-
公开(公告)号:US11799651B2
公开(公告)日:2023-10-24
申请号:US16315867
申请日:2019-01-04
申请人: Baidu USA LLC , Baidu.com Times Technology (Beijing) Co., Ltd. , KUNLUNXIN TECHNOLOGY (BEIJING) COMPANY LIMITED
发明人: Yong Liu , Yueqiang Cheng , Jian Ouyang , Tao Wei
IPC分类号: H04L9/32 , G06F7/58 , H04L9/30 , H04L67/141
CPC分类号: H04L9/32 , G06F7/588 , H04L9/30 , H04L9/3265 , H04L67/141
摘要: According to one embodiment, a DP accelerator includes one or more execution units (EUs) configured to perform data processing operations in response to an instruction received from a host system coupled over a bus. The DP accelerator includes a time unit (TU) coupled to the security unit to provide timestamp services. The DP accelerator includes a security unit (SU) configured to establish and maintain a secure channel with the host system to exchange commands and data associated with the data processing operations, where the security unit includes a secure storage area to store a private root key associated with the DP accelerator, where the private root key is utilized for authentication. The SU includes a random number generator to generate a random number, and a cryptographic engine to perform cryptographic operations on data exchanged with the host system over the bus using a session key derived based on the random number.
-
公开(公告)号:US11709712B2
公开(公告)日:2023-07-25
申请号:US16598281
申请日:2019-10-10
申请人: Baidu USA LLC
发明人: Yueqiang Cheng , Yong Liu
CPC分类号: G06F9/5027 , G06F21/16 , G06N5/04 , G06N20/10
摘要: In one embodiment, a computer-implemented method performed by a data processing (DP) accelerator, includes receiving, at the DP accelerator, first data representing a set of training data from a host processor; receiving, at the DP accelerator, a watermark kernel from the host processor; and executing the watermark kernel within the DP accelerator on an artificial intelligence (AI) model. The watermark kernel, when executed, is configured to: generate a new watermark by inheriting an existing watermark from a data object of the set of training data, train the AI model using the set of training data, and implant the new watermark within the AI model during training of the AI model. The DP accelerator then transmits second data representing the trained AI model having the new watermark implanted therein to the host processor.
-
公开(公告)号:US11645116B2
公开(公告)日:2023-05-09
申请号:US16598192
申请日:2019-10-10
发明人: Yueqiang Cheng , Yong Liu
CPC分类号: G06F9/5027 , G06F21/16 , G06N5/04 , G06N20/10
摘要: In one embodiment, a computer-implemented method performed by a data processing (DP) accelerator, includes receiving, at the DP accelerator, first data representing an artificial intelligence (AI) model that has been previously trained from a host processor and a set of input data; receiving, at the DP accelerator, a watermark kernel from the host processor; and executing the watermark kernel within the DP accelerator on the AI model. The watermark kernel, when executed, is configured to: perform inference operations of the artificial intelligence model based on the input data to generate output data, and implant the watermark within the output data. The DP accelerator then transmits the output data having the watermark implanted therein to the host processor.
-
公开(公告)号:US11616651B2
公开(公告)日:2023-03-28
申请号:US16315973
申请日:2019-01-04
申请人: Baidu USA LLC , Baidu.com Times Technology (Beijing) Co., Ltd. , KUNLUNXIN TECHNOLOGY (BEIJING) COMPANY LIMITED
发明人: Yong Liu , Yueqiang Cheng , Jian Ouyang , Tao Wei
摘要: According to one embodiment, a system receives, at a host channel manager (HCM) of a host system, a request from an application to establish a secure channel with a data processing (DP) accelerator, where the DP accelerator is coupled to the host system over a bus. In response to the request, the system generates a first session key for the secure channel based on a first private key of a first key pair associated with the HCM and a second public key of a second key pair associated with the DP accelerator. In response to a first data associated with the application to be sent to the DP accelerator, the system encrypts the first data using the first session key. The system then transmits the encrypted first data to the DP accelerator via the secure channel over the bus.
-
5.发明授权公开(公告)号:US11582260B2
公开(公告)日:2023-02-14
申请号:US16684345
申请日:2019-11-14
申请人: Baidu USA LLC
发明人: Yueqiang Cheng , Yong Liu
摘要: Embodiments of the disclosure relate to verifying a watermark of an artificial intelligence (AI) model for a data processing (DP) accelerator. In one embodiment, a system receives an inference request from an application. The system extracts the watermark from an AI model having the watermark. The system verifies the extracted watermark based on a policy. The system applies the AI model having a watermark to a set of inference inputs to generate inference results. The system sends a verification proof and the inference results to the application.
-
公开(公告)号:US11579928B2
公开(公告)日:2023-02-14
申请号:US16684295
申请日:2019-11-14
申请人: Baidu USA LLC
发明人: Yueqiang Cheng , Yong Liu
摘要: Embodiments of the disclosure relate to configuring a watermark unit with watermark algorithms for artificial intelligence (AI) models for a data processing (DP) accelerator. In one embodiment, in response to a request received by a DP accelerator, the request, sent by an application, to apply a watermark algorithm to an AI model by the DP accelerator, a system determines that the watermark algorithm is not available at a watermark unit of the DP accelerator. The system sends a request for the watermark algorithm. The system receives the watermark algorithm by the DP accelerator. The system configures the watermark unit at runtime with the watermark algorithm for the watermark algorithm to be used by the DP accelerator.
-
公开(公告)号:US11552790B2
公开(公告)日:2023-01-10
申请号:US16693019
申请日:2019-11-22
发明人: Yong Liu , Yueqiang Cheng
摘要: A host processing device instructs a plurality of data processing (DP) accelerators to configure themselves for secure communications. The host device generates an adjacency table of each of the plurality of DP accelerators. Then the host device then establishes a session key communication with each DP accelerator and sends the DP accelerator a list of other DP accelerators that the DP accelerator is to establish a session key with, for secure communications between the DP accelerators. The DP accelerator establishes a different session key for each pair of the plurality of DP accelerators. When all DP accelerators have established a session key for communication with other DP accelerators, according to the respective list of other DP accelerators sent by the host device, then the host device can assign work tasks for performance by a plurality of DP accelerators, each communicating over a separately secured communication channel.
-
公开(公告)号:US11436305B2
公开(公告)日:2022-09-06
申请号:US16598955
申请日:2019-10-10
申请人: Baidu USA LLC
发明人: Yong Liu , Yueqiang Cheng
摘要: In one embodiment, a computer-implemented method of a data processing (DP) accelerator obtaining a watermark of an artificial intelligence (AI) model includes receiving, from a host device, the AI model to execute on the DP accelerator, and receiving input data that triggers output from the AI model on the DP accelerator. The DP accelerator calculates AI model output, in response to the received input and provides the output to the host device. The output can be a watermark extracted from the AI model. DP accelerator can call a security unit of the DP accelerator to digitally sign the output. In an embodiment, the security unit digitally signs the output from the AI model using a key that is retrieved from, or is derived from, a key stored in a secure storage on the security unit.
-
公开(公告)号:US11281251B2
公开(公告)日:2022-03-22
申请号:US16315924
申请日:2019-01-04
发明人: Yong Liu , Yueqiang Cheng , Jian Ouyang , Tao Wei
IPC分类号: G06F1/00 , G06F1/10 , G06F1/08 , G06F9/38 , H04L67/142
摘要: According to one embodiment, a DP accelerator includes one or more execution units (EUs) configured to perform data processing operations in response to an instruction received from a host system coupled over a bus. The DP accelerator includes a security unit (SU) configured to establish and maintain a secure channel with the host system to exchange commands and data associated with the data processing operations. The DP accelerator includes a time unit (TU) coupled to the security unit to provide timestamp services to the security unit, where the time unit includes a clock generator to generate clock signals locally without having to derive the clock signals from an external source. The TU includes a timestamp generator coupled to the clock generator to generate a timestamp based on the clock signals, and a power supply to provide power to the clock generator and the timestamp generator.
-
公开(公告)号:US11775692B2
公开(公告)日:2023-10-03
申请号:US16598428
申请日:2019-10-10
发明人: Yong Liu , Yueqiang Cheng
CPC分类号: G06F21/74 , G06F21/53 , G06F21/72 , H04L9/0838
摘要: In one embodiment, a computer-implemented method of a data processing (DP) accelerator encrypting or decrypting input data can include receiving, from a host device, a command, the input data, and a kernel. The kernel can be an encryption kernel, or a decryption kernel, and the DP accelerator need not know which kernel it has received. The DP accelerator runs the received kernel. In response to the DP accelerator receiving the command, the DP accelerator performs encrypting of the input data using the kernel, if the received kernel is an encryption kernel, otherwise, decrypting the input data using the kernel. The encrypted, or decrypted, input data is then provided to the host device.
-
-
-
-
-
-
-
-
-
搜索结果
41 条记录 (耗时 0.03 秒)
