Search

CN-121984779-A - Large model reasoning method and intelligent device of end cloud cooperation

CN121984779ACN 121984779 ACN121984779 ACN 121984779ACN-121984779-A

Abstract

The application relates to the technical field of communication, in particular to a large model reasoning method and intelligent equipment of end-cloud cooperation, and aims to solve the problem of insufficient data protection in the existing cross-end model reasoning process. The cloud collaborative large model reasoning method comprises the steps that a terminal transmits a temporary data key to a cloud deployed credential management server for storage, encrypts demand information by the aid of the temporary data key and transmits the encrypted demand information to a cloud deployed target reasoning server, so that the target reasoning server decrypts encrypted demand information ciphertext after obtaining the temporary data key by sending a key obtaining request to the credential management server, and reasoning the decrypted demand information by means of a large model. According to the scheme, the demand data can be encrypted in the process of trans-terminal transmission between the terminal and the cloud terminal, and the user data such as demand information is isolated from the temporary data key, so that the trans-terminal data transmission safety and confidentiality are facilitated, and the leakage risk is reduced.

Inventors

  • FENG ZHENTAN
  • SUN YING
  • LU LONG
  • LIU YANJUN
  • JIANG WU
  • CHEN FEIYAN
  • XIONG JUNFENG
  • ZHANG TAO
  • HUANG ZIHAO
  • LU SONGLIN
  • WANG DECHAO

Assignees

  • 蔚来汽车科技(安徽)有限公司

Dates

Publication Date
20260505
Application Date
20260313

Claims (10)

  1. 1. The large model reasoning method of the end cloud cooperation is characterized by being applied to a terminal, and comprises the following steps: generating a temporary data key in a starting-up stage; Encrypting the temporary data key; transmitting the encrypted temporary data key to a credential management server deployed in the cloud so that the credential management server decrypts the encrypted temporary data key and stores the decrypted temporary data key; the method comprises the steps of obtaining demand information, and encrypting the demand information by utilizing the temporary data key to obtain a demand information ciphertext; and sending the demand information ciphertext, the terminal identity and the message routing plaintext to a control server deployed in the cloud, so that the control server forwards the demand information ciphertext and the terminal identity to a target reasoning server based on the message routing plaintext, the target reasoning server sends a key acquisition request to the credential management server at least based on the terminal identity, decrypts the demand information ciphertext after acquiring the temporary data key, and utilizes a large model to reason the demand information obtained after decryption.
  2. 2. The method of claim 1, wherein prior to encrypting the demand information using the temporary data key, the method further comprises: generating a temporary key pair in the starting-up stage, wherein the temporary key pair comprises a temporary identity public key and a temporary identity private key; Transmitting the temporary identity public key to the credential management server, and signing the demand information by utilizing the temporary identity private key so as to encrypt the signed demand information by utilizing the temporary data key to obtain the demand information ciphertext; Encrypting the demand information by using the temporary data key, and after obtaining a demand information ciphertext, the method further comprises: And sending a signature value obtained after signing the demand information to the control server, so that the control server forwards the demand information ciphertext, the terminal identity and the signature value to the target reasoning server based on the message routing plaintext, the target reasoning server sends a key acquisition request to the credential management server based on the terminal identity and the signature value, the credential management server carries out signature verification on the terminal based on the temporary identity public key and the signature value obtained after signing the demand information, and the temporary data key corresponding to the terminal identity is sent to the target reasoning server after the signature verification is passed.
  3. 3. The method of claim 2, wherein after transmitting the temporary identity public key to the credential management server, the method further comprises: And generating a negotiation key shared with the credential management server based on the temporary identity private key and an embedded public key, wherein the embedded public key is the public key of the credential management server so as to encrypt the temporary data key by using the negotiation key.
  4. 4. A method according to any one of claims 1 to 3, wherein after sending the demand information ciphertext, terminal identity, and message routing plaintext to a cloud-deployed control server, the method further comprises: receiving result packaging data sent by the target reasoning server, wherein the result packaging data at least comprises a reasoning result obtained by the target reasoning server for reasoning the demand information and encrypting by using the temporary data key; and decrypting the reasoning result by using the temporary data key to obtain a reasoning result plaintext, wherein the target reasoning server is determined from a plurality of reasoning servers by the control server according to the confidential service state bit and the service switch state bit.
  5. 5. The method of claim 4, wherein the result packed data further comprises a remote attestation result, the remote attestation result is obtained by the credential management server sending a remote verification request to the target inference server, receiving an attestation report generated by the target inference server in response to the remote verification request, remotely verifying the target inference server based on the attestation report, and transmitting the result of the remote verification to the target inference server, such that the target inference server sends a key acquisition request to the credential management server when the remote attestation result is verification passing.
  6. 6. The method of claim 5, wherein prior to decrypting the inference result using the temporary data key, the method further comprises: And verifying the remote proving result, and decrypting the reasoning result by using the temporary data key when the verification is passed.
  7. 7. A method according to any one of claims 1 to 3, wherein after transmitting the encrypted temporary data key to a cloud-deployed credential management server, the method further comprises: and sending a shutdown signal to the credential management server so that the credential management server records a timestamp corresponding to the shutdown signal, and determining the valid period of the temporary data key based on the timestamp.
  8. 8. The large model reasoning method based on the end cloud cooperation is characterized by being applied to a target reasoning server, wherein the target reasoning server is deployed at a cloud end, and the method comprises the following steps: At least receiving a demand information ciphertext and a terminal identity identifier which are forwarded by a control server based on a message routing plaintext, wherein the demand information ciphertext, the terminal identity identifier and the routing message plaintext are sent to the control server deployed by a cloud end by a terminal; Sending a key acquisition request to a credential management server deployed in the cloud based at least on the terminal identity; acquiring a temporary data key fed back by the credential management server in response to the key acquisition request, and decrypting the demand information ciphertext by using the temporary data key to obtain demand information; and reasoning the demand information by using a large model.
  9. 9. The method of claim 8, wherein receiving at least the ciphertext of the demand information and the terminal identity forwarded by the control server based on the message routing plaintext comprises: Receiving the demand information ciphertext forwarded by the control server based on the message routing plaintext, the terminal identity identifier and a signature value obtained by signing the demand information, wherein the demand information ciphertext is obtained by signing the demand information acquired by the terminal by using a temporary identity private key through the terminal, and encrypting the signed demand information by using the temporary data key.
  10. 10. The method of claim 9, wherein sending a key acquisition request to a cloud-deployed credential management server based at least on the terminal identity comprises: And sending a key acquisition request to the credential management server based on the terminal identity and the signature value, so that the credential management server performs signature verification on the terminal based on a temporary identity public key generated by the terminal and the signature value, and sending the temporary data key corresponding to the terminal identity to the target inference server after the signature verification is passed.

Description

Large model reasoning method and intelligent device of end cloud cooperation Technical Field The application relates to the technical field of communication, in particular to a large model reasoning method and intelligent equipment for end-cloud cooperation. Background In the scene that the large model is applied to the intelligent cabin, the situation of vehicle cloud cross-end transmission and operation exists in the process of model reasoning of user data, so that the situation that the user data is easy to leak or be used by a third party in the process of model reasoning is easy to occur. The traditional user data protection scheme mainly uses static protection, namely, when the data is stored, ciphertext is generated and the data is not used for storing only, but under the cloud model reasoning scene, the user data needs to be calculated at the cloud and the calculation process needs plaintext, and the end-to-end data protection becomes a difficult point. Disclosure of Invention The application aims to solve the technical problems, namely the problem of insufficient data protection in the existing cross-end model reasoning process. In a first aspect, the present application provides a large model reasoning method of end-cloud collaboration, which is applied to a terminal, and the method includes: generating a temporary data key in a starting-up stage; Encrypting the temporary data key; transmitting the encrypted temporary data key to a credential management server deployed in the cloud so that the credential management server decrypts the encrypted temporary data key and stores the decrypted temporary data key; the method comprises the steps of obtaining demand information, and encrypting the demand information by utilizing the temporary data key to obtain a demand information ciphertext; and sending the demand information ciphertext, the terminal identity and the message routing plaintext to a control server deployed in the cloud, so that the control server forwards the demand information ciphertext and the terminal identity to a target reasoning server based on the message routing plaintext, the target reasoning server sends a key acquisition request to the credential management server at least based on the terminal identity, decrypts the demand information ciphertext after acquiring the temporary data key, and utilizes a large model to reason the demand information obtained after decryption. In some embodiments, prior to encrypting the demand information with the temporary data key, the method further comprises: generating a temporary key pair in the starting-up stage, wherein the temporary key pair comprises a temporary identity public key and a temporary identity private key; Transmitting the temporary identity public key to the credential management server, and signing the demand information by utilizing the temporary identity private key so as to encrypt the signed demand information by utilizing the temporary data key to obtain the demand information ciphertext; Encrypting the demand information by using the temporary data key, and after obtaining a demand information ciphertext, the method further comprises: And sending a signature value obtained after signing the demand information to the control server, so that the control server forwards the demand information ciphertext, the terminal identity and the signature value to the target reasoning server based on the message routing plaintext, the target reasoning server sends a key acquisition request to the credential management server based on the terminal identity and the signature value, the credential management server carries out signature verification on the terminal based on the temporary identity public key and the signature value obtained after signing the demand information, and the temporary data key corresponding to the terminal identity is sent to the target reasoning server after the signature verification is passed. In some embodiments, after transmitting the temporary identity public key to the credential management server, the method further comprises: And generating a negotiation key shared with the credential management server based on the temporary identity private key and an embedded public key, wherein the embedded public key is the public key of the credential management server so as to encrypt the temporary data key by using the negotiation key. In some embodiments, after the demand information ciphertext, the terminal identity, and the message routing plaintext are sent to a control server deployed in the cloud, the method further includes: receiving result packaging data sent by the target reasoning server, wherein the result packaging data at least comprises a reasoning result obtained by the target reasoning server for reasoning the demand information and encrypting by using the temporary data key; and decrypting the reasoning result by using the temporary data key to obtain a reasoning result plaintext, wherein the