Camera Input 152: Output 320: Low-Power Subsystem (Sensor Hub) 328: AI Executive 360: Secure OS 361: AI Readiness 363: Facial Biometric Mode 380: Secure Memory 381: Binary Files 393: Trusted Execution Environment (TEE) 501: First Virtual Machine (VM0) 502: Android System 503: Second Virtual Machine (VM1) 610: I/O Address 630: I/O Verifier/Inspector 710: Control 720: (Shape) I/O Pre-Module 730: (Shape) I/O Verifier 122,322: AI Model 140,340: Accelerated Processing Unit (APU) 290,391: Firewall 410,510: I/O 528,538: AI Executor 640,740: I/O Metadata 327,527,537: AI Session 420, 520, 620: IO pre-release modules 100, 200, 300, 400, 500, 600, 700: devices

將參考以下圖式詳細描述作為示例而提出的本發明的各種實施方式,其中相同的數字指代相同的元件,並且其中: 圖1是第一啟用環境智慧(ambient intelligence,簡稱AmI)的裝置的功能方塊圖; 圖2是第二啟用AmI的裝置的功能方塊圖; 圖3是第三啟用AmI的裝置的功能方塊圖; 圖4是第四啟用AmI的裝置的功能方塊圖; 圖5是第五啟用AmI的裝置的功能方塊圖; 圖6是根據本發明的一些實施方式的第一啟用AmI的裝置的功能方塊圖;以及 圖7是根據本發明的一些實施方式的第二啟用AmI的裝置的功能方塊圖。 Various embodiments of the present invention, presented as examples, will be described in detail with reference to the following figures, in which like numerals refer to like elements, and in which: Figure 1 is a functional block diagram of a first ambient intelligence (AmI)-enabled device; Figure 2 is a functional block diagram of a second AmI-enabled device; Figure 3 is a functional block diagram of a third AmI-enabled device; Figure 4 is a functional block diagram of a fourth AmI-enabled device; Figure 5 is a functional block diagram of a fifth AmI-enabled device; Figure 6 is a functional block diagram of a first AmI-enabled device according to some embodiments of the present invention; and Figure 7 is a functional block diagram of a second AmI-enabled device according to some embodiments of the present invention.

100:裝置 100: Device

110:主應用處理器(AP) 110: Main Application Processor (AP)

111:始終線上的視覺(AOV)客戶端 111: Always Online Visual (AOV) Client

112:新AI模型 112: New AI Model

120:感測器集線器 120: Sensor Hub

121:軟體開發套件(SDK) 121: Software Development Kit (SDK)

122:AI模型 122: AI Model

123:攝影機驅動器 123:Camera drive

130:圖像訊號處理器(ISP) 130: Image Signal Processor (ISP)

140:加速處理單元(APU) 140: Accelerated Processing Unit (APU)

141:工作緩衝區 141: Work Buffer

150:記憶體 150: Memory

151:攝影機輸入 151: Camera input

152:輸出 152: Output

Claims (13)

一種人工智慧裝置,所述人工智慧裝置包括: 第一安全處理器; 安全應用程式,所述安全應用程式嵌入在所述第一安全處理器中,所述安全應用程式與人工智慧(artificial intelligence ,簡稱AI)模型相關聯; 安全記憶體,所述安全記憶體耦接到所述第一安全處理器,所述安全記憶體被配置為儲存與所述AI模型相關聯的AI可執行二進位檔案; 第二安全處理器,所述第二安全處理器耦接到所述安全記憶體,所述第二安全處理器被配置為執行儲存在所述安全記憶體中的所述AI可執行二進位檔案; 子系統,所述子系統耦接在所述第一安全處理器與所述第二安全處理器之間,所述子系統被配置為觸發輸入/輸出(Input/Output,簡稱IO)變化並觸發所述第二安全處理器以執行儲存在所述安全記憶體中的所述AI可執行二進位檔案; IO元資料,所述IO元資料儲存在所述安全記憶體中; IO驗證器,所述IO驗證器耦接到所述子系統和所述安全記憶體,所述IO驗證器被配置為藉由所述IO元資料來驗證所述IO變化;以及 IO預發模組,所述IO預發模組耦接到所述IO驗證器,所述IO預發模組被配置為,當所述IO驗證器確定所述IO變化與所述IO元資料相匹配時,將所述IO變化修補到運行於所述第二安全處理器上的所述AI可執行二進位檔案。 An artificial intelligence device comprises: a first security processor; a security application embedded in the first security processor, the security application being associated with an artificial intelligence (AI) model; a secure memory coupled to the first security processor, the secure memory being configured to store an AI executable binary file associated with the AI model; a second security processor coupled to the secure memory, the second security processor being configured to execute the AI executable binary file stored in the secure memory; A subsystem coupled between the first and second secure processors, the subsystem configured to trigger an input/output (IO) change and trigger the second secure processor to execute the AI executable binary file stored in the secure memory; IO metadata stored in the secure memory; An IO verifier coupled to the subsystem and the secure memory, the IO verifier configured to verify the IO change using the IO metadata; and An IO pre-launch module is coupled to the IO verifier and configured to, when the IO verifier determines that the IO change matches the IO metadata, patch the IO change to the AI executable binary file running on the second secure processor. 如請求項1之人工智慧裝置,其中,所述IO元資料包括IO位址範圍,所述IO變化包括IO位址,所述IO驗證器驗證所述IO位址是否在所述IO位址範圍內,並且當所述IO驗證器確定所述IO位址在所述IO位址範圍內時,所述IO預發模組將所述IO位址修補到運行於所述第二安全處理器上的所述AI可執行二進位檔案。The artificial intelligence device of claim 1, wherein the IO metadata includes an IO address range, the IO variation includes an IO address, the IO verifier verifies whether the IO address is within the IO address range, and when the IO verifier determines that the IO address is within the IO address range, the IO pre-launch module patches the IO address to the AI executable binary file running on the second secure processor. 如請求項1之人工智慧裝置,其中,所述IO元資料包括複數個不同的解析度,所述IO變化包括解析度變化,所述IO驗證器驗證所述解析度變化是否與所述IO元資料中指定的不同解析度中的任何一個解析度相匹配,並且當所述IO驗證器確定所述解析度變化與所述不同解析度中的一個解析度相匹配時,所述IO預發模組將所述解析度變化修補到運行於所述第二安全處理器上的所述AI可執行二進位檔案。The artificial intelligence device of claim 1, wherein the IO metadata includes a plurality of different resolutions, the IO change includes a resolution change, the IO verifier verifies whether the resolution change matches any one of the different resolutions specified in the IO metadata, and when the IO verifier determines that the resolution change matches one of the different resolutions, the IO pre-launch module patches the resolution change to the AI executable binary file running on the second secure processor. 如請求項1之人工智慧裝置,其中,所述IO驗證器嵌入在所述第二安全處理器中。The artificial intelligence device of claim 1, wherein the IO verifier is embedded in the second security processor. 如請求項1之人工智慧裝置,其中,所述IO預發模組嵌入在所述第二安全處理器中。The artificial intelligence device of claim 1, wherein the IO pre-transmission module is embedded in the second security processor. 如請求項1之人工智慧裝置,所述人工智慧裝置還包括嵌入在所述第一安全處理器中的安全作業系統(operating system,簡稱OS),所述安全OS被配置為提供可信執行環境(trusted execution environment,簡稱TEE),在所述可信執行環境內,所述安全應用程式受到保護。As in claim 1, the artificial intelligence device further includes a secure operating system (OS) embedded in the first secure processor, wherein the secure OS is configured to provide a trusted execution environment (TEE), within which the secure application is protected. 如請求項6之人工智慧裝置,其中,所述安全記憶體和所述第二安全處理器由第一防火牆保護。An artificial intelligence device as claimed in claim 6, wherein the secure memory and the second secure processor are protected by a first firewall. 如請求項7之人工智慧裝置,其中,所述子系統由不同於所述第一防火牆的第二防火牆保護。An artificial intelligence device as claimed in claim 7, wherein the subsystem is protected by a second firewall that is different from the first firewall. 如請求項8之人工智慧裝置,其中,所述第一防火牆提供比所述第二防火牆更高的安全級別。An artificial intelligence device as claimed in claim 8, wherein the first firewall provides a higher level of security than the second firewall. 如請求項6之人工智慧裝置,所述人工智慧裝置還包括: 圖像訊號處理器(image signal processor,簡稱ISP),所述ISP耦接到所述安全記憶體,所述ISP被配置為處理圖像並將所處理的圖像儲存到所述安全記憶體中,以及 面部生物特徵模式,所述面部生物特徵模式在TEE內是安全的, 其中,所述第二安全處理器執行所述AI可執行二進位檔案,以確定所處理的圖像中的任何一個圖像是否與所述面部生物特徵模式相匹配。 The artificial intelligence device of claim 6, further comprising: an image signal processor (ISP), coupled to the secure memory, the ISP configured to process images and store the processed images in the secure memory, and a facial biometric pattern, the facial biometric pattern being secure within the TEE; wherein the second secure processor executes the AI executable binary file to determine whether any of the processed images matches the facial biometric pattern. 如請求項1之人工智慧裝置,其中,所述第一安全處理器包括安全中央處理單元(central processing unit,簡稱CPU)。The artificial intelligence device of claim 1, wherein the first security processor includes a security central processing unit (CPU). 如請求項1之人工智慧裝置,其中,所述第二安全處理器包括安全深度學習加速器(deep learning accelerator,簡稱DLA)。The artificial intelligence device of claim 1, wherein the second security processor includes a secure deep learning accelerator (DLA). 如請求項12之人工智慧裝置,其中,所述DLA包括加速處理單元(accelerated processing unit,簡稱APU)。The artificial intelligence device of claim 12, wherein the DLA includes an accelerated processing unit (APU).
TW112122173A 2022-06-16 2023-06-14 Artificial intelligence apparatus TWI892155B (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US202263352706P 2022-06-16 2022-06-16
US63/352,706 2022-06-16
US18/332,346 2023-06-09
US18/332,346 US20240411862A1 (en) 2023-06-09 2023-06-09 Always-on artificial intelligence (ai) security harware assisted input/output shape changing

Publications (2)

Publication Number Publication Date
TW202403564A TW202403564A (en) 2024-01-16
TWI892155B true TWI892155B (en) 2025-08-01

Family

ID=90457457

Family Applications (1)

Application Number Title Priority Date Filing Date
TW112122173A TWI892155B (en) 2022-06-16 2023-06-14 Artificial intelligence apparatus

Country Status (1)

Country Link
TW (1) TWI892155B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW201826162A (en) * 2016-12-16 2018-07-16 美商波音公司 Method and system for generation of cipher round keys by bit-mixers
US10540509B2 (en) * 2017-06-08 2020-01-21 Cisco Technology, Inc. File-type whitelisting
US10762198B1 (en) * 2019-09-25 2020-09-01 Richard Dea Artificial intelligence system and method for instantly identifying and blocking unauthorized cyber intervention into computer application object code
US20210232681A1 (en) * 2020-01-27 2021-07-29 Red Hat, Inc. Hypervisor level signature checks for encrypted trusted execution environments

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW201826162A (en) * 2016-12-16 2018-07-16 美商波音公司 Method and system for generation of cipher round keys by bit-mixers
US10540509B2 (en) * 2017-06-08 2020-01-21 Cisco Technology, Inc. File-type whitelisting
US10762198B1 (en) * 2019-09-25 2020-09-01 Richard Dea Artificial intelligence system and method for instantly identifying and blocking unauthorized cyber intervention into computer application object code
US20210232681A1 (en) * 2020-01-27 2021-07-29 Red Hat, Inc. Hypervisor level signature checks for encrypted trusted execution environments

Also Published As

Publication number Publication date
TW202403564A (en) 2024-01-16

Similar Documents

Publication Publication Date Title
JP7338044B2 (en) Face image transmission method, value transfer method, device and electronic device
AU2019222729B2 (en) Asset management method and apparatus, and electronic device
US7546471B2 (en) Method and system for virus detection using pattern matching techniques
CN107111715B (en) Using a trusted execution environment for security of code and data
Alotaibi Identifying malicious software using deep residual long-short term memory
WO2019161019A1 (en) Asset management method and apparatus, and electronic device
US12182297B2 (en) Data protection for computing device
TW201640393A (en) Method, device, and system for displaying user interface
KR101558054B1 (en) Anti-malware system and packet processing method in same
US20230259636A1 (en) Security assessment apparatus and method for processor
TWI892155B (en) Artificial intelligence apparatus
CN115203713A (en) Network access compliance detection method, device, equipment and medium for terminal equipment
US20220311792A1 (en) Forensics Analysis for Malicious Insider Attack Attribution based on Activity Monitoring and Behavioral Biometrics Profiling
US20240411862A1 (en) Always-on artificial intelligence (ai) security harware assisted input/output shape changing
CN116415247A (en) Method and device for container safety verification
US20230328031A1 (en) Always-on artificial intelligence (ai) security
EP3839783B1 (en) Electronic device for providing service by using secure element, and operating method thereof
Gu et al. Outlier: Enabling effective measurement of hypervisor code integrity with group detection
US20250061188A1 (en) Computer-implemented method for improving data security in a computing device
Lin et al. Gibraltar: Exposing Hardware Devices to Web Pages Using {AJAX}
Yadav et al. WhiteLie: A Robust System for Spoofing User Data in Android Platforms
Geetha et al. Malware Detection In Smartphone As An Information Security
Liu et al. A Hybrid Iris Recognition System Model Based on Presentation Attack Detection and Traffic Monitoring Module on AIoT System
CN117560455A (en) Image feature processing method, device, equipment and storage medium
CN116455665A (en) Network traffic detection method, system and electronic equipment