AI-powered Cyber Data Concealment and Targeted Mission Execution
US-2020007512-A1 · Jan 2, 2020 · US
Protecting artificial intelligence models using virtual secure mode
US10839069B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10839069-B2 |
| Application number | US-201816031715-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jul 10, 2018 |
| Priority date | Jul 10, 2018 |
| Publication date | Nov 17, 2020 |
| Grant date | Nov 17, 2020 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Described herein is a system and method for utilizing a virtual secure mode instance to protect an artificial intelligence model from unauthorized access (e.g., inspection, copying) during execution of an application utilizing the AI model (e.g., training and/or inference) on a client device. An encrypted artificial intelligence model is received in a virtual secure mode instance of the client device. The encrypted artificial intelligence model is decrypted in the virtual secure mode instance using a decryption secret. The decrypted artificial intelligence model is stored in the virtual secure mode instance. An application that utilizes the decrypted artificial intelligence model is executed (e.g., training and/or inference) in the virtual secure mode instance.
First claim
Opening claim text (preview).
What is claimed is: 1. A a client device comprising: a processor; and a memory having computer-executable instructions stored thereupon which, when executed by the processor, cause the client device to: receive an encrypted artificial intelligence model; using a decryption secret, decrypt the encrypted artificial intelligence model in a virtual secure mode instance; store the decrypted artificial intelligence model in the virtual secure mode instance; in the virtual secure mode instance, execute a first application operable to utilize the decrypted artificial intelligence model to obtain an output; and provide the output obtained by the first application in the virtual secure mode instance on the client device to a second application on the client device that is outside of the virtual secure mode instance. 2. The client device of claim 1 , the memory having further computer-executable instructions stored thereupon which, when executed by the processor, cause the client device to: receive, by the first application in the virtual secure mode instance, an input and an expected output, wherein executing the first application in the virtual secure mode instance comprises adapting the decrypted artificial intelligence model in accordance with the input and the expected output. 3. The client device of claim 2 , the memory having further computer-executable instructions stored thereupon which, when executed by the processor, cause the client device to: in the virtual secure mode instance, encrypt the adapted artificial intelligence model using an encryption secret; and provide the encrypted adapted artificial intelligence model to a host operating system on the client device that is outside of the virtual secure mode instance. 4. The client device of claim 3 , wherein the encryption secret and the decryption secret are different from each other. 5. The client device of claim 3 , wherein the encryption secret and the decryption secret are the same. 6. The client device of claim 1 , the memory having further computer-executable instructions stored thereupon which, when executed by the processor, cause the client device to: receive an input in the virtual secure mode instance; and infer the output using the decrypted artificial intelligence model in accordance with the input. 7. The client device of claim 1 , wherein the second application is configured to execute on a host operating system of the client device that cannot access memory of the virtual secure mode instance. 8. The client device of claim 1 , wherein the artificial intelligence model is a serialized format of a computation graph in accordance with the Open Neural Network Exchange standard. 9. The client device of claim 1 , wherein the decryption secret is pre-provisioned into the virtual secure mode instance by a developer of the artificial intelligence model. 10. The client device of claim 1 , wherein a hypervisor of the client device abstracts a host operating system of client device and the virtual secure mode instance from hardware of the client device. 11. A method performed on a client device, the method comprising: receiving an encrypted artificial intelligence model at the client device; using a decryption secret, decrypting the encrypted artificial intelligence model in a virtual secure mode instance on the client device; storing the decrypted artificial intelligence model in the virtual secure mode instance; in the virtual secure mode instance, executing a first application operable to utilize the decrypted artificial intelligence model to obtain an output; and providing the output obtained by the first application in the virtual secure mode instance on the client device to a second application on the client device that is outside of the virtual secure mode instance. 12. The method of claim 11 , further comprising: receiving, by the first application in the virtual secure mode instance, an input and an expected output, wherein executing the first application in the virtual secure mode instance comprises adapting the decrypted artificial intelligence model in accordance with the input and the expected output. 13. The method of claim 12 , further comprising: encrypting the adapted artificial intelligence model using an encryption secret in the virtual secure mode instance; and providing the encrypted adapted artificial intelligence model to a host operating system on the client device that is outside of the virtual secure mode instance. 14. The method of claim 13 , wherein the encryption secret and the decryption secret are different from each other. 15. The method of claim 11 , further comprising: receiving an input in the virtual secure mode instance, wherein executing the first application in the virtual secure mode instance comprises inferring the output using the decrypted artificial intelligence model in accordance with the input. 16. The method of claim 11 , wherein the second application is configured to execute on a host operating system of the client device, the virtual secure mode instance comprises a sequestered process, and the host operating system cannot access memory of the sequestered process. 17. A computer storage media storing computer-readable instructions that, when executed, cause a computing device to: receive an encrypted artificial intelligence model at a client device; decrypt the encrypted artificial intelligence model in a virtual secure mode instance on the client device using a decryption secret; store the decrypted artificial intelligence model in the virtual secure mode instance; in the virtual secure mode instance, execute a first application operable to utilize the decrypted artificial intelligence model to obtain an output; and provide the output obtained by the first application on the client device in the virtual secure mode instance to a second application on the client device that is outside of the virtual secure mode instance. 18. The computer storage media of claim 17 storing further computer-readable instructions that, when executed, cause the computing device to: receive, by the first application in the virtual secure mode instance, an input and an expected output, wherein executing the first application in the virtual secure mode instance comprises adapting the decrypted artificial intelligence model in accordance with the input and the expected output. 19. The computer storage media of claim 18 storing further computer-readable instructions that, when executed, cause the computing device to: encrypt the adapted artificial intelligence model using an encryption secret in the virtual secure mode instance; and provide the encrypted adapted artificial intelligence model to a host operating system on the client device that is outside of the virtual secure mode instance. 20. The computer storage media of claim 17 storing further computer-readable instructions that, when executed, cause the computing device to: receive an input in the virtual secure mode instance; and infer the output using the decrypted artificial intelligence model in accordance with the input.
Assignees
Inventors
Classifications
at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability · CPC title
- G06F21/53Primary
by executing in a restricted environment, e.g. sandbox or secure virtual machine · CPC title
- G06F21/14Primary
against software analysis or reverse engineering, e.g. by obfuscation · CPC title
to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself · CPC title
Hypervisor-specific management and integration aspects · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10839069B2 cover?
- Described herein is a system and method for utilizing a virtual secure mode instance to protect an artificial intelligence model from unauthorized access (e.g., inspection, copying) during execution of an application utilizing the AI model (e.g., training and/or inference) on a client device. An encrypted artificial intelligence model is received in a virtual secure mode instance of the client …
- Who is the assignee on this patent?
- Microsoft Technology Licensing Llc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/53. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Nov 17 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 7 related publications on this page (citations in our corpus or others sharing the same primary CPC).