Search

CN-122020683-A - Digital asset protection method, device, equipment, medium and product

CN122020683ACN 122020683 ACN122020683 ACN 122020683ACN-122020683-A

Abstract

The application discloses a digital asset protection method, a device, equipment, a medium and a product, wherein the method comprises the steps of acquiring authorization metadata corresponding to a target digital asset based on a mixed authorization mode, wherein the mixed authorization mode is an authorization mode of combining physical lock and soft authorization; and if the verification is passed, loading the target digital asset in a target loading mode. The application realizes the flexible adjustment of the authorization strategy by combining the physical lock and the soft authorization, can respond to service change without changing hardware, and greatly improves the flexibility of authorization management while ensuring the safety bottom line.

Inventors

  • LI MINJUN
  • WANG MIAO
  • HUANG SHUANG
  • LIU JUNHUA
  • XU ZHAN
  • Lin Xialv

Assignees

  • 科大讯飞股份有限公司
  • 安徽星盾智能科技有限公司

Dates

Publication Date
20260512
Application Date
20260114

Claims (13)

  1. 1. A method of digital asset protection, comprising: acquiring authorization metadata corresponding to a target digital asset based on a hybrid authorization mode, wherein the hybrid authorization mode is an authorization mode of combining physical lock and soft authorization; Verifying the target resource in the authorization metadata; and if the verification is passed, loading the target digital asset in a target loading mode.
  2. 2. The digital asset protection method of claim 1, wherein the physical lock is an authorization server deployed on a physical server, and the soft authorization is an authorization client deployed in the target digital asset; the obtaining authorization metadata based on the hybrid authorization mode includes: Acquiring soft authorization metadata from the authorization client and resource authorization metadata from the target digital asset; acquiring the physical lock authorization metadata through an encryption communication channel established between the authorization client and the authorization server, wherein the physical lock authorization metadata is configured at the lock authorization server; The authorization metadata is composed of the soft authorization metadata, the resource authorization metadata and the physical lock authorization metadata.
  3. 3. The digital asset protection method of claim 1, wherein said verifying the target resource in the authorization metadata comprises: When the target digital resource is started, performing authorization verification on the target resource in the authorization metadata; And when the target digital resource runs, performing aging verification on the target resource in the authorization metadata.
  4. 4. A digital asset protection method as defined in claim 3, wherein said performing an authorization check on a target resource in said authorization metadata comprises: Calculating the resource identification of the target digital asset, comparing the resource identification of the target digital asset with the resource identification in the soft authorization metadata, and determining the authorization legitimacy of the target digital asset; Comparing the user identification in the resource authorization metadata with the user identification in the physical lock authorization metadata to determine the legitimacy of the current user; comparing the resource version in the soft authorization metadata with the resource version in the resource authorization metadata to determine the consistency of the resource version; And determining a target open function corresponding to the target digital asset according to the open function range in the soft authorization metadata.
  5. 5. The digital asset protection method of claim 1, wherein said loading said target digital asset by a target loading means comprises: Obtaining a disguised digital asset, wherein the disguised digital asset is a binary file; analyzing the disguised digital asset according to a preset decryption algorithm, and positioning and storing a data block of the target digital asset; acquiring a loading interface from a data block of the target digital asset; And acquiring the target digital asset from the loading interface according to a preset calling sequence rule.
  6. 6. The digital asset protection method of claim 5, wherein said obtaining a camouflaged digital asset comprises: encrypting and compressing the target digital asset to obtain a compressed digital asset; Dividing the compressed digital asset to obtain a divided digital asset; Embedding the segmented digital asset into a file in a preset format, and adding a disguised file to obtain the disguised digital asset, wherein the disguised file at least comprises false data and a false interface.
  7. 7. The digital asset protection method of claim 1, wherein said loading said target digital asset by a target loading means comprises: When the target digital asset is an AI model, configuring corresponding offset for weight parameters of each layer of the AI model to obtain a packaged AI model, wherein the offset configured by different layers of the AI model is different; And performing reverse offset operation on the weight parameters of each layer of the packaged AI model according to a pre-stored offset comparison table to obtain the AI model, wherein the pre-stored offset comparison table stores the mapping relation between the weight parameters and the offset of each layer of the AI model.
  8. 8. The digital asset protection method of claim 1, wherein said loading said target digital asset by a target loading means comprises: Constructing a mapping relation table, wherein the mapping relation table comprises an input deformation mapping table and an output restoration mapping table; converting the original data in the target digital asset into corresponding deformed data according to the input deformed mapping table; And restoring the deformed data into original data according to the output restoration mapping table to obtain the target digital asset.
  9. 9. The digital asset protection method of claim 1, wherein the method further comprises: Inserting at least one set of tracking feature data having a preset output pattern into the target digital asset; Periodically sending a detection request containing the tracking feature data to a target service interface, and acquiring a corresponding output response; Judging the output response; if the output response contains the characteristics matched with the tracking characteristic data, generating a resource leakage alarm, and tracing the leakage source according to the authorization identifier associated with the tracking characteristic data.
  10. 10. A digital asset protection device, comprising: The data acquisition module is used for acquiring authorization metadata corresponding to the target digital asset based on a hybrid authorization mode, wherein the hybrid authorization mode is an authorization mode of combining a physical lock with a soft authorization; the verification module is used for verifying the target resource in the authorization metadata; and the loading module is used for loading the target digital asset in a target loading mode if the verification is passed.
  11. 11. A computer device comprising a memory, and one or more processors communicatively coupled to the memory; stored in the memory are instructions executable by the one or more processors to cause the one or more processors to implement the digital asset protection method of any one of claims 1 to 9.
  12. 12. A computer readable storage medium comprising a program or instructions which, when run on a computer, implement the digital asset protection method of any one of claims 1 to 9.
  13. 13. A computer program product comprising a computer program which, when executed by a processor, implements the digital asset protection method of any one of claims 1 to 9.

Description

Digital asset protection method, device, equipment, medium and product Technical Field The present application relates to the field of computer technologies, and in particular, to a digital asset protection method, apparatus, device, medium, and product. Background Currently, in the intelligent transformation of an enterprise driven by AI technology, suppliers face risks of illegal copying, misuse, version stealing, core algorithm leakage and the like of resources when key digital assets, such as AI engines, related knowledge bases and model weights, are used. Currently, encryption mechanisms are mainly adopted for digital asset protection, and different types of digital assets are usually protected by combining a differentiated encryption algorithm and an independent key so as to balance security and loading efficiency. However, the above method is poor in flexibility. Disclosure of Invention The application mainly aims to provide a digital asset protection method, device, equipment, medium and product, which can promote the balance between the tightness and flexibility of an authorization strategy of digital assets, avoid excessive or insufficient authorization and further promote the security of the digital assets. To achieve the above object, in a first aspect, the present application provides a digital asset protection method, including: Acquiring authorization metadata corresponding to a target digital asset based on a hybrid authorization mode, wherein the hybrid authorization mode is an authorization mode of combining a physical lock with soft authorization; Verifying the target resource in the authorization metadata; and if the verification is passed, loading the target digital asset in a target loading mode. In one embodiment, the physical lock is an authorization server deployed on a physical server, and the soft authorization is an authorization client deployed in the target digital asset; Based on the hybrid authorization mode, obtaining authorization metadata includes: acquiring soft authorization metadata from an authorization client and resource authorization metadata from a target digital asset; acquiring physical lock authorization metadata through an encryption communication channel established between an authorization client and an authorization server, wherein the physical lock authorization metadata is configured at the lock authorization server; The authorization metadata is composed of soft authorization metadata, resource authorization metadata and physical lock authorization metadata. In one embodiment, verifying the target resource in the authorization metadata includes: When the target digital resource is started, performing authorization verification on the target resource in the authorization metadata; and when the target digital resource runs, performing aging verification on the target resource in the authorization metadata. In one embodiment, performing authorization verification on a target resource in authorization metadata includes: Calculating the resource identification of the target digital asset, comparing the resource identification of the target digital asset with the resource identification in the soft authorization metadata, and determining the authorization legitimacy of the target digital asset; Comparing the user identification in the resource authorization metadata with the user identification in the physical lock authorization metadata to determine the legitimacy of the current user; comparing the resource version in the soft authorization metadata with the resource version in the resource authorization metadata to determine the consistency of the resource version; and determining a target open function corresponding to the target digital asset according to the open function range in the soft authorization metadata. In one embodiment, loading the target digital asset by a target loading means includes: Acquiring a disguised digital asset, wherein the disguised digital asset is a binary file; Resolving the disguised digital asset according to a preset decryption algorithm, and positioning a data block for storing the target digital asset; acquiring a loading interface from a data block of a target digital asset; and acquiring the target digital asset from the loading interface according to a preset calling sequence rule. In one embodiment, obtaining a camouflage digital asset comprises: Encrypting and compressing the target digital asset to obtain a compressed digital asset; dividing the compressed digital asset to obtain a divided digital asset; embedding the segmented digital asset into a file in a preset format, and adding a disguised file to obtain the disguised digital asset, wherein the disguised file at least comprises false data and a false interface. In one embodiment, loading the target digital asset by a target loading means includes: when the target digital asset is an AI model, configuring corresponding offset for weight parameters of each layer o