-
公开(公告)号:US11343083B2
公开(公告)日:2022-05-24
申请号:US16693010
申请日:2019-11-22
申请人: Baidu USA LLC
发明人: Yong Liu , Yueqiang Cheng
摘要: A host processing device instructs a plurality of virtual data processing (VDP) accelerators, configured on each of a plurality of data processing accelerators. The VDP accelerators configure themselves for secure communications. The host device generates an adjacency table of each of the plurality of VDP accelerators. Then the host device then establishes a session key communication with each VDP accelerator and sends the VDP accelerator a list of other VDP accelerators that the VDP accelerator is to establish a session key with, for secure communications between the VDP accelerators. The VDP accelerator establishes a different session key for each pair of the plurality of VDP accelerators. When all DP accelerators have established a session key for communication with other VDP accelerators, according to the respective list of other VDP accelerators sent by the host device, then the host device can assign work tasks for performance by a plurality of VDP accelerators, each communicating over a separately secured virtual communication channel.
-
公开(公告)号:US20210110010A1
公开(公告)日:2021-04-15
申请号:US16598415
申请日:2019-10-10
申请人: Baidu USA LLC
发明人: Yong Liu , Yueqiang Cheng
摘要: In one embodiment, a computer-implemented method of a data processing (DP) accelerator obtaining a watermark of a watermark-enable artificial intelligence (AI) model includes receiving, by the DP accelerator, input data to the DP accelerator that causes the watermark-enabled AI model to extract the watermark from the watermark-enabled AI model; and providing the watermark of the watermark-enabled AI model to the host device. The DP accelerator can receive the model from the host device. The DP accelerator can further receive a command to digitally sign the watermark and call a security unit of the DP accelerator to digitally sign the watermark.
-
公开(公告)号:US20210109792A1
公开(公告)日:2021-04-15
申请号:US16598281
申请日:2019-10-10
申请人: Baidu USA LLC
发明人: Yueqiang Cheng , Yong Liu
摘要: In one embodiment, a computer-implemented method performed by a data processing (DP) accelerator, includes receiving, at the DP accelerator, first data representing a set of training data from a host processor; receiving, at the DP accelerator, a watermark kernel from the host processor; and executing the watermark kernel within the DP accelerator on an artificial intelligence (AI) model. The watermark kernel, when executed, is configured to: generate a new watermark by inheriting an existing watermark from a data object of the set of training data, train the AI model using the set of training data, and implant the new watermark within the AI model during training of the AI model. The DP accelerator then transmits second data representing the trained AI model having the new watermark implanted therein to the host processor.
-
公开(公告)号:US11704390B2
公开(公告)日:2023-07-18
申请号:US16598415
申请日:2019-10-10
申请人: Baidu USA LLC
发明人: Yong Liu , Yueqiang Cheng
CPC分类号: G06F21/16 , G06F16/90335 , G06N5/04 , G06N20/00 , H04L9/3247 , H04L63/0428
摘要: In one embodiment, a computer-implemented method of a data processing (DP) accelerator obtaining a watermark of a watermark-enable artificial intelligence (AI) model includes receiving, by the DP accelerator, input data to the DP accelerator that causes the watermark-enabled AI model to extract the watermark from the watermark-enabled AI model; and providing the watermark of the watermark-enabled AI model to the host device. The DP accelerator can receive the model from the host device. The DP accelerator can further receive a command to digitally sign the watermark and call a security unit of the DP accelerator to digitally sign the watermark.
-
公开(公告)号:US11637697B2
公开(公告)日:2023-04-25
申请号:US16598497
申请日:2019-10-10
申请人: Baidu USA LLC
发明人: Yong Liu , Yueqiang Cheng
摘要: In one embodiment, a computer-implemented method of digitally signing input by a data processing (DP) accelerator operation, and embedding the digitally signed input into an output, includes receiving, from a host device, a signature kernel specifying input to the signature kernel and executing the signature kernel to: extract a watermark from the input and obtain a hash for the watermark; generate output from the input; and embed the hash into the output. The DP accelerator provides the output to the host device. In an embodiment, the input includes an artificial intelligence (AI) model that is executed by the DP accelerator. The DP accelerator receives second input from the host, thereby producing an inference output from the AI model. The digitally signed watermark of the AI Model is embedded into the inference output and is provided to the host device.
-
公开(公告)号:US11537689B2
公开(公告)日:2022-12-27
申请号:US16598563
申请日:2019-10-10
申请人: Baidu USA LLC
发明人: Yong Liu , Yueqiang Cheng
摘要: In one embodiment, a computer implemented method of a data processing (DP) accelerator providing a watermark of an artificial intelligence (AI) model to a host device includes receiving, by the DP accelerator, from the host device, the AI model, and a watermark-enabled kernel to the DP accelerator. The DP accelerator further receives from the host device, first input data to the DP accelerator that, when the first input data is used as input to the watermark-enabled kernel, generates a watermark of the AI model. The watermark is provided to the host device. In an embodiment, the method further includes receiving a signature kernel from the host device and calling the signature kernel to digitally sign the watermark. In an embodiment, the method alternatively includes calling a digital signature routine in a secure unit of the DP accelerator to digitally sign the watermark.
-
公开(公告)号:US11443243B2
公开(公告)日:2022-09-13
申请号:US16598151
申请日:2019-10-10
申请人: Baidu USA LLC
发明人: Yueqiang Cheng , Yong Liu
摘要: In one embodiment, a computer-implemented method performed by a data processing (DP) accelerator, includes receiving, at the DP accelerator, first data representing a set of training data from a host processor; receiving, at the DP accelerator, a watermark kernel from the host processor; and executing the watermark kernel within the DP accelerator on an artificial intelligence (AI) model. The watermark kernel, when executed, is configured to: generate a watermark, train the AI model using the set of training data, and implant the watermark within the AI model during training of the AI model. The DP accelerator then transmits second data representing the trained AI model having the watermark implanted therein to the host processor. In an embodiment, the method further includes receiving a pre-trained AI model and the training is performed for the pre-trained AI model.
-
公开(公告)号:US11409534B2
公开(公告)日:2022-08-09
申请号:US16315987
申请日:2019-01-04
发明人: Yueqiang Cheng , Yong Liu , Tao Wei , Jian Ouyang
摘要: According to one embodiment, a system receives, at a host system a public attestation key (PK_ATT) or a signed PK_ATT from a data processing (DP) accelerator over a bus. The system verifies the PK_ATT using a public root key (PK_RK) associated with the DP accelerator. In response to successfully verifying the PK_ATT, the system transmits a kernel identifier (ID) to the DP accelerator to request attesting a kernel object stored in the DP accelerator. In response to the system receives a kernel digest or a signed kernel digest corresponding to the kernel object from the DP accelerator, verifying the kernel digest using the PK_ATT. The system sends the verification results to the DP accelerator for the DP accelerator to access the kernel object based on the verification results.
-
公开(公告)号:US20210109790A1
公开(公告)日:2021-04-15
申请号:US16598129
申请日:2019-10-10
申请人: Baidu USA LLC
发明人: Yueqiang Cheng , Yong Liu
摘要: In one embodiment, a computer-implemented method performed by a data processing (DP) accelerator includes receiving, at the DP accelerator, first data representing an artificial intelligence (AI) model that has been previously trained from a host processor; receiving, at the DP accelerator, a request to implant a watermark in the AI model from the host processor; and implanting, by the DP accelerator, the watermark within the AI model. The DP accelerator then transmits second data representing the AI model having the watermark implanted therein to the host processor. In embodiment, the method further includes extracting, at the DP accelerator, a watermark algorithm identifier (ID) from the request to implant a watermark; and generating the watermark using a watermark algorithm identified by the watermark algorithm ID.
-
30.发明授权公开(公告)号:US11481678B2
公开(公告)日:2022-10-25
申请号:US16684320
申请日:2019-11-14
申请人: Baidu USA LLC
发明人: Yueqiang Cheng , Yong Liu
摘要: Embodiments of the disclosure relate to learning new watermark algorithms for artificial intelligence (AI) models for a data processing (DP) accelerator. In one embodiment, a system trains a watermark algorithm based on a predetermined set of criteria, where the watermark algorithm is trained to generate variations of the watermark algorithm. The system configures the watermark unit at runtime with a variation of the watermark algorithm for the watermark algorithm to be used by the DP accelerator.
-
-
-
-
-
-
-
-
-
搜索结果
41 条记录 (耗时 0.026 秒)
