Trusted verification method, device and program product for a model application deployed in a public cloud

By acquiring trusted benchmark information and service metrics of model applications, and combining the relationships between trusted nodes, a comprehensive and complete trusted verification of multi-model services on the public cloud is performed. This solves the problem of the inability to verify the entire process in existing technologies, and achieves data security and flexible service management.

CN121278729BActive Publication Date: 2026-07-10BEIJING ZITIAO NETWORK TECH CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
BEIJING ZITIAO NETWORK TECH CO LTD
Filing Date
2025-09-30
Publication Date
2026-07-10

AI Technical Summary

Technical Problem

Existing technologies are insufficient to perform complete and reliable verification of the entire process of multi-model services on public clouds, especially in model application scenarios with changing business logic and complex upstream and downstream service links, making it impossible to guarantee data security during data processing.

Method used

By acquiring trusted benchmark information and service metrics of the model application, and combining them with the association relationships of trusted nodes, a comprehensive and complete trusted verification of the model application is performed, including trusted verification of each model service and verification of the association relationships between services.

Benefits of technology

It enables comprehensive and reliable verification of the integrity of multiple model services throughout the entire process of model application on the public cloud, ensuring data security during data processing and supporting flexible service orchestration and dynamic updates.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN121278729B_ABST
    Figure CN121278729B_ABST
Patent Text Reader

Abstract

A method, device and program product for trusted verification of a model application deployed on a public cloud, the method comprising: obtaining trusted benchmark information of the model application; the model application being deployed on the public cloud, the model application comprising a plurality of model services, the plurality of model services comprising at least two first model services deployed on at least one trusted node of the public cloud, the trusted benchmark information comprising service baseline values of the at least two first model services respectively and a first association relationship between the plurality of model services; obtaining, from the trusted node, a service measurement value of each first model service, and obtaining, from nodes corresponding to respective model services in the plurality of model services, a second association relationship between the plurality of model services; and performing trusted verification of the model application based on the trusted benchmark information, all service measurement values and the second association relationship. Thus, comprehensive and complete trusted verification of the plurality of model services in the whole process of the model application deployed on the public cloud is achieved.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This disclosure relates to the field of model technology and trusted verification, specifically to a trusted verification method, apparatus, and program product for model applications deployed in a public cloud. Background Technology

[0002] With the continuous development of large-scale model technology and the increasing variety of model application scenarios, and the fact that model service response cannot be separated from sufficient computing resources, more and more users are choosing to deploy model services on public clouds. To address data security issues during model usage, Confidential Computing technology has emerged. By constructing a hardware-level Trusted Execution Environment (TEE), an isolated and secure area is partitioned within the processor to run protected model services and process protected data.

[0003] However, the relevant technologies mainly build a single-point trusted environment for a single model service. In the face of model application scenarios with ever-changing business logic and complex upstream and downstream service links, this approach is difficult to perform complete trusted verification of each model service in the entire process of model application. Summary of the Invention

[0004] This summary section is provided to briefly introduce the concepts, which will be described in detail in the detailed description section below. This summary section is not intended to identify key or essential features of the claimed technical solution, nor is it intended to limit the scope of the claimed technical solution.

[0005] Firstly, this disclosure provides a trusted verification method for a model application deployed in a public cloud, the trusted verification method comprising:

[0006] Obtain trusted baseline information for a model application; wherein the model application is deployed on a public cloud, the model application includes multiple model services, the multiple model services include at least two first model services deployed on at least one trusted node of the public cloud, and the trusted baseline information includes the service baseline value of each of the at least two first model services and a first association relationship between the multiple model services;

[0007] The service metric value of each first model service is obtained from the trusted node, and the second association relationship between the multiple model services is obtained from the node corresponding to each model service in the multiple model services.

[0008] Based on the trusted benchmark information, all service metrics of the at least two first model services, and the second association relationship, the model application is verified for trustworthiness.

[0009] Secondly, this disclosure provides a trusted verification device for a model application deployed in a public cloud, the trusted verification device comprising:

[0010] The first acquisition module is used to acquire trusted baseline information of the model application; wherein the model application is deployed on a public cloud, the model application includes multiple model services, the multiple model services include at least two first model services deployed on at least one trusted node of the public cloud, and the trusted baseline information includes the service baseline value of each of the at least two first model services and a first correlation relationship between the multiple model services.

[0011] The second acquisition module is used to acquire the service metric value of each of the first model services from the trusted node, and to acquire the second association relationship between the multiple model services from the nodes corresponding to each model service in the multiple model services.

[0012] The verification module is used to perform trust verification on the model application based on the trusted benchmark information, all service metrics of the at least two first model services, and the second association relationship.

[0013] Thirdly, this disclosure provides a computer-readable medium having a computer program stored thereon, which, when executed by a processing device, implements the steps of the method described in the first aspect.

[0014] Fourthly, this disclosure provides an electronic device, comprising:

[0015] A storage device on which computer programs are stored;

[0016] A processing device for executing the computer program in the storage device to implement the steps of the method in the first aspect.

[0017] Fifthly, this disclosure provides a computer program product, including a computer program that, when executed by a processor, implements the steps of the method described in the first aspect.

[0018] Through the above technical solution, for model applications with multiple model services deployed on a public cloud, and at least two model services deployed on trusted nodes, the trusted baseline information of the model application can be determined based on the service baseline values ​​of the model services deployed on trusted nodes and the first association relationship among all model services. During trusted verification of the model application, the service metric values ​​of the model services obtained from the trusted nodes and the second association relationship among the multiple model services obtained from their respective nodes are used to perform trusted verification of the entire model application based on the trusted baseline information, all service metric values, and the second association relationship. This method not only enables trusted verification of each model service deployed on a trusted node but also trusted verification of the association relationships among all model services included in the model application. This achieves comprehensive and complete trusted verification of multiple model services throughout the entire process of a model application deployed on a public cloud, effectively ensuring data security during data processing.

[0019] Other features and advantages of this disclosure will be described in detail in the following detailed description section. Attached Figure Description

[0020] The above and other features, advantages, and aspects of the embodiments of this disclosure will become more apparent from the accompanying drawings and the following detailed description. Throughout the drawings, the same or similar reference numerals denote the same or similar elements. It should be understood that the drawings are schematic, and the originals and elements are not necessarily drawn to scale. In the drawings:

[0021] Figure 1 This is a flowchart illustrating a trusted verification method for a model application deployed in a public cloud, according to an exemplary embodiment of this disclosure.

[0022] Figure 2 This is a schematic diagram of the overall architecture of a confidential cloud computing system according to an exemplary embodiment of the present disclosure;

[0023] Figure 3 This is a schematic diagram illustrating the deployment process of a model application according to an exemplary embodiment of the present disclosure;

[0024] Figure 4 This is a schematic diagram illustrating a process for updating a model service according to an exemplary embodiment of the present disclosure;

[0025] Figure 5 This is a block diagram illustrating a trusted verification apparatus for a model application deployed in a public cloud, according to an exemplary embodiment of this disclosure.

[0026] Figure 6 This is a schematic diagram of the structure of an electronic device according to an exemplary embodiment of the present disclosure. Detailed Implementation

[0027] Embodiments of this disclosure will now be described in more detail with reference to the accompanying drawings. While some embodiments of this disclosure are shown in the drawings, it should be understood that this disclosure can be implemented in various forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided to provide a more thorough and complete understanding of this disclosure. It should be understood that the accompanying drawings and embodiments of this disclosure are for illustrative purposes only and are not intended to limit the scope of protection of this disclosure.

[0028] It should be understood that the steps described in the method embodiments of this disclosure may be performed in different orders and / or in parallel. Furthermore, the method embodiments may include additional steps and / or omit the steps shown. The scope of this disclosure is not limited in this respect.

[0029] The term "comprising" and its variations as used herein are open-ended inclusions, meaning "including but not limited to". The term "based on" means "at least partially based on". The term "one embodiment" means "at least one embodiment"; the term "another embodiment" means "at least one additional embodiment"; the term "some embodiments" means "at least some embodiments". Definitions of other terms will be given in the description below.

[0030] It should be noted that the concepts of "first" and "second" mentioned in this disclosure are used only to distinguish different devices, modules or units, and are not used to limit the order of functions performed by these devices, modules or units or their interdependencies.

[0031] It should be noted that the terms "a" and "a plurality of" used in this disclosure are illustrative rather than restrictive, and those skilled in the art should understand that, unless otherwise expressly indicated in the context, they should be understood as "one or more".

[0032] The names of messages or information exchanged between multiple devices in the embodiments of this disclosure are for illustrative purposes only and are not intended to limit the scope of such messages or information.

[0033] It is understood that before using the technical solutions disclosed in the various embodiments of this disclosure, users should be informed of the types, scope of use, and usage scenarios of the personal information involved in this disclosure in an appropriate manner in accordance with relevant laws and regulations, and user authorization should be obtained.

[0034] For example, upon receiving a user's active request, a prompt message is sent to the user to explicitly inform them that the requested operation will require the acquisition and use of the user's personal information. This allows the user to independently choose whether to provide personal information to the software or hardware, such as the electronic device, application, server, or storage medium performing the operations of this disclosed technical solution, based on the prompt message.

[0035] As an optional but non-limiting implementation, in response to a user's active request, sending a prompt message to the user can be done via a pop-up window, where the prompt message can be presented in text format. Furthermore, the pop-up window can also include a selection control allowing the user to choose "agree" or "disagree" to provide personal information to the electronic device.

[0036] It is understood that the above notification and user authorization process are merely illustrative and do not constitute a limitation on the implementation of this disclosure. Other methods that comply with relevant laws and regulations may also be applied to the implementation of this disclosure.

[0037] Meanwhile, it is understood that the data involved in this technical solution (including but not limited to the data itself, the acquisition or use of the data) shall comply with the requirements of relevant laws, regulations and related provisions.

[0038] With the continuous development of large-scale model technology and the increasing variety of model application scenarios, and given that model service response relies heavily on sufficient computing resources, more and more users are choosing to deploy model services on public clouds. However, the security of data (such as prompts when users request inference services) on public clouds remains one of the core concerns for users. Security mechanisms in related technologies primarily protect data security during "static storage" and "network transmission" through encryption. However, data is typically loaded into memory in plaintext form for model service processing during "operation and use," which becomes a weak link in data protection. This is because during this data processing stage, if the operating system, virtualization platform, or even the cloud service provider itself has vulnerabilities or is maliciously attacked, the data may be stolen or tampered with.

[0039] To address this issue, confidential computing technology has emerged. It constructs a hardware-level "trusted execution environment" by partitioning an isolated and secure area within the processor to run protected model services and process protected data. Deploying confidential computing in a cloud computing environment effectively prevents unauthorized access to data by cloud platform administrators, malicious tenants, system software, or third-party attackers, greatly enhancing user trust in the cloud platform. The general workflow of confidential computing involves steps such as deploying trusted services, obtaining raw metrics of trusted operational status, and issuing service operational status verification reports based on verification policies.

[0040] However, private cloud computing technologies suffer from low resource utilization and limited application scenarios. For example, private deployment solutions run closed-source systems on dedicated private cloud platforms and rely on self-developed chips, making them unsuitable for public cloud scenarios. Similarly, deployment solutions for confidential cloud computing services cannot be well integrated with complex AI-native systems such as large-scale model inference frameworks, experiencing issues like insufficient memory, which compromises inference performance in confidential environments. Furthermore, single-point container instance-level runtime environments can only build a single-point trusted environment for a single service, making large-scale scaling and flexible scheduling difficult.

[0041] It's worth noting that in AI scenarios, the business logic of model applications is highly variable, and the upstream and downstream service chains are complex. For example, in user question-and-answer assistant applications, there are generally multiple pre-processing steps involved, such as identifying the user's intent and performing enhanced knowledge base retrieval, before accessing distributed inference services. Existing technologies struggle to provide complete and reliable verification of all model services throughout the entire process of model applications.

[0042] Furthermore, in the long-term maintenance of cloud systems, model services undergo frequent changes. For example, cloud-native technologies such as continuous integration and continuous delivery support convenient version updates and service upgrades for cloud services. However, for cloud model services, the corresponding trusted operating environment (including the inference execution framework, model files for large models, etc.) also needs to be dynamically updated. Existing cloud-based confidential computing trusted verification technologies mainly measure the running status of static, single-version services, and the corresponding remote proof services cannot automatically and continuously verify the dynamic updates of model services.

[0043] In view of this, this disclosure provides a trusted verification method, apparatus, and program product for model applications deployed in public clouds to solve the above-mentioned technical problems.

[0044] The embodiments of this disclosure will be further explained below with reference to the accompanying drawings.

[0045] Figure 1 This is a flowchart illustrating a trusted verification method for a model application deployed in a public cloud, according to an exemplary embodiment of this disclosure, with reference to... Figure 1 The trusted verification method may include the following steps:

[0046] S101: Obtain trusted baseline information for the model application; wherein the model application is deployed on a public cloud, the model application includes multiple model services, the multiple model services include at least two first model services deployed on at least one trusted node in the public cloud, and the trusted baseline information includes the service baseline values ​​of each of the at least two first model services and the first correlation relationship between the multiple model services.

[0047] Trusted nodes are computing device nodes in the public cloud that support confidential computing. By utilizing hardware-level security technologies, such as TEE technology, an isolated and secure area is defined to protect the confidentiality and integrity of data and computing processes.

[0048] In this embodiment, the model application can be a system, tool, or solution based on multiple artificial intelligence models as the core, combined with software and hardware tools, business logic, and data links, and implemented in specific business scenarios to achieve corresponding functions. Among them, the artificial intelligence models can be large language models, multimodal large models, computer vision models, recommendation models, classification models, etc. Taking an intelligent question answering model application as an example, it can include a large language model that recognizes the intent of user input, an enhanced retrieval model that retrieves knowledge based on user input, and a reasoning large model that generates answers based on intent recognition results and retrieval results. The specific details are determined according to the actual business scenario, and this disclosure does not impose any restrictions on this.

[0049] For example, suppose model application X includes three model services: A, B, and C. Model services A and C are trusted services and need to be deployed on trusted nodes, while model service B is an untrusted service and can be deployed on an untrusted node. Different model services can be deployed on different nodes or in different containers on the same node. Model services A and B both depend on model service C; that is, the relationship between the three model services is that model services A and B can access model service C, but model service C cannot access model services A and B, and model services A and B cannot access each other. For instance, in a real-world business scenario, if the model inference service depends on the recognition results of the intent recognition service and the retrieval results of the enhanced retrieval service, then the model inference service can be configured to access the intent recognition service and the enhanced retrieval service. The specific configuration can be determined based on the actual business scenario, and this disclosure does not impose any restrictions on this.

[0050] In this way, the trusted baseline information of model application X includes the service baseline value a0 of model service A, the service baseline value c0 of model service C, and the preset association relationship between model services A, B, and C. The trusted baseline information can be determined before the model application is deployed based on the application configuration information of the deployed model application.

[0051] S102: Obtain the service metric value of each first model service from the trusted node, and obtain the second association relationship between multiple model services from the nodes corresponding to each model service in the multiple model services.

[0052] For example, during remote verification, the verifier can initiate a remote verification request to the deployment node of the model application. The remote verification component of the trusted node deploying model services A and C obtains relevant information for calculating service metrics and performs calculations to obtain the real-time service metrics of the trusted services. The nodes deploying model services A, B, and C can perform access verification to determine the real-time correlation between model services A, B, and C, thereby obtaining the real-time dynamic metric information of the model application. The dynamic metric information includes the service metric value a1 of model service A, the service metric value c1 of model service C, and the real-time correlation between model services A, B, and C.

[0053] It should be noted that the measurement objects participating in the above service baseline values ​​and service metrics can be determined based on the actual business scenario. For example, they may include service image files, dependent model files, etc. The service baseline values ​​and service metrics can be hash values ​​obtained by hashing the selected measurement objects. This disclosure does not impose any restrictions on this.

[0054] S103: Based on trusted benchmark information, all service metrics of at least two first model services, and second association relationships, perform trusted verification of the model application.

[0055] In one possible approach, based on trusted baseline information, all service metrics of at least two first model services, and a second association, the method includes: for each first model service, verifying that the service metrics of the first model service are consistent with the service baseline value of the first model service in the trusted baseline information; and verifying that the second association is consistent with the first association in the trusted baseline information. The trusted verification method further includes: determining that the model application is in a trusted state when the service metrics and service baseline values ​​of at least two first model services are consistent and the second association is consistent with the first association.

[0056] For example, continuing with the above model application X, we compare the real-time service metric of each trusted service with the service baseline value. That is, we compare model services A and C. If the real-time service metric of a single trusted service matches the service baseline value, then we can determine that the trusted service is in a trusted state. We then compare the real-time relationships between multiple model services with the preset relationships. That is, we determine whether model services A, B, and C can access model service C, but model service C cannot access model services A and B, and model services A and B cannot access each other. If the real-time relationships match the preset relationships, then we can determine that the relationships of the model application are in a trusted state.

[0057] If multiple trusted services are currently in a trusted state, and the relationships between the multiple model services included in the model application are also in a trusted state, it can be determined that the model application is currently in a trusted state. This enables comprehensive and complete trusted verification of the multiple model services throughout the entire process of the model application deployed on the public cloud.

[0058] This method not only enables trusted verification of each model service deployed on a trusted node, but also trusted verification of the relationships between all model services included in the model application. This allows for comprehensive and complete trusted verification of multiple model services throughout the entire process of the model application deployed on the public cloud, effectively ensuring data security during the data processing of the model application.

[0059] It is worth noting that this embodiment can implement a fully managed confidential cloud computing system architecture for trusted services on the customer's cloud in a public cloud scenario using a SaaS (Software-as-a-Service) approach. It supports multiple cloud tenants initiating the deployment of trusted services (such as large model inference services and retrieval enhancement services) directly based on the trusted cloud computing product console, and allows for flexible orchestration of trusted services and upgrades. Compared to the trusted verification of individual services in related technologies, this approach enables full-process trusted verification of multiple model services included in the model application, from the perspective of the entire model application process.

[0060] The overall architecture of the confidential cloud computing system provided in this embodiment will be described in detail below with reference to the accompanying drawings.

[0061] like Figure 2 As shown, the Trusted Service Cloud console provides tenants with a visual interface for purchasing and managing confidential cloud resources, as well as performing operations such as trusted key management, machine and container management, remote authentication services, and baseline management services. Here, "tenant" refers to the user to whom the model application belongs, such as an enterprise user. Operators can log in to the control platform using their tenant accounts to perform related operations.

[0062] Continue to refer to Figure 2Trusted key management allows for lifecycle management of keys, which can be used to encrypt models, encrypt data transmitted to models, and so on. Specific configurations are based on requirements, and this disclosure does not impose any limitations. Baseline management allows configuration of the measurement objects participating in service baseline values, such as model name, version, and size. Trusted container management allows configuration of model services to be deployed to trusted nodes, including configuring the resources required by the model service, containerizing them into corresponding service containers, and deploying the model service to the service cluster of the tenant's corresponding second network. Remote authentication service allows configuration of trusted verification policies. For example, if a trusted service includes multiple versions, it can be configured whether to be compatible with historical versions, or which specific versions can be trusted for verification, etc. Specific configurations are based on requirements, and this disclosure does not impose any limitations. The image repository is used to store container images of model services, and object storage is used to store model files that the model service depends on.

[0063] Accordingly, such as Figure 2 As shown, the first network of the control plane hosted on the public cloud includes backend processing modules corresponding to the various functional modules provided by the Trusted Service Cloud console, in order to connect with the tenant's configuration operations on the Trusted Service Cloud console and place them on the second network dedicated to that tenant on the public cloud. Multiple independent container service clusters are deployed in the second network, while the first network can deploy baseline management services, remote proof services, trusted container management and control center based on ordinary CPU machine nodes, and hardware machine nodes based on trusted execution environment to carry trusted key management and other services that need to run in confidential state, and can store the corresponding configuration information in middleware storage.

[0064] The first network's baseline management service provides unique identifiers and tamper-proof baseline values, such as hash values, for registering, querying, and managing container images and deployed large model files. The trusted container management service, based on trusted hardware containerization interfaces, enables on-demand deployment of service images to a trusted hardware environment. The remote verification service, a core component in confidential computing, measures and verifies the status of services running in a trusted hardware environment, providing verifiable operational status reports. The key management service securely stores and distributes keys within a trusted hardware environment, ensuring keys are not exposed in plaintext within the system.

[0065] It should be noted that the first network of the control plane on the public cloud can be a single network to manage the model applications hosted by all tenants. The second network dedicated to each tenant on the public cloud can be one or more second networks corresponding to one tenant. That is, the data plane of the public cloud allocates independent underlying hardware resources to each tenant, and sets up independent second networks for different tenants on it. Within these second networks, each tenant has exclusive hardware resources, including ordinary CPUs (Central Processing Units), GPUs (Graphics Processing Units), and CPUs and GPUs that provide a trusted operating environment. Components such as GPU inference services required for online links are deployed on their container service clusters. The second networks of different tenants do not interfere with each other. The specific configuration can be configured according to requirements, and this disclosure does not impose any restrictions on this.

[0066] In addition, tenants can configure business routing strategies within their own private networks. For example, they can set routing strategies to route different types of requests to different model applications. When a user request is received, the API (Application Programming Interface) gateway can route the user request to the corresponding model application's processing link. They can also specify various storage components and configuration components for authorized use, such as private object storage for large language models and private inference engine component images.

[0067] Continue to refer to Figure 2 Depending on the business scenario, model services for different business processing logics can be deployed on the second network of the tenant's data plane. For example, a tenant may have two different business processing logics, Business 1 and Business 2. Taking Business 1 as an example, its processing logic is model services M1, M2, and M3 in sequence. Model services M1, M2, and M3 can be deployed first, followed by the relationships between them. Model service M2 accesses model service M1, and model service M3 accesses model service M2. Thus, when processing service requests from users such as mobile phones, in-vehicle systems, computers, and applications, model services M1, M2, and M3 are called sequentially for model processing. Model service M2 depends on the processing result of model service M1, and model service M3 depends on the processing result of model service M2. The specific details can be determined based on the actual business scenario, and this disclosure does not impose any restrictions.

[0068] It is worth noting that this embodiment supports deploying the model inference service on trusted GPU nodes to improve resource utilization and significantly improve model inference performance.

[0069] The following detailed description of the multi-service orchestration deployment and updates of the model application in this embodiment, using the aforementioned confidential cloud computing system as an example, provides a detailed example.

[0070] Among them, the multi-service orchestration and deployment capability means that after the service is activated, the tenant can initiate the flexible deployment of multiple services on the cloud console, and can connect the trusted verification between the various services as needed, ensuring that the entire service chain is based on a trusted hardware environment and achieves a trustworthy and measurable state.

[0071] In one possible manner, the public cloud includes a first network and a second network for users. The second network is used to deploy user model applications, and the first network is used to manage the second network for different users. The model applications are deployed as follows: the application configuration information of the model applications is obtained through the control center of the first network, and trusted baseline information is determined based on the application configuration information. The application configuration information includes the service configuration information of multiple model services, a first association relationship, and a deployment description representing the deployment of at least two first model services on trusted nodes. The control center sends a first deployment instruction to the deployment service of the second network, so that the deployment service deploys the corresponding first model service on the trusted nodes of the second network based on the service configuration information of at least two first model services. In the case where multiple model services include second model services deployed on untrusted nodes, the second model service is deployed on the untrusted nodes of the second network based on the service configuration information of the second model service. The control center sends a second deployment instruction to the deployment service, so that the deployment service deploys the association relationship between multiple model services based on the first association relationship.

[0072] For example, continuing with the application of the above model to X, such as... Figure 3 As shown, tenants can initiate application deployment tasks by configuring application configuration information for model application X in the cloud console. This includes service configuration information, deployment instructions, and preset associations for model services A, B, and C. The service configuration information may include model service identifiers so that the corresponding container files and model files can be found based on the identifiers for service deployment. Different model services can be deployed on different nodes or different containers on the same node. This disclosure does not impose any restrictions on this.

[0073] For example, continue to refer to Figure 3The cloud platform gateway can authenticate tenant identities. After successful authentication, it forwards relevant configurations to the public cloud control center. The control center performs pre-checks such as resource quotas and then parses the application configuration information to determine a complete trusted deployment workflow, enabling fully managed deployment of model applications on the public cloud. Based on actual business needs, tenants can initiate orchestration and deployment of model applications, including multiple model services, through a unified cloud console interface. This ensures secure data transmission between multiple services and allows for flexible trusted authentication of multiple services. This approach enables large-scale deployment of model applications on the public cloud, moving beyond the limitations of direct deployment of individual services within related technologies, effectively improving the deployment flexibility and efficiency of complex, large-scale model applications.

[0074] In one possible manner, the application configuration information is obtained by configuring the following: in response to a user's service configuration operation on the configuration page of the control platform, the service configuration information of each of the multiple model services is determined based on the service configuration operation; in response to a user's selection operation of multiple model services on the configuration page, the model service corresponding to the selection operation is determined as the first model service to be deployed on the trusted node; in response to a user's relationship configuration operation on the configuration page, the first association relationship between the multiple model services is determined based on the relationship configuration operation; and based on the service configuration information of each of the multiple model services, the first association relationship, and the deployment instructions representing the deployment of the first model service on the trusted node, the application configuration information is determined.

[0075] For example, the user mentioned above is the tenant who deploys the model application. The tenant can configure the application configuration information on the corresponding configuration page of the control platform, for example... Figure 2 The cloud console shown provides an operation page that effectively reduces the complexity of model application deployment and improves the deployment efficiency of model applications through a visual configuration page.

[0076] Continuing with the example of applying the above model to X, such as... Figure 3 As shown, the application configuration information can configure the set of model services for the model application, namely the service configuration information of model services A, B, and C, the deployment instructions indicating that model services A and C need to be deployed on trusted nodes, and the preset relationships, such as model services A and B depending on model service C, etc. The specific configuration can be based on actual business needs, and this disclosure does not impose any restrictions. This allows for the configuration of the model application's application configuration information based on actual business requirements through a visual configuration page, achieving efficient and flexible deployment of model applications on the public cloud.

[0077] It should be noted that if it is necessary to update the model application or the model service in the model application, such as updating the existing model service or adding a new model service, the corresponding update configuration information can be set on the configuration page of the control platform, so as to realize efficient and flexible updates of the model application on the public cloud. The configuration process is similar to configuring the application configuration information, and will not be described in detail here.

[0078] In one possible manner, the trusted baseline information is determined based on the application configuration information, including: for each first model service, obtaining the image file information and model file information of the first model service based on the service configuration information of the first model service through the baseline management service of the first network, and determining the service baseline value of the first model service based on the image file information and model file information of the first model service; registering all service baseline values ​​and first associations of at least two first model services to the remote certification service of the first network through the control center; and generating trusted baseline information for the model application through the remote certification service based on all service baseline values ​​and first associations of at least two first model services.

[0079] For example, continue to refer to Figure 3 Before deploying the model service, the control center queries the baseline management service for the service baseline values ​​of trusted services in the application configuration information. The baseline management service calculates the service baseline values ​​of trusted services based on information such as the image files and dependent model files of the trusted services, and returns the calculated service baseline values ​​to the control center, such as the service baseline values ​​of model services A and C. Then, the control center registers the service baseline values ​​of each trusted service in the trusted service set with the preset association relationships to the remote verification service. The remote verification service generates overall trusted baseline information for model application X and generates a corresponding unique identifier for use during subsequent remote verification.

[0080] For example, continue to refer to Figure 3 The second network deployment service is the container service on the data plane, that is... Figure 2 The node shown contains container components. The control center initiates a first deployment command to the data plane deployment service, deploying trusted model services A and C in the trusted hardware environment and model service B in the untrusted hardware environment. Then, the control center initiates a second deployment command to the data plane deployment service, deploying the relationships between multiple model services. For example, if model services A and B can access model service C, then an access point for model service C needs to be deployed and made available to model services A and B. Additionally, the accessed service can be required to perform remote authentication verification of the accessor, allowing access only after successful verification. Specific configurations can be tailored to requirements, and this disclosure does not impose any restrictions. Finally, after completing the deployment workflow, the control center stores the relevant configuration information of the model application and ultimately returns the deployment result information to the tenant.

[0081] This enables a comprehensive architecture for large-scale deployment of trusted services on the public cloud. It moves beyond the direct deployment of individual services and eliminates the need for users to manually calculate baseline values ​​for each service within the system. Instead, it internally calculates unique baseline values ​​for each model service based on the workflow of multiple user-configured and orchestrated model services. After deployment, it facilitates reliable verification of the overall operational state of the model application. In other words, this embodiment moves beyond point-to-point baseline value calculation, clustered deployment, and remote verification of trusted services. Instead, it takes a comprehensive and holistic approach from the perspective of users deploying complex, large-scale model applications on the public cloud, internally coordinating the dynamic configuration and linkage of baseline calculation, trusted service orchestration, and remote verification. Ultimately, it achieves a fully managed, SaaS-based, large-scale trusted and confidential cloud computing service.

[0082] In one possible manner, the public cloud includes a first network and a second network for users. The second network is used to deploy users' model applications, and the first network is used to manage the second networks for different users. The trusted verification method further includes: obtaining updated configuration information for a third model service among at least two first model services through the control center of the first network; updating trusted baseline information based on the updated configuration information, the updated configuration information including service update information of the third model service, the third model service being deployed on a trusted node of the second network; and sending an update deployment instruction to the deployment service of the second network through the control center, so that the deployment service updates the third model service based on the service update information of the third model service on the trusted node where the third model service is deployed.

[0083] For example, continuing with the application of the above model to X, such as... Figure 4 As shown, tenants can initiate service update tasks by configuring update information for model application X in the cloud console. For example, to update model service A, it is necessary to configure the service update information of model service A, such as the upgraded service image and model files of model service A. They can also set change policies, such as whether to be compatible with historical versions.

[0084] For example, continue to refer to Figure 4 The cloud platform gateway can authenticate the tenant's identity. After successful authentication, it forwards the relevant configuration to the public cloud control center. The control center can first perform a trusted verification of the current state of the model application, and then parse the configuration update information after verification to determine the complete service change process. This enables flexible updates of the model application on the public cloud, thus solving the problem that existing solutions cannot flexibly publish and update a set of trusted services on the public cloud.

[0085] In this embodiment, tenants can update multiple model services of the model application based on standard continuous integration and deployment methods. At the same time, they can set compatibility change policies to ensure that trusted services can run normally before and after the update, while ensuring that the level of security and trust remains unchanged.

[0086] In possible ways, updating configuration information also includes a change policy used to at least characterize whether it is compatible with historical versions; updating trusted baseline information based on updated configuration information includes: obtaining image file information and model file information of the third model service based on service update information of the third model service through the baseline management service of the first network, and determining a new service baseline value of the third model service based on the image file information and model file information of the third model service; sending an update request for trusted baseline information to the remote certification service of the first network based on the new service baseline value and change policy through the control center; and updating trusted baseline information based on the new service baseline value and change policy through the remote certification service in response to the update request.

[0087] For example, continue to refer to Figure 4 The control center initiates a query request to the baseline management service to calculate the new service baseline value for model service A. The baseline management service calculates the new service baseline value based on the image file, model file, and other materials of the new version of model service A. Then, based on the new service baseline value and change policy, the control center initiates an update request for trusted baseline information to the remote verification service. The remote verification service writes the service baseline value and change policy of model service A into the trusted baseline information, resulting in new trusted baseline information. For example, the original trusted baseline information included the service baseline value of the V1 version of the model service, while the updated trusted baseline information includes the service baseline values ​​of both V1 and V2 versions of the model service, and its change policy is compatible with both V1 and V2 versions.

[0088] Next, the control center, based on the configured service update policy, initiates an update request to the deployment service component, completing the update of model service A at the set update time. The service update policy can be based on a preset update time, and this disclosure does not impose any restrictions on this. Finally, after completing the above process, the control center stores the new relevant configuration information and ultimately returns the deployment update result information to the tenant.

[0089] This embodiment supports the upgrade and update of trusted services. That is, in the SaaS fully managed trusted cloud computing platform, it supports the management of the software lifecycle of multiple model services under the complete application and ensures the trustworthiness of service version updates.

[0090] Among possible approaches, the trusted verification method also includes: when the change policy indicates that the third model service is incompatible with the historical version, performing trusted verification on the third model service based on the service metric value of the third model service and the new service baseline value; when the change policy indicates that the third model service is compatible with the historical version, performing trusted verification on the third model service based on the service metric value of the third model service and all service baseline values ​​of the third model service, wherein all service baseline values ​​of the third model service include the new service baseline value and the historical service baseline values ​​of the third model service.

[0091] For example, continuing with updating model service A, the trusted baseline information may include the new service baseline value and the historical service baseline value of model service A. If its change policy is to be compatible with the historical version, then during trusted verification, the real-time service metric value of model service A is compared with all service baseline values. If the real-time service metric value of model service A is consistent with any service baseline value of model service A, it is determined that model service A is in a trusted state.

[0092] For example, if the change strategy is to be incompatible with historical versions, then during trusted verification, the real-time service metric value of model service A is compared with the new service baseline value. If the real-time service metric value of model service A matches the new service baseline value, then model service A is determined to be in a trusted state. This enables dynamic updates to model services based on business needs and allows for automated continuous verification of the updated model service.

[0093] In possible ways, the change strategy includes the first service version number of the compatible third model service, and performs trusted verification of the third model service based on the service metric value of the third model service and the service baseline value of all service baseline values ​​of the third model service, including: performing trusted verification of the third model service based on the service baseline value of the third model service corresponding to the first service version number among the service metric value of the third model service and the service baseline value of all service baseline values ​​of the third model service.

[0094] For example, specific versions of compatible model services can be configured. Suppose model service A includes version 1, version 2, and version 3. It can be configured to be compatible with version 2 and version 3. That is, during the remote verification process, if the real-time service metric of model service A is consistent with the service baseline value of version 1, then model service A is determined to be in an untrusted state. If the real-time service metric of model service A is consistent with the service baseline value of either version 2 or 3, then model service A is determined to be in a trusted state. This enables verification management of multiple version model services and effectively improves the flexibility and accuracy of trusted verification after model service updates.

[0095] In possible ways, the change strategy includes the second service version number of the compatible third model service and the validity period corresponding to the second service version number. Based on the service metric value of the third model service and the service baseline values ​​of all third model services, a trust verification of the third model service is performed, including: based on the service metric value of the third model service and the service baseline value of the third model service corresponding to the third service version number among the service baseline values ​​of all third model services, a trust verification of the third model service is performed, wherein the third service version number is the service version number of the second service version number that is within the corresponding validity period.

[0096] For example, specific versions of compatible model services can be configured, along with the corresponding compatibility validity period for each version. Assuming model service A includes versions 1, 2, and 3, it can be configured to be compatible with version 2, with an indefinite validity period, and compatible with version 3, with a validity period for version 2 ending on a specific date. That is, during remote verification, if the real-time service metric of model service A matches the service baseline value of version 1, or matches the service baseline value of version 3 after a specific date, then model service A is determined to be in an untrusted state. If the real-time service metric of model service A matches the service baseline value of version 2, or matches the service baseline value of version 3 before a specific date, then model service A is determined to be in a trusted state. This enables verification management of multiple version model services, effectively improving the flexibility and accuracy of trusted verification after model service updates.

[0097] Of course, in addition to updating the model service in the model application, it also supports updating and deploying the entire model application. The process is similar to the model service update process, and will not be described in detail here.

[0098] In other possible implementations, this embodiment supports the user client initiating trusted verification of the model application, such as... Figure 2 As shown, the integrated end-to-end cloud encryption SDK (Software Development Kit) also supports periodic trusted verification of model applications by the public cloud. This means the verification endpoint can be either the user end or the public cloud control center. The verification endpoint can initiate a remote verification request through the remote verification service to obtain trusted benchmark information. Then, the remote verification service sends a query request for dynamic measurement information to the remote verification components on the nodes where the model application is deployed. Each node calculates the real-time service measurement values ​​of each model service and the relationships between them, obtaining real-time service measurement information which is then fed back to the remote verification service. Based on the trusted benchmark information and the real-time service measurement information, the remote verification service generates a remote verification report and feeds it back to the verification endpoint, thus achieving complete verification of the entire process of model applications with multiple model services.

[0099] Using the above method, in a public cloud scenario, a confidential cloud computing system architecture that fully manages trusted services on the customer's cloud is implemented in a SaaS (Software-as-a-Service) manner. This architecture supports multiple cloud tenants to directly initiate the deployment of trusted services (such as large model inference services, retrieval enhancement services, etc.) based on the trusted cloud computing product console. It also allows for flexible orchestration of trusted services, supports upgrades to trusted services, and continuous trusted verification after upgrades.

[0100] Based on the same concept, this embodiment provides a trusted verification device for model applications deployed in a public cloud, such as... Figure 5 As shown, the trusted verification device 500 includes:

[0101] The first acquisition module 501 is used to acquire trusted baseline information of the model application; wherein the model application is deployed on a public cloud, the model application includes multiple model services, the multiple model services include at least two first model services deployed on at least one trusted node in the public cloud, and the trusted baseline information includes the service baseline values ​​of each of the at least two first model services and the first correlation relationship between the multiple model services.

[0102] The second acquisition module 502 is used to acquire the service metric value of each first model service from the trusted node, and to acquire the second association relationship between the multiple model services from the nodes corresponding to each model service in the multiple model services.

[0103] The verification module 503 is used to perform trusted verification of the model application based on trusted benchmark information, all service metrics of at least two first model services, and second association relationships.

[0104] Optionally, the public cloud includes a first network and a second network for users, the second network being used to deploy the user's model application, and the first network being used to manage the second network for different users. The trusted verification device 500 further includes a deployment module, which is used for:

[0105] The application configuration information of the model application is obtained through the control center of the first network, and the trusted baseline information is determined based on the application configuration information. The application configuration information includes the service configuration information of each of the multiple model services, the first association relationship, and a deployment description representing the deployment of at least two first model services on the trusted node.

[0106] The control center sends a first deployment instruction to the deployment service of the second network, so that the deployment service deploys the corresponding first model service in the trusted nodes of the second network based on the service configuration information of the at least two first model services, and if the multiple model services include a second model service deployed on an untrusted node, the second model service is deployed in the untrusted nodes of the second network based on the service configuration information of the second model service.

[0107] The control center sends a second deployment instruction to the deployment service, so that the deployment service deploys the association relationship between the multiple model services based on the first association relationship.

[0108] Optionally, the deployment module is used for:

[0109] For each of the first model services, the baseline management service of the first network obtains the image file information and model file information of the first model service based on the service configuration information of the first model service, and determines the service baseline value of the first model service based on the image file information and the model file information of the first model service.

[0110] The control center registers all service baseline values ​​of the at least two first model services and the first association relationship to the remote proof service of the first network.

[0111] The remote proof service generates trusted baseline information for the model application based on the total service baseline values ​​of the at least two first model services and the first association relationship.

[0112] Optionally, the trusted verification device 500 further includes a configuration module, which is used for:

[0113] In response to the user's service configuration operation on the configuration page of the control platform, the service configuration information of each of the multiple model services is determined based on the service configuration operation;

[0114] In response to the user's selection operation of the plurality of model services on the configuration page, the model service corresponding to the selection operation among the plurality of model services is determined as the first model service to be deployed on the trusted node;

[0115] In response to the user's relationship configuration operation on the configuration page, a first association relationship among the plurality of model services is determined based on the relationship configuration operation;

[0116] The application configuration information is determined based on the service configuration information of each of the multiple model services, the first association relationship, and the deployment description representing the deployment of the first model service on the trusted node.

[0117] Optionally, the public cloud includes a first network and a second network for users, the second network being used to deploy the user's model application, the first network being used to manage the second network for different users, and the trusted verification device 500 further includes an update module, the update module being used for:

[0118] The control center of the first network obtains the updated configuration information for the third model service among the at least two first model services, and updates the trusted baseline information based on the updated configuration information. The updated configuration information includes the service update information of the third model service, which is deployed on a trusted node of the second network.

[0119] The control center sends an update deployment instruction to the deployment service of the second network, so that the deployment service updates the third model service based on the service update information of the third model service in the trusted node where the third model service is deployed.

[0120] Optionally, the updated configuration information further includes a change strategy for at least indicating whether it is compatible with historical versions; the update module is used for:

[0121] The baseline management service of the first network obtains the image file information and model file information of the third model service based on the service update information of the third model service, and determines the new service baseline value of the third model service based on the image file information and model file information of the third model service.

[0122] The control center sends an update request for the trusted baseline information to the remote proof service of the first network based on the new service baseline value and the change policy.

[0123] In response to the update request, the remote proof service updates the trusted baseline information based on the new service baseline value and the change policy.

[0124] Optionally, the trusted verification device 500 further includes a verification submodule, which is used for:

[0125] When the change strategy indicates that the third model service is incompatible with the historical version, the third model service is verified for trustworthiness based on the service metric value of the third model service and the new service baseline value.

[0126] When the change strategy indicates that the third model service is compatible with historical versions, the third model service is verified for trustworthiness based on the service metric value of the third model service and the total service baseline value of the third model service. The total service baseline value of the third model service includes the new service baseline value and the historical service baseline value of the third model service.

[0127] Optionally, the change strategy includes a first service version number of a compatible third model service, and the verification submodule is used for:

[0128] The third model service is verified for trustworthiness based on the service metric value of the third model service and the service baseline value of the third model service corresponding to the first service version number among all service baseline values ​​of the third model service.

[0129] Optionally, the change strategy includes the second service version number of the compatible third model service and the validity period corresponding to the second service version number, and the verification submodule is used for:

[0130] Based on the service metric value of the third model service and the service baseline value of the third model service corresponding to the third service version number among all service baseline values ​​of the third model service, the third model service is verified for trustworthiness. The third service version number is the service version number of the second service version number that is within the corresponding validity period.

[0131] Optionally, the verification module 503 is used for:

[0132] For each of the first model services, the service metric value of the first model service is verified against the service baseline value of the first model service in the trusted benchmark information.

[0133] Verify the second association relationship with the first association relationship in the trusted benchmark information;

[0134] The trusted verification device 500 further includes a determining module, which is used for:

[0135] If the service metrics and service baseline values ​​of at least two first model services are consistent and the second association is consistent with the first association, the model application is determined to be in a trusted state.

[0136] Based on the same concept, embodiments of this disclosure also provide a computer-readable medium having a computer program stored thereon, which, when executed by a processing device, implements the steps of the trusted verification method for the model application deployed in the public cloud described above.

[0137] Based on the same concept, this disclosure also provides an electronic device that may include:

[0138] A storage device on which computer programs are stored;

[0139] A processing device for executing a computer program stored in a storage device to implement the steps of the trusted verification method for the model application deployed in the public cloud described above.

[0140] Based on the same concept, this disclosure also provides a computer program product, including a computer program that, when executed by a processor, implements the steps of the trusted verification method for the model application deployed in the public cloud described above.

[0141] The following is for reference. Figure 6 The diagram illustrates a structural schematic of an electronic device 600 suitable for implementing embodiments of the present disclosure. Terminal devices in embodiments of the present disclosure may include, but are not limited to, mobile terminals such as mobile phones, laptops, digital broadcast receivers, PDAs (personal digital assistants), PADs (tablet computers), PMPs (portable multimedia players), in-vehicle terminals (e.g., in-vehicle navigation terminals), and fixed terminals such as digital TVs and desktop computers. Figure 6 The electronic device shown is merely an example and should not be construed as limiting the functionality and scope of the embodiments disclosed herein.

[0142] like Figure 6 As shown, electronic device 600 may include a processing device (e.g., a central processing unit, a graphics processor, etc.) 601, which can perform various appropriate actions and processes according to a program stored in read-only memory (ROM) 602 or a program loaded from storage device 608 into random access memory (RAM) 603. RAM 603 also stores various programs and data required for the operation of electronic device 600. Processing device 601, ROM 602, and RAM 603 are interconnected via bus 604. Input / output (I / O) interface 605 is also connected to bus 604.

[0143] Typically, the following devices can be connected to I / O interface 605: input devices 606 including, for example, touchscreens, touchpads, keyboards, mice, cameras, microphones, accelerometers, gyroscopes, etc.; output devices 607 including, for example, liquid crystal displays (LCDs), speakers, vibrators, etc.; storage devices 608 including, for example, magnetic tapes, hard disks, etc.; and communication devices 609. Communication device 609 allows electronic device 600 to communicate wirelessly or wiredly with other devices to exchange data. Although Figure 6 An electronic device 600 with various devices is shown; however, it should be understood that it is not required to implement or possess all of the devices shown. More or fewer devices may be implemented or possessed alternatively.

[0144] In particular, according to embodiments of this disclosure, the processes described above with reference to the flowcharts can be implemented as computer software programs. For example, embodiments of this disclosure include a computer program product comprising a computer program carried on a non-transitory computer-readable medium, the computer program containing program code for performing the methods shown in the flowcharts. In such embodiments, the computer program can be downloaded and installed from a network via a communication device 609, or installed from a storage device 608, or installed from a ROM 602. When the computer program is executed by the processing device 601, it performs the functions defined in the methods of embodiments of this disclosure.

[0145] It should be noted that the computer-readable medium described in this disclosure can be a computer-readable signal medium or a computer-readable storage medium, or any combination thereof. A computer-readable storage medium can be, for example,—but not limited to—an electrical, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination thereof. More specific examples of a computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer disk, a hard disk, random access memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), optical storage device, magnetic storage device, or any suitable combination thereof. In this disclosure, a computer-readable storage medium can be any tangible medium containing or storing a program that can be used by or in conjunction with an instruction execution system, apparatus, or device. In this disclosure, a computer-readable signal medium can include a data signal propagated in baseband or as part of a carrier wave, carrying computer-readable program code. Such propagated data signals can take various forms, including but not limited to electromagnetic signals, optical signals, or any suitable combination thereof. A computer-readable signal medium can be any computer-readable medium other than a computer-readable storage medium, which can send, propagate, or transmit a program for use by or in connection with an instruction execution system, apparatus, or device. The program code contained on the computer-readable medium can be transmitted using any suitable medium, including but not limited to: wires, optical fibers, RF (radio frequency), etc., or any suitable combination thereof.

[0146] In some implementations, communication can be conducted using any currently known or future-developed network protocol such as HTTP (Hypertext Transfer Protocol), and can be interconnected with digital data communication (e.g., communication networks) of any form or medium. Examples of communication networks include local area networks (“LANs”), wide area networks (“WANs”), the Internet (e.g., the Internet of Things), and end-to-end networks (e.g., ad hoc end-to-end networks), as well as any currently known or future-developed networks.

[0147] The aforementioned computer-readable medium may be included in the aforementioned electronic device; or it may exist independently and not assembled into the electronic device.

[0148] The aforementioned computer-readable medium carries one or more programs. When the electronic device executes the one or more programs, the electronic device causes the electronic device to: obtain trusted baseline information of a model application; wherein the model application is deployed on a public cloud, the model application includes multiple model services, the multiple model services include at least two first model services deployed on at least one trusted node of the public cloud, the trusted baseline information includes the service baseline values ​​of each of the at least two first model services and a first association relationship between the multiple model services; obtain the service metric value of each first model service from the trusted node, and obtain a second association relationship between the multiple model services from the node corresponding to each model service; and perform trusted verification of the model application based on the trusted baseline information, all service metric values ​​of the at least two first model services, and the second association relationship.

[0149] Computer program code for performing the operations of this disclosure can be written in one or more programming languages ​​or a combination thereof, including but not limited to object-oriented programming languages ​​such as Java, Smalltalk, and C++, as well as conventional procedural programming languages ​​such as the "C" language or similar programming languages. The program code can be executed entirely on the user's computer, partially on the user's computer, as a standalone software package, partially on the user's computer and partially on a remote computer, or entirely on a remote computer or server. In cases involving remote computers, the remote computer can be connected to the user's computer via any type of network—including a local area network (LAN) or a wide area network (WAN)—or can be connected to an external computer (e.g., via the Internet using an Internet service provider).

[0150] The flowcharts and block diagrams in the accompanying drawings illustrate the architecture, functionality, and operation of possible implementations of systems, methods, and computer program products according to various embodiments of this disclosure. In this regard, each block in a flowchart or block diagram may represent a module, segment, or portion of code containing one or more executable instructions for implementing a specified logical function. It should also be noted that in some alternative implementations, the functions indicated in the blocks may occur in a different order than those indicated in the drawings. For example, two consecutively indicated blocks may actually be executed substantially in parallel, and they may sometimes be executed in reverse order, depending on the functions involved. It should also be noted that each block in the block diagrams and / or flowcharts, and combinations of blocks in the block diagrams and / or flowcharts, can be implemented using a dedicated hardware-based system that performs the specified function or operation, or using a combination of dedicated hardware and computer instructions.

[0151] The modules described in the embodiments of this disclosure can be implemented in software or hardware. The names of the modules are not, in some cases, intended to limit the functionality of the module itself.

[0152] The functions described above in this document can be performed at least in part by one or more hardware logic components. For example, exemplary types of hardware logic components that can be used, without limitation, include: field-programmable gate arrays (FPGAs), application-specific integrated circuits (ASICs), application-specific standard products (ASSPs), system-on-a-chip (SoCs), complex programmable logic devices (CPLDs), and so on.

[0153] In the context of this disclosure, a machine-readable medium can be a tangible medium that may contain or store a program for use by or in conjunction with an instruction execution system, apparatus, or device. A machine-readable medium can be a machine-readable signal medium or a machine-readable storage medium. A machine-readable medium can be, but is not limited to, electronic, magnetic, optical, electromagnetic, infrared, or semiconductor systems, apparatus, or devices, or any suitable combination of the foregoing. More specific examples of machine-readable storage media include electrical connections based on one or more wires, portable computer disks, hard disks, random access memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), optical storage devices, magnetic storage devices, or any suitable combination of the foregoing.

[0154] The above description is merely a preferred embodiment of this disclosure and an explanation of the technical principles employed. Those skilled in the art should understand that the scope of this disclosure is not limited to technical solutions formed by specific combinations of the above-described technical features, but should also cover other technical solutions formed by arbitrary combinations of the above-described technical features or their equivalents without departing from the above-described concept. For example, technical solutions formed by substituting the above features with (but not limited to) technical features disclosed in this disclosure that have similar functions.

[0155] Furthermore, while the operations are described in a specific order, this should not be construed as requiring these operations to be performed in the specific order shown or in a sequential order. In certain environments, multitasking and parallel processing may be advantageous. Similarly, while several specific implementation details are included in the above discussion, these should not be construed as limiting the scope of this disclosure. Certain features described in the context of individual embodiments may also be implemented in combination in a single embodiment. Conversely, various features described in the context of a single embodiment may also be implemented individually or in any suitable sub-combination in multiple embodiments.

[0156] Although the subject matter has been described using language specific to structural features and / or methodological logic, it should be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or actions described above. Rather, the specific features and actions described above are merely illustrative forms of implementing the claims. Regarding the apparatus in the above embodiments, the specific manner in which the various modules perform their operations has been described in detail in the embodiments relating to the method, and will not be elaborated upon here.

Claims

1. A trusted verification method for a model application deployed in a public cloud, characterized in that, The trusted verification method includes: Obtain trusted baseline information for a model application; wherein the model application is deployed on a public cloud, the model application includes multiple model services, the multiple model services include at least two first model services deployed on at least one trusted node of the public cloud, and the trusted baseline information includes the service baseline value of each of the at least two first model services and a first association relationship between the multiple model services; The service metric value of each first model service is obtained from the trusted node, and the second association relationship between the multiple model services is obtained from the node corresponding to each model service in the multiple model services. Based on the trusted benchmark information, all service metrics of the at least two first model services, and the second association relationship, the model application is verified for trustworthiness. The trusted verification method further includes: If the service metrics and service baseline values ​​of at least two first model services are consistent and the second association is consistent with the first association, the model application is determined to be in a trusted state.

2. The trusted verification method for model applications deployed in public clouds according to claim 1, characterized in that, The public cloud includes a first network and a second network for users. The second network is used to deploy the user's model application, and the first network is used to manage the second network for different users. The model application is deployed in the following manner: The application configuration information of the model application is obtained through the control center of the first network, and the trusted baseline information is determined based on the application configuration information. The application configuration information includes the service configuration information of each of the multiple model services, the first association relationship, and a deployment description representing the deployment of the at least two first model services on the trusted node. The control center sends a first deployment instruction to the deployment service of the second network, so that the deployment service deploys the corresponding first model service in the trusted nodes of the second network based on the service configuration information of the at least two first model services, and if the multiple model services include a second model service deployed on an untrusted node, the second model service is deployed in the untrusted nodes of the second network based on the service configuration information of the second model service. The control center sends a second deployment instruction to the deployment service, so that the deployment service deploys the association relationship between the multiple model services based on the first association relationship.

3. The trusted verification method for model applications deployed in public clouds according to claim 2, characterized in that, Determining the trusted benchmark information based on the application configuration information includes: For each of the first model services, the baseline management service of the first network obtains the image file information and model file information of the first model service based on the service configuration information of the first model service, and determines the service baseline value of the first model service based on the image file information and the model file information of the first model service. The control center registers all service baseline values ​​of the at least two first model services and the first association relationship to the remote proof service of the first network. The remote proof service generates trusted baseline information for the model application based on the total service baseline values ​​of the at least two first model services and the first association relationship.

4. The trusted verification method for model applications deployed in public clouds according to claim 2 or 3, characterized in that, The application configuration information is obtained through the following configuration method: In response to the user's service configuration operation on the configuration page of the control platform, the service configuration information of each of the multiple model services is determined based on the service configuration operation; In response to the user's selection operation of the plurality of model services on the configuration page, the model service corresponding to the selection operation among the plurality of model services is determined as the first model service to be deployed on the trusted node; In response to the user's relationship configuration operation on the configuration page, a first association relationship among the plurality of model services is determined based on the relationship configuration operation; The application configuration information is determined based on the service configuration information of each of the multiple model services, the first association relationship, and the deployment description representing the deployment of the first model service on the trusted node.

5. The trusted verification method for a model application deployed in a public cloud according to any one of claims 1-3, characterized in that, The public cloud includes a first network and a second network for users. The second network is used to deploy the user's model application, and the first network is used to manage the second network for different users. The trusted verification method further includes: The control center of the first network obtains the updated configuration information for the third model service among the at least two first model services, and updates the trusted baseline information based on the updated configuration information. The updated configuration information includes the service update information of the third model service, which is deployed on a trusted node of the second network. The control center sends an update deployment instruction to the deployment service of the second network, so that the deployment service updates the third model service based on the service update information of the third model service in the trusted node where the third model service is deployed.

6. The trusted verification method for model applications deployed in public clouds according to claim 5, characterized in that, The updated configuration information also includes change strategies that at least indicate whether they are compatible with historical versions; Updating the trusted baseline information based on the updated configuration information includes: The baseline management service of the first network obtains the image file information and model file information of the third model service based on the service update information of the third model service, and determines the new service baseline value of the third model service based on the image file information and model file information of the third model service. The control center sends an update request for the trusted baseline information to the remote proof service of the first network based on the new service baseline value and the change policy. In response to the update request, the remote proof service updates the trusted baseline information based on the new service baseline value and the change policy.

7. The trusted verification method for model applications deployed in a public cloud according to claim 6, characterized in that, The trusted verification method further includes: When the change strategy indicates that the third model service is incompatible with the historical version, the third model service is verified for trustworthiness based on the service metric value of the third model service and the new service baseline value. When the change strategy indicates that the third model service is compatible with historical versions, the third model service is verified for trustworthiness based on the service metric value of the third model service and the total service baseline value of the third model service. The total service baseline value of the third model service includes the new service baseline value and the historical service baseline value of the third model service.

8. The trusted verification method for model applications deployed in public clouds according to claim 7, characterized in that, The change strategy includes the first service version number of the compatible third model service, and the trust verification of the third model service based on the service metric value of the third model service and the baseline values ​​of all services of the third model service includes: The third model service is verified for trustworthiness based on the service metric value of the third model service and the service baseline value of the third model service corresponding to the first service version number among all service baseline values ​​of the third model service.

9. The trusted verification method for model applications deployed in public clouds according to claim 7, characterized in that, The change strategy includes the second service version number of the compatible third model service and the validity period corresponding to the second service version number. The trust verification of the third model service based on its service metric value and all service baseline values ​​includes: Based on the service metric value of the third model service and the service baseline value of the third model service corresponding to the third service version number among all service baseline values ​​of the third model service, the third model service is verified for trustworthiness. The third service version number is the service version number of the second service version number that is within the corresponding validity period.

10. The trusted verification method for a model application deployed in a public cloud according to any one of claims 1-3, characterized in that, The basis for the trusted benchmark information, all service metrics of the at least two first model services, and the second association relationship includes: For each of the first model services, the service metric value of the first model service is verified against the service baseline value of the first model service in the trusted benchmark information. The second association relationship is verified against the first association relationship in the trusted benchmark information.

11. A trusted verification device for a model application deployed in a public cloud, characterized in that, The trusted verification device includes: The first acquisition module is used to acquire trusted baseline information of the model application; wherein the model application is deployed on a public cloud, the model application includes multiple model services, the multiple model services include at least two first model services deployed on at least one trusted node of the public cloud, and the trusted baseline information includes the service baseline value of each of the at least two first model services and a first correlation relationship between the multiple model services. The second acquisition module is used to acquire the service metric value of each of the first model services from the trusted node, and to acquire the second association relationship between the multiple model services from the nodes corresponding to each model service in the multiple model services. The verification module is used to perform trust verification on the model application based on the trusted benchmark information, all service metrics of the at least two first model services, and the second association relationship. The determination module is used to determine that the model application is in a trusted state when the service metrics and service baseline values ​​of the at least two first model services are consistent and the second association is consistent with the first association.

12. A computer-readable medium having a computer program stored thereon, characterized in that, When executed by a processing device, the computer program performs the steps of the method described in any one of claims 1-10.

13. An electronic device, characterized in that, include: A storage device on which computer programs are stored; A processing device for executing the computer program in the storage device to implement the steps of the method according to any one of claims 1-10.

14. A computer program product, comprising a computer program, characterized in that, When the computer program is executed by a processor, it implements the steps of the method according to any one of claims 1-10.