Search

US-12627471-B2 - Secure generative-artificial intelligence platform integration on a cloud service

US12627471B2US 12627471 B2US12627471 B2US 12627471B2US-12627471-B2

Abstract

The present disclosure relates to secure deployment of model weights from a generative artificial intelligence (GenAI) platform to a cloud service. The method includes accessing the model metadata and a set of weights of a GenAI model associated with a GenAI platform. These model weights may be encrypted using a first encryption key that may be provided in the model metadata. These encrypted model weights may be decrypted based on the model metadata by utilizing the first encryption key from the model metadata. Each key may be associated with the specific type of GenAI model. Before storing the model weights from the GenAI platform cloud tenancy to a cloud storage in GenAI home region, the model weights may be encrypted again by utilizing a second encryption key. This encryption by the cloud may enable independent control over the sensitive information during transit and storing.

Inventors

  • Ming Fang
  • Simo Lin
  • Beiwen Guo
  • Wei Gao

Assignees

  • ORACLE INTERNATIONAL CORPORATION

Dates

Publication Date
20260512
Application Date
20240528

Claims (20)

  1. 1 . A computer-implemented method comprising: accessing a model metadata and a set of weights of a generative machine-learning model encrypted using a first encryption key that is generated by a generative machine-learning platform, wherein the generative machine-learning model is associated with the generative machine-learning platform hosted on a cloud, and wherein the model metadata includes the first encryption key; utilizing the first encryption key from the model metadata to decrypt, based on the model metadata, the set of weights of the generative machine-learning model; generating a second encryption key within a cloud home region; encrypting, based on the model metadata, the set of weights by the second encryption key; storing the encrypted set of weights to a cloud storage in the cloud home region; accessing the encrypted set of weights from the cloud storage; decrypting the encrypted set of weights using the second encryption key; loading the set of weights from the cloud storage to a temporary storage; receiving an inference query associated with the generative machine-learning model into the temporary storage; performing an inference task by applying the set of weights to the inference query; generating an inference output in response to performing the inference task; and deleting the set of weights from the temporary storage.
  2. 2 . The computer-implemented method of claim 1 , wherein the model metadata is stored in a generative machine-learning platform cloud tenancy.
  3. 3 . The computer-implemented method of claim 1 , wherein the first encryption key is associated with a single set of model weights of the generative machine-learning model.
  4. 4 . The computer-implemented method of claim 1 , wherein the first and second encryption keys are associated with a specific type of the generative machine-learning models.
  5. 5 . The computer-implemented method of claim 1 , further comprising: deploying the encrypted set of weights of the generative machine-learning model in a namespace within the cloud home region, wherein each deployment is associated with a single service account.
  6. 6 . The computer-implemented method of claim 1 , wherein the second encryption key is accessed by a single service account.
  7. 7 . The computer-implemented method of claim 1 , further comprising: rotating encryption keys after a predefined interval of time by generating a new second encryption key; decrypting the first encryption key with the second encryption key; encrypting the first encryption key using the new second encryption key; and storing the first encryption key and the new second encryption key in a cloud identity module.
  8. 8 . A system comprising: one or more data processors; and a non-transitory computer readable storage medium containing instructions which, when executed on the one or more data processors, cause the one or more data processors to perform actions including: accessing a model metadata and a set of weights of a generative machine-learning model encrypted using a first encryption key that is generated by a generative machine-learning platform, wherein the generative machine-learning model is associated with the generative machine-learning platform hosted on a cloud, and wherein the model metadata includes the first encryption key; utilizing the first encryption key from the model metadata to decrypt, based on the model metadata, the set of weights of the generative machine-learning model; generating a second encryption key within a cloud home region; encrypting, based on the model metadata, the set of weights by the second encryption key; storing the encrypted set of weights to a cloud storage in the cloud home region; accessing the encrypted set of weights from the cloud storage; decrypting the encrypted set of weights using the second encryption key; loading the set of weights from the cloud storage to a temporary storage; receiving an inference query associated with the generative machine-learning model into the temporary storage; performing an inference task by applying the set of weights to the inference query; generating an inference output in response to performing the inference task; and deleting the set of weights from the temporary storage.
  9. 9 . The system of claim 8 , wherein the model metadata is stored in a generative machine-learning platform cloud tenancy.
  10. 10 . The system of claim 8 , wherein the first encryption key is associated with a single set of model weights of the generative machine-learning model.
  11. 11 . The system of claim 8 , wherein the first and second encryption keys are associated with a specific type of the generative machine-learning models.
  12. 12 . The system of claim 8 , wherein the actions further include: deploying the encrypted set of weights of the generative machine-learning model in a namespace within the cloud home region, wherein each deployment is associated with a single service account.
  13. 13 . The system of claim 8 , wherein the second encryption key is accessed by a single service account.
  14. 14 . A computer-program product tangibly embodied in a non-transitory machine-readable storage medium, including instructions configured to cause one or more data processors to perform actions including: accessing a model metadata and a set of weights of a generative machine-learning model encrypted using a first encryption key that is generated by a generative machine-learning platform, wherein the generative machine-learning model is associated with the generative machine-learning platform hosted on a cloud, and wherein the model metadata includes the first encryption key; utilizing the first encryption key from the model metadata to decrypt, based on the model metadata, the set of weights of the generative machine-learning model; generating a second encryption key within a cloud home region; encrypting, based on the model metadata, the set of weights by the second encryption key; storing the encrypted set of weights to a cloud storage in the cloud home region; accessing the encrypted set of weights from the cloud storage; decrypting the encrypted set of weights using the second encryption key; loading the set of weights from the cloud storage to a temporary storage; receiving an inference query associated with the generative machine-learning model into the temporary storage; performing an inference task by applying the set of weights to the inference query; generating an inference output in response to performing the inference task; and deleting the set of weights from the temporary storage.
  15. 15 . The computer-program product of claim 14 , wherein the model metadata is stored in a generative machine-learning platform cloud tenancy.
  16. 16 . The computer-program product of claim 14 , wherein the first and second encryption keys are associated with a specific type of the generative machine-learning models.
  17. 17 . The computer-program product of claim 14 , wherein the actions further include: deploying the encrypted set of weights of the generative machine-learning model in a namespace within the cloud home region, wherein each deployment is associated with a single service account.
  18. 18 . The computer-program product of claim 14 , wherein the first encryption key is associated with a single set of model weights of the generative machine-learning model.
  19. 19 . The computer-program product of claim 14 , wherein the second encryption key is accessed by a single service account.
  20. 20 . The computer-program product of claim 14 , wherein the actions further include: rotating encryption keys after a predefined interval of time by generating a new second encryption key; decrypting the first encryption key with the second encryption key; encrypting the first encryption key using the new second encryption key; and storing the first encryption key and the new second encryption key in a cloud identity module.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS This application claims the priority to and the benefit of U.S. Provisional Application No. 63/583,167, filed on Sep. 15, 2023, and U.S. Provisional Application 63/583,169, filed on Sep. 15, 2023. Each of these applications is hereby incorporated by reference in its entirety for all purposes. BACKGROUND While generative artificial intelligence (GenAI) is still in its early stages of adoption, several dedicated platforms have emerged that specialize in training and generating the foundation models. Machine-learning models can be trained on big datasets and leverage deep-learning technologies. For example, a machine-learning model may use a transformer model and/or large language model (LLM). GenAI may be a significant technology as it enables the automated production of personalized content at a scale. GenAI can write code to support the development lifecycle, including a variety of unit, validation, and integration tests. Data scientists can benefit from GenAI by generating data without revealing sensitive or personal information. Synthetic data generation techniques are immensely used in the financial and healthcare sectors. For example, a human capital management (HCM) application can use GenAI to draft job description, summarize job applications and outline online learning courses. However, the rapid advancements in this domain have brought the challenges of governance, security, and privacy to the mainstream focus. The security of weights of GenAI model within a cloud platform may be important because such weights control performance of the models; therefore, creating secure defense system against unauthorized access and potential data breaches may be required. Consequently, such technologies may be of concerns that provide a secure and seamless integration access to GenAI platforms and that provide a robust and protected environment for leveraging GenAI capabilities and delivering enterprise-grade secure AI systems. SUMMARY Certain aspects and the features of the present disclosure relate to a secure integration of generative machine-learning or artificial intelligence (GenAI) platforms within a cloud service. The system enables hosting a variety of machine-learning models including large language models (LLMs) and generative models through a consolidated and consistent set of application programming interfaces (APIs), including the models sourced from external GenAI platforms and/or open-source models. When a GenAI model, such as LLM is trained, weights of the LLM are learned. Hence, the learned set of weights represents a machine-learning model, and the competitive advantage of models depends on how accurately the weights of model are learnt for different use cases. Therefore, it is important that the weights are securely stored and/or retrieved from a storage. When a client requests a GenAI task (e.g., inference task, such as generating a text or an image), it may initiate a collaborative process between the GenAI platform and the cloud infrastructure, with the goal of efficiently fulfilling the task while maintaining data privacy and security. In this context, the GenAI platform may share a model metadata with the cloud service. The model metadata may include, but not limited to, model name, creation and/or last training time, model architecture, configurations, training parameters, encryption keys, model versions and other related attributes. It may also provide information on which part of the model is to be encrypted, how to encrypt and/or decrypt it and what level of encryption may be required. The present disclosure relates to deployment of model weights securely from a GenAI platform to a cloud service by accessing the model metadata and a set of weights of a generative machine-learning, hereinafter as GenAI, model associated with a GenAI platform. These model weights may be encrypted using a first encryption key, also referred to as data encryption key (DEK), that may be provided in the model metadata. The model metadata and the encrypted set of weights may be stored in a cloud storage (e.g., GenAI platform object/model store) within the cloud that is dedicated to the GenAI platform, also termed as GenAI platform cloud tenancy. These encrypted model weights may be decrypted based on the model metadata by utilizing the first encryption key from the model metadata. Before storing the model weights from the GenAI platform cloud tenancy to a cloud storage in GenAI home region, the model weights may be encrypted again by utilizing a second encryption key. The GenAI home region may refer to a primary data center or a geographic region where a dedicated tenancy for GenAI development is established and managed within a cloud service. The second encryption key, also termed as key encryption key (KEK), for GenAI model weights may be managed independently by the GenAI cloud vault or key management service (KMS) within the GenAI home region. In some aspects, each