Search

CN-122027366-A - Security verification method, device, medium, equipment and product of large model service

CN122027366ACN 122027366 ACN122027366 ACN 122027366ACN-122027366-A

Abstract

A security verification method, a device, a medium, a device and a product of large model service relate to the technical field of computers, when a private key checking request sent by an intermediate link service is received based on a key management service, the intermediate link service is added into a trusted execution environment in response to determining that the intermediate link service is not trusted according to the private key checking request, wherein the private key checking request is sent by the intermediate link service when an encryption reasoning request sent by a client is received, the private key checking request indicates to check the private key of the client, the intermediate link service is trusted according to the private key checking request, and the private key of the client is sent to the intermediate link service, so that the intermediate link service requesting the private key can be ensured to be in the trusted execution environment, namely the security of the intermediate link service is ensured.

Inventors

  • YANG ZIYE
  • LIU HUIQI
  • WEN JIAN

Assignees

  • 北京火山引擎科技有限公司

Dates

Publication Date
20260512
Application Date
20260413

Claims (11)

  1. 1. A security verification method for a large model service, comprising: receiving a private key checking request sent by an intermediate link service based on a key management service, wherein the private key checking request is sent by the intermediate link service when receiving an encryption reasoning request sent by a client, and the private key checking request indicates to check a private key of the client; Responsive to determining that the intermediate link service is not trusted according to the private key viewing request, joining the intermediate link service to a trusted execution environment; And in response to determining that the intermediate link service is trusted according to the private key viewing request, sending the private key of the client to the intermediate link service.
  2. 2. The security verification method of a large model service of claim 1, the method further comprising: and determining that the intermediate link service is not trusted in response to the absence of the remote attestation report corresponding to the intermediate link service.
  3. 3. The security verification method of a large model service of claim 1, the method further comprising: And determining that the intermediate link service is not trusted in response to the existence of the remote attestation report corresponding to the intermediate link service and the absence of registration information corresponding to the intermediate link service in the key management service.
  4. 4. The method for securely validating large model services of claim 1, said joining said intermediate link service to a trusted execution environment, comprising: acquiring a trusted image of the intermediate link service, and deploying the trusted image to a target resource of the trusted execution environment; acquiring a remote proving report of the intermediate link service, and verifying the remote proving report; and in response to the verification passing, determining that the intermediate link service successfully joins the trusted execution environment.
  5. 5. The method of security verification of large model services of claim 1, the private key viewing request being sent by the intermediate link service upon determining that the cryptographic reasoning request carries a specified identification.
  6. 6. The security verification method of a large model service according to claim 1, the private key viewing request including identity information of the intermediate link service, the method further comprising: And in response to determining that the intermediate link service is a newly added intermediate link service according to the identity information, and the newly added intermediate link service is not trusted, adding the newly added intermediate link service into a trusted execution environment.
  7. 7. The method of security verification of a large model service of claim 1, the key management service comprising a decryption detection module, the method further comprising: Acquiring abnormal information of the key management service based on the decryption detection module; searching target information corresponding to the intermediate link service from the abnormal information; And acquiring the safety information of the intermediate link service according to the target information, and determining whether the intermediate link service is credible or not according to the safety information.
  8. 8. A security verification apparatus for a large model service, comprising: The system comprises a receiving module, a key management module and a storage module, wherein the receiving module is configured to receive a private key checking request sent by an intermediate link service based on a key management service, the private key checking request is sent by the intermediate link service when receiving an encryption reasoning request sent by a client, and the private key checking request indicates to check a private key of the client; a joining module configured to join the intermediate link service into a trusted execution environment in response to determining that the intermediate link service is not trusted according to the private key viewing request; And the sending module is configured to send the private key of the client to the intermediate link service in response to determining that the intermediate link service is trusted according to the private key viewing request.
  9. 9. A computer readable medium having stored thereon a computer program, wherein the computer program, when being executed by a processing device, realizes the steps of the method of any of claims 1-7.
  10. 10. An electronic device, comprising: a storage device having a computer program stored thereon; processing means for executing said computer program in said storage means to carry out the steps of the method according to any one of claims 1-7.
  11. 11. A computer program product comprising a computer program, wherein the computer program, when executed by a processor, implements the steps of the method of any of claims 1-7.

Description

Security verification method, device, medium, equipment and product of large model service Technical Field The technical scheme relates to the technical field of computers, in particular to a security verification method, a security verification device, a security verification medium, security verification equipment and security verification products for large-scale model services. Background MaaS (Model AS A SERVICE, model, service) is one of PaaS (Platform AS A SERVICE, platform, service) services, maaS is a cloud computing mode for delivering an artificial intelligence Model in a service form, training, fine tuning, evaluation, reasoning and deployment of the Model can be achieved through the mode, and a user has high requirements on security of a service provider in the process of providing the service. Therefore, how to effectively ensure the security of user data in the process of providing the reasoning service is a technical problem to be solved. Disclosure of Invention This summary is provided to introduce a selection of concepts in a simplified form that are further described below in the detailed description. This summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used to limit the scope of the claimed subject matter. In a first aspect, a security verification method for a large model service is provided, including: receiving a private key checking request sent by an intermediate link service based on a key management service, wherein the private key checking request is sent by the intermediate link service when receiving an encryption reasoning request sent by a client, and the private key checking request indicates to check a private key of the client; Responsive to determining that the intermediate link service is not trusted according to the private key viewing request, joining the intermediate link service to a trusted execution environment; And in response to determining that the intermediate link service is trusted according to the private key viewing request, sending the private key of the client to the intermediate link service. In a second aspect, a security verification apparatus for a large model service is provided, including: The system comprises a receiving module, a key management module and a storage module, wherein the receiving module is configured to receive a private key checking request sent by an intermediate link service based on a key management service, the private key checking request is sent by the intermediate link service when receiving an encryption reasoning request sent by a client, and the private key checking request indicates to check a private key of the client; a joining module configured to join the intermediate link service into a trusted execution environment in response to determining that the intermediate link service is not trusted according to the private key viewing request; And the sending module is configured to send the private key of the client to the intermediate link service in response to determining that the intermediate link service is trusted according to the private key viewing request. In a third aspect, there is provided a computer readable medium having stored thereon a computer program which, when executed by a processing device, implements the steps of the method of the first aspect. In a fourth aspect, there is provided an electronic device comprising: a storage device having a computer program stored thereon; Processing means for executing said computer program in said storage means to carry out the steps of the method according to the first aspect. In a fifth aspect, there is provided a computer program product comprising a computer program which, when executed by a processor, implements the steps of the method of the first aspect. According to the technical scheme, when the private key checking request sent by the intermediate link service is received, the key management service responds to the fact that the intermediate link service is not trusted according to the private key checking request, the unreliable intermediate link service is added into the trusted execution environment through the key management service, wherein the private key checking request is sent by the intermediate link service when the encryption reasoning request sent by the client is received, the private key checking request is used for indicating to check the private key of the client, the private key of the client is sent to the intermediate link service in response to the fact that the intermediate link service is trusted according to the private key checking request, and the user data can be prevented from being illegally intercepted at the intermediate link service by detecting whether the intermediate link service is trusted or not and adding the intermediate link service into the trusted execution environment under the condition that the intermediate link service is not truste