WO2022016434A1

WO2022016434A1 - Device deregistration method, device registration method, communication device and cloud platform

Info

Publication number: WO2022016434A1
Application number: PCT/CN2020/103630
Authority: WO
Inventors: 吕小强
Original assignee: Oppo广东移动通信有限公司
Priority date: 2020-07-22
Filing date: 2020-07-22
Publication date: 2022-01-27
Also published as: CN115699678A

Abstract

The present application relates to a device deregistration method, a device registration method, a communication device and a cloud platform. The device deregistration method comprises: a first device sending a deregistration request to a cloud platform, wherein the deregistration request comprises verification information, and certificate information of a second device, so that the cloud platform deregisters the second device. By means of the embodiments of the present application, the first device initiates, to the cloud platform, the deregistration request that comprises the verification information, and the certificate information of the second device, so that the second device can be deregistered on the cloud platform without the need for the device to actively initiate deregistration, thereby improving the security of the device that accesses the cloud platform.

Description

Method for device deregistration, method for device registration, communication device and cloud platform

technical field

The present application relates to the field of communications, and more particularly, to a method for deregistering a device, a method for registering a device, a communication device, and a cloud platform.

Background technique

Before the device can be controlled through the cloud platform, the device needs to be registered with the cloud platform. The cloud platform assigns an access token to the device during the registration process. The device may then publish its own resource information to the cloud platform so that other devices can discover and subscribe. Corresponding to the cloud registration (registration) process is the cloud deregistration (deregistration) process. After a device is deregistered on the cloud platform, the device can no longer connect to the cloud platform. Usually, the device initiates the logout process. Therefore, when the user's device is accidentally lost or maliciously stolen, the malicious user can use the device to control and access other devices registered on the cloud platform by the user who lost the device. loss to users.

SUMMARY OF THE INVENTION

The embodiments of the present application provide a method for deregistering a device, a method for registering a device, a communication device and a cloud platform, which can improve the security of devices accessing the cloud platform.

An embodiment of the present application provides a method for deregistering a device, including:

The first device sends a logout request to the cloud platform, where the logout request includes authentication information and credential information of the second device, so that the cloud platform logs out the second device.

The cloud platform receives a logout request from the first device, where the logout request includes verification information and credential information of the second device;

The cloud platform deregisters the second device according to the verification information and the credential information of the second device.

An embodiment of the present application provides a method for device registration, which further includes:

The first device sends credential information to the second device to configure the credential information in the CCC resource of the second device, and the CCC resource of the second device is used to complete the registration of the second device in the cloud platform.

The second device receives the credential information;

The second device configures the credential information in the CCC resource of the second device;

The second device registers with the cloud platform based on the CCC resource.

An embodiment of the present application provides a communication device, including:

The sending unit is configured to send a logout request to the cloud platform, where the logout request includes authentication information and credential information of the second device, so that the cloud platform can logout the second device.

The embodiments of the present application provide a cloud platform, including:

a receiving unit, configured to receive a logout request from the first device, where the logout request includes authentication information and credential information of the second device;

A logout unit, configured to logout the second device according to the verification information and the credential information of the second device.

A sending unit, configured to send credential information to the second device, so as to configure the credential information in the CCC resource of the second device, and the CCC resource of the second device is used to complete the registration of the second device in the cloud platform.

Embodiments of the present application provide a communication device, including:

a receiving unit for receiving credential information;

a configuration unit, configured to configure the credential information in the CCC resource of the communication device;

The registration unit is used to register with the cloud platform based on the CCC resource.

Embodiments of the present application provide a communication device including a processor and a memory. The memory is used for storing a computer program, and the processor is used for calling and running the computer program stored in the memory, so that the communication device executes the above-mentioned method for device logout or device registration method.

Embodiments of the present application provide a cloud platform, including a processor and a memory. The memory is used for storing a computer program, and the processor is used for calling and running the computer program stored in the memory, so that the cloud platform executes the above-mentioned method for deregistering the device.

An embodiment of the present application provides a chip, which is used to implement the above-mentioned method for deregistering a device or a method for registering a device.

Specifically, the chip includes: a processor for invoking and running a computer program from the memory, so that a device installed with the chip executes the above-mentioned method for deregistering a device or a method for registering a device.

Embodiments of the present application provide a computer-readable storage medium for storing a computer program, which, when the computer program is run by a device, causes the device to execute the above-mentioned method for deregistering a device or a method for registering a device.

An embodiment of the present application provides a computer program product, including computer program instructions, and the computer program instructions cause a computer to execute the above-mentioned method for deregistering a device or a method for registering a device.

An embodiment of the present application provides a computer program, which, when running on a computer, enables the computer to execute the above-mentioned method for deregistering a device or a method for registering a device.

In this embodiment of the present application, the first device initiates a logout request including verification information and credential information of the second device to the cloud platform, and the second device can be logged out on the cloud platform without the device itself actively initiating logout, thereby improving access to the cloud. Platform device security.

Description of drawings

FIG. 1 is a schematic diagram of an application scenario according to an embodiment of the present application.

FIG. 2 is a schematic flowchart of a method for deregistering a device according to an embodiment of the present application.

FIG. 3 is a schematic flowchart of a method for deregistering a device according to another embodiment of the present application.

FIG. 4 is a schematic flowchart of a method for device registration according to an embodiment of the present application.

FIG. 5 is a schematic flowchart of a method for device registration according to another embodiment of the present application.

FIG. 6 is a schematic flowchart according to a device registration process.

FIG. 7 is a schematic flowchart according to Example 1. FIG.

FIG. 8 is a schematic flowchart according to Example 2. FIG.

FIG. 9 is a schematic block diagram of a communication device according to an embodiment of the present application.

FIG. 10 is a schematic block diagram of a communication device according to another embodiment of the present application.

FIG. 11 is a schematic block diagram of a cloud platform according to an embodiment of the present application.

FIG. 12 is a schematic block diagram of a cloud platform according to another embodiment of the present application.

FIG. 13 is a schematic block diagram of a communication device according to another embodiment of the present application.

FIG. 14 is a schematic block diagram of a communication device according to another embodiment of the present application.

FIG. 15 is a schematic block diagram of a communication device according to another embodiment of the present application.

FIG. 16 is a schematic block diagram of a communication device according to an embodiment of the present application.

FIG. 17 is a schematic block diagram of a chip according to an embodiment of the present application.

FIG. 18 is a schematic block diagram of a communication system according to an embodiment of the present application.

detailed description

The technical solutions in the embodiments of the present application will be described below with reference to the accompanying drawings in the embodiments of the present application.

The technical solutions of the embodiments of the present application can be applied to various communication systems, for example: a Global System of Mobile communication (GSM) system, a Code Division Multiple Access (CDMA) system, a wideband Code Division Multiple Access (CDMA) system (Wideband Code Division Multiple Access, WCDMA) system, General Packet Radio Service (General Packet Radio Service, GPRS), Long Term Evolution (Long Term Evolution, LTE) system, Advanced Long Term Evolution (Advanced long term evolution, LTE-A) system , New Radio (NR) system, evolution system of NR system, LTE (LTE-based access to unlicensed spectrum, LTE-U) system on unlicensed spectrum, NR (NR-based access to unlicensed spectrum) unlicensed spectrum, NR-U) system, Non-Terrestrial Networks (NTN) system, Universal Mobile Telecommunication System (UMTS), Wireless Local Area Networks (WLAN), Wireless Fidelity (Wireless Fidelity, WiFi), fifth-generation communication (5th-Generation, 5G) system or other communication systems, etc.

Generally speaking, traditional communication systems support a limited number of connections and are easy to implement. However, with the development of communication technology, mobile communication systems will not only support traditional communication, but also support, for example, Device to Device (Device to Device, D2D) communication, Machine to Machine (M2M) communication, Machine Type Communication (MTC), Vehicle to Vehicle (V2V) communication, or Vehicle to everything (V2X) communication, etc. , the embodiments of the present application can also be applied to these communication systems.

Optionally, the communication system in this embodiment of the present application may be applied to a carrier aggregation (Carrier Aggregation, CA) scenario, a dual connectivity (Dual Connectivity, DC) scenario, or a standalone (Standalone, SA) distribution. web scene.

Optionally, the communication system in the embodiment of the present application may be applied to an unlicensed spectrum, where the unlicensed spectrum may also be considered as a shared spectrum; or, the communication system in the embodiment of the present application may also be applied to a licensed spectrum, where, Licensed spectrum can also be considered unshared spectrum.

The embodiments of the present application describe various embodiments in conjunction with network equipment and terminal equipment, where the terminal equipment may also be referred to as user equipment (User Equipment, UE), access terminal, subscriber unit, subscriber station, mobile station, mobile station, remote station, remote terminal, mobile device, user terminal, terminal, wireless communication device, user agent or user device, etc.

The terminal device can be a station (STAION, ST) in the WLAN, can be a cellular phone, a cordless phone, a Session Initiation Protocol (SIP) phone, a Wireless Local Loop (WLL) station, a personal digital processing (Personal Digital Assistant, PDA) devices, handheld devices with wireless communication capabilities, computing devices or other processing devices connected to wireless modems, in-vehicle devices, wearable devices, next-generation communication systems such as end devices in NR networks, or future Terminal equipment in the evolved public land mobile network (Public Land Mobile Network, PLMN) network, etc.

In this embodiment of the present application, the terminal device can be deployed on land, including indoor or outdoor, handheld, wearable, or vehicle-mounted; it can also be deployed on water (such as ships, etc.); it can also be deployed in the air (such as airplanes, balloons, and satellites) superior).

In this embodiment of the present application, the terminal device may be a mobile phone (Mobile Phone), a tablet computer (Pad), a computer with a wireless transceiver function, a virtual reality (Virtual Reality, VR) terminal device, and an augmented reality (Augmented Reality, AR) terminal Equipment, wireless terminal equipment in industrial control, wireless terminal equipment in self driving, wireless terminal equipment in remote medical, wireless terminal equipment in smart grid , wireless terminal equipment in transportation safety, wireless terminal equipment in smart city or wireless terminal equipment in smart home, etc.

As an example and not a limitation, in this embodiment of the present application, the terminal device may also be a wearable device. Wearable devices can also be called wearable smart devices, which are the general term for the intelligent design of daily wear and the development of wearable devices using wearable technology, such as glasses, gloves, watches, clothing and shoes. A wearable device is a portable device that is worn directly on the body or integrated into the user's clothing or accessories. Wearable device is not only a hardware device, but also realizes powerful functions through software support, data interaction, and cloud interaction. In a broad sense, wearable smart devices include full-featured, large-scale, complete or partial functions without relying on smart phones, such as smart watches or smart glasses, and only focus on a certain type of application function, which needs to cooperate with other devices such as smart phones. Use, such as all kinds of smart bracelets, smart jewelry, etc. for physical sign monitoring.

In this embodiment of the present application, the network device may be a device for communicating with a mobile device, and the network device may be an access point (Access Point, AP) in WLAN, or a base station (Base Transceiver Station, BTS) in GSM or CDMA , it can also be a base station (NodeB, NB) in WCDMA, it can also be an evolved base station (Evolutional Node B, eNB or eNodeB) in LTE, or a relay station or access point, or in-vehicle equipment, wearable devices and NR networks The network equipment (gNB) in the PLMN network in the future evolution or the network equipment in the NTN network, etc.

As an example and not a limitation, in this embodiment of the present application, the network device may have a mobile feature, for example, the network device may be a mobile device. Optionally, the network device may be a satellite or a balloon station. For example, the satellite may be a low earth orbit (LEO) satellite, a medium earth orbit (MEO) satellite, a geostationary earth orbit (GEO) satellite, a High Elliptical Orbit (HEO) ) satellite etc. Optionally, the network device may also be a base station set in a location such as land or water.

In this embodiment of the present application, a network device may provide services for a cell, and a terminal device communicates with the network device through transmission resources (for example, frequency domain resources, or spectrum resources) used by the cell, and the cell may be a network device ( For example, the cell corresponding to the base station), the cell can belong to the macro base station, or it can belong to the base station corresponding to the small cell (Small cell). Pico cell), Femto cell (Femto cell), etc. These small cells have the characteristics of small coverage and low transmission power, and are suitable for providing high-speed data transmission services.

FIG. 1 exemplarily shows a communication system 100 . The communication system includes one network device 110 and two terminal devices 120 . Optionally, the communication system 100 may include multiple network devices 110, and the coverage of each network device 110 may include other numbers of terminal devices 120, which are not limited in this embodiment of the present application.

Optionally, the communication system 100 may further include a mobility management entity (Mobility Management Entity, MME), an access and mobility management function (Access and Mobility Management Function, AMF) and other network entities, to which the embodiments of the present application Not limited.

Wherein, the network equipment may further include access network equipment and core network equipment. That is, the wireless communication system further includes a plurality of core networks for communicating with the access network equipment. The access network equipment may be a long-term evolution (long-term evolution, LTE) system, a next-generation (mobile communication system) (next radio, NR) system, or an authorized auxiliary access long-term evolution (authorized auxiliary access long-term evolution, LAA- The evolved base station (evolutional node B, may be referred to as eNB or e-NodeB for short) in the LTE) system is a macro base station, a micro base station (also called a "small base station"), a pico base station, an access point (AP), Transmission site (transmission point, TP) or new generation base station (new generation Node B, gNodeB), etc.

It should be understood that, in the embodiments of the present application, a device having a communication function in the network/system may be referred to as a communication device. Taking the communication system shown in FIG. 1 as an example, the communication device may include a network device and a terminal device with a communication function, and the network device and the terminal device may be specific devices described in the embodiments of the present invention, which will not be repeated here; The device may also include other devices in the communication system, for example, other network entities such as a network controller and a mobility management entity, which are not limited in this embodiment of the present application.

It should be understood that the terms "system" and "network" are often used interchangeably herein. The term "and/or" in this article is only an association relationship to describe the associated objects, indicating that there can be three kinds of relationships, for example, A and/or B, it can mean that A exists alone, A and B exist at the same time, and A and B exist independently B these three cases. In addition, the character "/" in this document generally indicates that the related objects are an "or" relationship.

It should be understood that the "instruction" mentioned in the embodiments of the present application may be a direct instruction, an indirect instruction, or an associated relationship. For example, if A indicates B, it can indicate that A directly indicates B, for example, B can be obtained through A; it can also indicate that A indicates B indirectly, such as A indicates C, and B can be obtained through C; it can also indicate that there is an association between A and B relation.

In the description of the embodiments of the present application, the term "corresponding" may indicate that there is a direct or indirect corresponding relationship between the two, or may indicate that there is an associated relationship between the two, or indicate and be instructed, configure and be instructed configuration, etc.

In order to facilitate the understanding of the technical solutions of the embodiments of the present application, the related technologies of the embodiments of the present application are described below. The following related technologies can be arbitrarily combined with the technical solutions of the embodiments of the present application as optional solutions, which all belong to the embodiments of the present application. protected range.

FIG. 2 is a schematic flowchart of a method 200 for deregistering a device according to an embodiment of the present application. The method can optionally be applied to the system shown in Figure 1, but is not limited thereto. The method includes at least some of the following.

S210: The first device sends a logout request to the cloud platform, where the logout request includes authentication information and credential information of the second device, so that the cloud platform logs out the second device.

Exemplarily, if the second device is a device that has completed registration on the cloud platform but needs to be deregistered. Information such as account resources, session resources, and update resources of the second device may be saved on the cloud platform. Credential information of the second device may be stored in the account resource of the second device. The credential information may be used to log out the device on the cloud platform, and may also be referred to as logout credential information. The first device is a device capable of initiating deregistration of other devices. By sending a logout request to the cloud platform by the first device, logout of the second device on the cloud platform can be implemented. The verification information included in the logout request can be used to verify whether the first device that initiates the logout request is allowed to access the cloud platform. If the verification result is that the first device is allowed to access the cloud platform, the first device is a legitimate device. Then, the account resources, session resources, update resources and other information including the credential information of the second device in the logout request can be found on the cloud platform, and the information such as the account resources, session resources, and update resources of the second device can be deleted on the cloud platform, Thereby, the second device is deregistered. In addition, if the verification result is that the first device is not allowed to access the cloud platform, and the first device is an illegal device, the second device is not allowed to be deregistered on the cloud platform.

Optionally, in this embodiment of the present application, the verification information includes a user identification and/or a device identification.

Exemplarily, if different devices of the same user have their own unique credential information, the user identity and the device identity can be verified on the cloud platform. If multiple different devices of the same user have the same credential information, the cloud platform can only verify the user identity. The user identification in the verification information may include identification information of the user registered in the cloud platform, such as user name, nickname, and the like. The device identification in the verification information may include identification information of the device used by the user registered in the cloud platform, for example, the unique identification of the device represented by a character string, and the like. If the second device needs to be logged out, the verification information may include the user identification and/or the device identification of the second device. The account resource corresponding to the user ID and/or device ID can be searched on the cloud platform, and the credential information in the account resource is compared with the credential information in the logout request. If they are the same, the second device is allowed to be logged out.

Optionally, in this embodiment of the present application, the verification information further includes an access token of the first device, where the access token is used to verify whether the first device is allowed to access the cloud platform.

The authentication information may include the access token of the device that initiated the logout request. Exemplarily, the access token of the device may be distributed by the cloud platform for the device during the process of registering the device with the cloud platform. The cloud platform verifies the access token of the device to determine whether the device is allowed to access the cloud platform.

Optionally, in this embodiment of the present application, the credential information includes credential content and credential type. For example, the credential content may include information such as specific numbers or characters of the password set by the user, and the credential type may include the password type. The credential type can also be other types, which can be set according to the needs of the actual application scenario.

Optionally, in this embodiment of the present application, the logout request further includes a logout type, and when the logout type is self-logout, the verification information includes the user ID, device ID, and access token of the first device. at least one of.

For example, in the case of self-logout, the logout request sent by the first device to the cloud platform includes that the logout type is self-logout, and also includes at least one of the user ID, device ID, and access token of the first device. After receiving the logout request, the cloud platform can delete information such as account resources, session resources, and update resources of the first device to logout the first device.

Optionally, in this embodiment of the present application, when the logout type is a third-party logout, the verification information includes the user ID of the second device, the device ID of the second device, and the access token of the first device. at least one of the cards.

For example, in the case of a third-party logout, the logout request sent by the first device to the cloud platform includes the logout type as third-party logout, and also includes the user ID of the second device, the device ID of the second device, and the access of the first device. at least one of the tokens. After the cloud platform receives the logout request, it can first verify the access token of the first device to confirm whether the device is allowed to access the cloud platform. If permitted, information such as account resources, session resources, and update resources of the second device may be searched according to the user identifier of the second device and/or the device identifier of the second device. If the credential content in the account resource of the second device is consistent with the credential content in the logout request, delete the account resource, session resource, update resource and other information of the second device on the cloud platform to logout the second device.

Optionally, in this embodiment of the present application, the credential information of the second device is generated by the first device.

Optionally, in this embodiment of the present application, the credential information of the second device is stored on the first device.

Exemplarily, the first device may generate and save credential information of the second device, and in the case of needing to log out of the second device, obtain the credential information of the second device locally on the first device, and initiate a logout request. Of course, the first device may not save the credential information of the second device, and obtain the credential information of the second device when a logout request needs to be initiated. For example, the first device first obtains credential information such as the logout password of the second device input by the user, and then initiates a logout request. For another example, the first device obtains the credential information of the second device from other devices, and then initiates a logout request.

Optionally, in this embodiment of the present application, the method further includes:

The first device sends a credential creation request to the cloud platform, where the credential creation request includes credential information of the second device.

Exemplarily, after generating the credential information of the second device, the first device may send a credential creation request to the cloud platform in the device registration stage, so as to save the credential information of the second device on the cloud platform. In this case, the first device may or may not store the credential information of the second device.

An instance of a logout resource may be generated on the cloud platform, and the logout resource may include user identification, credential information, etc., and may also include a device identification. After the cloud platform receives the credential creation request, it can directly add the credential information of the second device to the logout resource; it can also judge whether the credential information of the second device has been saved, and if so, it is not necessary to add it repeatedly. Specifically, the credential creation request may also include a user ID and/or a device ID, and it can be determined whether the user ID and/or device ID already have corresponding credential information. Credential information of the second device.

The first device sends credential information to the second device to configure the credential information in the cloud platform registration configuration (Coap Cloud Configuration, CCC) resource of the second device, and the CCC resource of the second device is used to complete the The registration of the second device in the cloud platform. Among them, the CCC resource can be used to configure the information of the new device registration cloud platform, and can also be called a cloud platform configuration resource based on Coap (Constrained Application Protocol, Constrained Application Protocol).

Exemplarily, if the first device generates credential information of the second device, the first device may configure the CCC resource of the second device, and configure the credential information of the second device into the CCC resource of the second device. Then, the second device may initiate registration with the cloud platform based on the CCC resource.

The first device acquires the credential information of the second device from the third device, and the credential information of the second device is generated by the third device.

Exemplarily, if the third device generates credential information of the second device, the third device may configure the CCC resource of the second device, and configure the credential information of the second device into the CCC resource of the second device. Then, the second device may initiate registration with the cloud platform based on the CCC resource. If the third device saves the credential information of the second device. The first device may acquire credential information of the second device from the third device, and initiates a logout request for logout of the second device.

Optionally, OBT may be installed on a device capable of generating credential information of the second device, which may also be referred to as an OBT device. The OBT device may guide the generation process of the credential information of the second device.

The first device sends the credential information of the second device to the fourth device for storage.

Exemplarily, the fourth device may not be an OBT device, but a device that has established a communication connection with the first device. If the first device sends the credential information of the second device to the fourth device for storage, and the fourth device is also a legal device registered on the cloud platform, the fourth device may also initiate a logout request for logout of the second device .

Optionally, in this embodiment of the present application, credential information of multiple second devices is the same.

Exemplarily, credential information of multiple devices of a user may be the same. In this case, the cloud platform may store the correspondence between the user ID and the credential information, and may also store the correspondence between the user ID, the device ID and the credential information. The logout request may include user identification, device identification and credential information.

Optionally, in this embodiment of the present application, the credential information of each of the second devices is different.

Exemplarily, multiple devices of a user respectively have their own credential information. In this case, the corresponding relationship between user ID, device ID and credential information can be saved on the cloud platform. The logout request may include user identification, device identification and credential information.

In this embodiment of the present application, the first device initiates a logout request including verification information and credential information of the second device to the cloud platform, and the second device can be logged out on the cloud platform without the device itself actively initiating logout, thereby improving access to the cloud. Platform device security. For example, in the case that the target device is lost or occupied by others, the third-party device can be used to initiate the logout of the target device to ensure the data security of the target device on the cloud platform.

FIG. 3 is a schematic flowchart of a method 300 for deregistering a device according to an embodiment of the present application. The method can optionally be applied to the system shown in Figure 1, but is not limited thereto. The method includes at least some of the following.

S310: The cloud platform receives a logout request from the first device, where the logout request includes verification information and credential information of the second device;

S320: The cloud platform deregisters the second device according to the verification information and the credential information of the second device.

Exemplarily, the verification information may be used to verify whether the first device that initiates the logout request is allowed to access the cloud platform. If the verification result is that the first device is allowed to access the cloud platform, the first device is a legitimate device. Then, the account resources, session resources, update resources and other information including the credential information of the second device in the logout request can be found on the cloud platform, and the information such as the account resources, session resources, and update resources of the second device can be deleted on the cloud platform, Thereby, the second device is deregistered. In addition, if the verification result is that the first device is not allowed to access the cloud platform, and the first device is an illegal device, the second device is not allowed to be deregistered on the cloud platform.

The user identification in the verification information may include identification information of the user registered in the cloud platform. The device identification in the verification information may include identification information of the device used by the user registered in the cloud platform. If the second device needs to be logged out, the verification information may include the user identification and/or the device identification of the second device. The account resource corresponding to the user ID and/or device ID can be searched on the cloud platform, and the credential information in the account resource is compared with the credential information in the logout request. If they are the same, the second device is allowed to be logged out.

Optionally, in this embodiment of the present application, the verification information further includes an access token of the first device, and the method further includes:

The cloud platform verifies the access token of the first device to determine whether the first device is allowed to access the cloud platform.

Optionally, in this embodiment of the present application, the credential information includes credential content and credential type.

In the case that the logout type is self logout, the cloud platform verifies whether the verification information includes at least one of the user identification, device identification and access token of the first device.

In the case that the logout type is third-party logout, the cloud platform verifies whether the verification information includes the user ID of the second device, the device ID of the second device, and the access token of the first device, and verifies the Verify whether the credential information in the request is consistent with the credential content corresponding to the user identifier and/or the device identifier of the second device in the account resource stored in the cloud platform.

The cloud platform receives a credential creation request from the first device, where the credential creation request includes credential information of the second device, and the credential information of the second device is generated on the first device.

The cloud platform receives a credential creation request from a third device, where the credential creation request includes credential information of the second device, and the credential information of the second device is generated on the third device.

The cloud platform uses the CCC resource of the second device to complete the registration of the second device, and the CCC resource of the second device is configured with credential information of the second device.

Optionally, in this embodiment of the present application, the manner of deregistering the second device includes deleting at least one of the following resources of the second device:

Account resources of the second device, where the account resources include credential information;

session resources of the second device;

refresh resources of the second device.

The same descriptions in the cloud platform execution method 300 in this embodiment have the same meanings as those in the foregoing method 200 . For details, please refer to the relevant description about the cloud platform in the foregoing method 200 , which will not be repeated here for brevity.

FIG. 4 is a schematic flowchart of a method 400 for device registration according to an embodiment of the present application. The method can optionally be applied to the system shown in Figure 1, but is not limited thereto. The method includes at least some of the following.

S410: The first device sends credential information to the second device to configure the credential information in the CCC resource of the second device, and the CCC resource of the second device is used to complete the registration of the second device in the cloud platform .

The first device generates credential information for the second device.

The first device stores credential information of the second device.

The descriptions in the method 400 for executing the first device in this embodiment have the same meaning as those in the foregoing

methods

200 and 300. For details, please refer to the relevant descriptions about the first device in the foregoing

methods

200 and 300. Repeat.

In this embodiment, in the process of device registration, the first device may save the credential information of the second device to the cloud platform or a peer device such as the above-mentioned fourth device. In this way, in the subsequent process of device logout, the first device may initiate a logout process for the second device, see method 200 . Other devices, such as the fourth device, may also initiate a logout process for the second device, and the fourth device sends a logout request including credential information of the second device to the cloud platform to complete the logout of the second device.

FIG. 5 is a schematic flowchart of a method 500 for device registration according to an embodiment of the present application. The method can optionally be applied to the system shown in Figure 1, but is not limited thereto. The method includes at least some of the following.

S510: The second device receives the credential information;

S520: the second device configures the credential information in the CCC resource of the second device;

S530: The second device registers with the cloud platform based on the CCC resource.

Exemplarily, the second device may receive the credential information from the device that generates the credential information of the second device in the above embodiment. For example, the second device receives credential information for the second device from the first device or the third device. Then, the second device configures the received credential information in its own CCC resource, and in the process of registering with the cloud platform, the second device may register with the cloud platform based on the CCC resource.

The descriptions in the second device execution method 500 in this embodiment have the same meaning as those in the foregoing

methods

200 , 300 and 400 . For details, please refer to the relevant descriptions about the second device in the foregoing

methods

200 , 300 and 400 . For the sake of brevity , and will not be repeated here.

The following are examples of specific application scenarios:

As shown in Figure 6, the device registration process may specifically include:

1. The configurator (Mediator) obtains the access token of the cloud platform (cloud) such as OCF (Open Cloud Fabric, Open Cloud Network Architecture) cloud platform user from the Authorisation Server (Authorisation Server) or the Authorisation Provider (Authorisation Provider) ). Create a user account for the OCF cloud platform (cloud).

2. The configurator (Mediator) initiates the configurator registration (Mediator Registration) to the OCF cloud platform.

3. The configurator (Mediator) sends cloud configuration information (Cloud Configuration) to the OCF resource server (Resource Server), including cloud IP (Cloud IP), access token (Access token), etc. The configurator (Mediator) provides the CCC resource "oic.r.coapcloudconf" on the device, which includes the access token, the URL of the OCF cloud platform, the identification (uuid) of the OCF cloud platform, and an optional authorization provider name, etc.

4. The OCF resource server establishes a TLS session (Session) to the OCF cloud platform.

5. The OCF resource server sends an access token and a device ID (Device ID) to the OCF cloud platform for device registration (Device Registration) and resource publishing (Resource Publish).

6. Validate the token in the OCF cloud platform. For example, the cloud platform may include a correspondence table of tokens, device IDs, and user IDs (User ID), etc., and the registration request can be verified by OCF cloud by using this table, see Table 1.

Table 1

Token(令牌)Token	DIDDID	UIDUID
A0001A0001	0xA71CE0xA71CE	U0001U0001
……...	……...	……...

7. The cloud platform shares the user's authentication information (Authentication) with the authorization server (Authorisation Server), including access tokens, user IDs, etc.

Corresponding to the cloud registration process is the cloud logout process, that is, after logging out a device on the cloud platform, the device can no longer connect to the cloud platform. Specifically, the device can send a deregistration request message to the cloud platform, and the message can carry an access token (AccessToken), UID (User ID, user ID) or DID (Device ID, device ID); or only carry access token. After the cloud platform (Cloud) receives the above information, it will delete the corresponding registration record and delete the corresponding content published by the device in the RD (Resource Directory) of the cloud platform (Cloud) (if it has been published) .

The following describes the resource information related to the cloud platform:

Coapcloudconf resource (referred to as CCC resource or cloud platform registration configuration resource, which is the information for configuring new device registration cloud platform): This resource is used for OBT (Onboarding Tool) devices to configure this resource on new devices. Then the new device is registered with the cloud platform according to the configuration information of OBT. The configuration information of OBT can include information such as access token, SID (Cloud ID, cloud platform identification such as cloud platform UUID), SURL (Cloud URL, cloud platform URL).

Account resource: The resource of the device's registration information on the cloud platform, including one or more of UID, DID, and access token.

In this embodiment of the present application, the OBT installed in the device can be used to implement device deregistration, which mainly includes the following methods:

1. The OBT generates a third-party deregistration credential, and may save the third-party credential in a cloud platform resource such as a deregister resource.

2. OBT configures the third-party logout credential to the account resource corresponding to the new device on the cloud platform; adds the credential attribute to the account resource. ;

3. OBT configures the third-party logout credential to the peer Device (or third-party device).

4. The peer device or third-party device initiates the third-party logout process.

Therefore, the embodiment of the present application mainly uses a third-party device to complete the logout of the target device (Target Device).

Scenario Example 1:

As shown in FIG. 7 , in Example 1, in the device registration and deregistration stage of the cloud platform (Cloud, also referred to as the cloud), it may specifically include:

OBT cloud registration stage:

S11. During the process of registering the OBT to the cloud platform, a third-party deregistration credential request may be sent to the cloud platform, and a deregister resource instance, such as oic/sec/deregister resource, is generated on the cloud platform. The logout resource may include the following attribute information: UID (User ID), logout credential information, and the like. The logout credential information may include credential (credential content); and may also include credentialType (credential type). Wherein, the credential type may include password (password) or other methods. OBT can customize the credential (credential content) and send it to the cloud platform through an Update (Update) message, instructing to update /oic/sec/deregister{UID,credentialType,credential}. For example, the update message may be a Post message in CoAP (Constrained Application Protocol, Constrained Application Protocol) or HTTP (HyperText Transfer Protocol, Hypertext Transfer Protocol). This stage completes the registration of the OBT device on the cloud, and generates credential information that can initiate a third-party logout process during the registration process, including credential content and credential type (password), etc. During this process, the credential content and/or credential type Can not save on OBT device.

S12, the cloud platform performs authentication and saves the UID, the credential type, and the credential content into the logout resource and the account resource. After the cloud platform receives the above attribute information, it can first confirm whether the UID has registered the content of the certificate and/or the type of the certificate. Then add the above attribute information UID, credential content, etc. to the logout resource. If this process is completed during the registration of OBT to the cloud platform, you can add a credential parameter to the account resource corresponding to the OBT device, such as the /oic/sec/account resource. For example, add a parameter credential to the account resource, and save the credential information for third-party logout in the credential parameter. Then, the cloud platform can return a third-party logout credential creation response to the third-party device to notify the credential creation result.

If the same credential is generated for all devices of the same user, the above process is followed. If a different credential is generated for each device (for example, a different password is randomly generated), a device identification DID parameter can be added to the deregister resource.

S13. After the certificate is generated, when OBT configures a new device, it will configure the content of the certificate in the CCC resource of the device, and then the new device registers the content of the certificate into the logout resource; the new device uses the CCC resource to configure the new device on the cloud platform in the account resources on .

Third-party cancellation stage:

S14. When the third-party device (which may or may not have OBT) acquires the DID of the device to be deregistered (after the above-mentioned new device is successfully registered, it is called the device to be deregistered in the deregistration stage). The third-party device can obtain the DID of the device to be deregistered, such as the lost device, in various ways. For example, the DID of the device to be deregistered has been saved locally in the third-party device. Another example is that the user reads it from other devices and inputs it on a third-party device.

S15. The third-party device initiates a logout request. The logout request carries UID and/or DID, access token (AccessToken), logout credential (credential) information, and the like.

For example, the initiated third-party logout request is a delete (Delete) message, indicating deletion of /oic/sec/account{UserID, DeviceID, accessToken, Credential, DisregisterType}. Among them, UserID is the user ID, DeviceID is the ID of the device to be deregistered, accessToken is the access token of the party initiating the deregistration, Credential is the content of the credential, and DisregisterType is the deregistration type.

In this example, you can also increase the deregistration type (DeregisterType) parameter. For example, the DeregisterType parameter is carried in the third-party Device logout request, and this parameter can be placed in the query part of the request. DeregisterType can be an enumeration type containing two values: self-dereg (self-deregistration, or self-deregistration) and 3rd-dereg (third-party deregistration, or his-deregistration). In theory, a device that can obtain the content of the credential, such as a client (client), can initiate a logout request; add the DisregisterType parameter to the request. If the value of this parameter is "self-dereg", the device identification DID shall be the DID of the logout initiator, and the access token shall be the access token of the logout initiator. If the value of this parameter is "3rd-dereg", the DID is the DID of the device to be deregistered, and the access token is the access token of the party that initiated the deregistration.

S16. If the logout type is "self-dereg", follow the general logout process to complete the logout of the device itself.

S17. If the logout type is "3rd-dereg", it is necessary to authenticate whether the access token is the access token of the party initiating the logout, and whether the content of the certificate is correct. The DID of the request initiator can also be obtained here; the cloud platform can easily obtain the DID of the request initiator. In addition, the cloud platform can determine whether the two match according to the content of the certificate corresponding to the DID of the device to be cancelled and the content of the certificate in the cancellation request.

In addition, DisregisterType may not be added, and it is mainly based on the content of the certificate to distinguish whether it is self-deregistration or he deregisters.

S18. If there is a match, delete the account resource, session (Session) resource, refresh (refresh) resource, etc. corresponding to the device to be deregistered, and complete the deregistration of the device. Then, the cloud platform can return a third-party logout response to the third-party device to notify the logout success or failure.

Scenario Example 2:

The main differences between Example 2 and Example 1 include: a deregister resource can not be generated separately on the cloud platform to store the deregistration credential information; in another device.

As shown in Figure 8, in Example 2, in the device registration and deregistration stage of the cloud platform, the following steps may be specifically included:

OBT cloud registration stage:

S21. The OBT locally generates a third-party cancellation credential (credential).

S22. When the OBT configures other devices, configure the above-mentioned third-party logout credential information to the CCC resources of the new device. For example, send an update message indicating that /oic/sec/ccc{at,credential} is updated. The new device returns a reply configuring the CCC. During the registration process, third-party logout credential information is added to the account resource; the third-party logout credential information may be for a single device, or for all devices under the same user ID. If all devices share the third-party logout credential information, you can register the information on the cloud platform when the OBT device is registered in the cloud, see Example 1.

S23, the new device initiates a device registration process to the cloud platform according to the CCC resource; and adds the content of the certificate to the registration resource.

S24. During the process of registering the new device, a configuration process of the peer device (peer Device) will be initiated. During the configuration process, the certificate information of the new device (New Device) can be registered. For example, when performing peer-to-peer device provisioning (Provisioning), add the credential type as 3rd-deregister and the credential content credential (optional) in the credential (cred) resource for the new device.

During this process, the third-party logout credential information for the new device needs to be saved to the peer device. Therefore, these peer devices configured with the third-party logout credential information of the new device can initiate a third-party logout process for the new device. The third-party logout process is optional. If the third-party logout process is initiated, you can refer to Example 1.

Third-party cancellation stage:

S25. When the third-party device (which may or may not have OBT) obtains the DID of the device to be deregistered. The third-party device can obtain the DID of the device to be deregistered in various ways. For example, the DID of the device to be deregistered has been saved locally in the third-party device. For another example, the user reads the DID of the device to be deregistered from other devices, and inputs it in the third-party device.

S26, the third-party device initiates a logout request. The logout request carries UID and/or DID, access token, third-party logout credential information, etc. For example, a delete message is sent to indicate the deletion of /oic/sec/account{UserID, DeviceID (logout device ID), credential}. The DeviceID is the identification ID of the device to be deregistered.

S26. If the cancellation request carries the third-party cancellation credential information, it is determined that the process is a third-party cancellation request. If the request does not carry the third-party cancellation credential information, it is determined that the request is a cancellation request. That is to say, the third-party logout credential information is not carried in the self logout request.

S27 , delete entries such as account resources, session resources, and update resources (account resource item\session resource item\refresh resource item) corresponding to the device to be deregistered in the cloud platform, and complete the deregistration of the device.

In this example, the third-party logout process can be completed; especially when the device is lost, the cloud platform logout of the lost device can be completed through a third party.

FIG. 9 is a schematic block diagram of a communication device 20 according to an embodiment of the present application. The communication device 20 may perform the function of the first device in the above-mentioned method embodiment for device logout, and the communication device may include:

The sending unit 21 is configured to send a logout request to the cloud platform, where the logout request includes authentication information and credential information of the second device, so that the cloud platform can logout the second device.

Optionally, in this embodiment of the present application, the verification information further includes an access token of the communication device, where the access token is used to verify whether the communication device is allowed to access the cloud platform.

Optionally, in this embodiment of the present application, in the case that the logout type is self-logout, the verification information includes at least one of a user ID, a device ID, and an access token of the communication device.

Optionally, in this embodiment of the present application, in the case that the logout type is a third-party logout, the verification information includes the user ID of the second device, the device ID of the second device, and the access token of the communication device. at least one of.

Optionally, in this embodiment of the present application, the credential information of the second device is generated by the communication device.

Optionally, in this embodiment of the present application, the sending unit 21 is further configured to:

A credential creation request is sent to the cloud platform, where the credential creation request includes credential information of the second device.

Sending credential information to the second device to configure the credential information in the cloud platform registration configuration CCC resource of the second device, where the CCC resource of the second device is used to complete the registration of the second device in the cloud platform.

Optionally, in this embodiment of the present application, as shown in FIG. 10 , the communication device 20 further includes:

The obtaining unit 22 is used for the communication device to obtain the credential information of the second device from the third device, where the credential information of the second device is generated by the third device.

Optionally, in this embodiment of the present application, the credential information of the second device is stored on the communication device.

Optionally, in this embodiment of the present application, the sending unit 21 is further configured to send the credential information of the second device to the fourth device for storage.

The communication device 20 in this embodiment of the present application can implement the corresponding function of the first device in the foregoing method 200 embodiment. For the corresponding processes, functions, implementations and beneficial effects of each module (submodule, unit or component, etc.) in the communication device 20, reference may be made to the corresponding descriptions in the above method embodiments, which will not be repeated here. It should be noted that the functions described by the various modules (submodules, units or components, etc.) in the communication device 20 of the application embodiments may be implemented by different modules (submodules, units or components, etc.), or may be implemented by the same module Module (submodule, unit or component, etc.) implementation.

FIG. 11 is a schematic block diagram of a cloud platform 30 according to an embodiment of the present application. The cloud platform 30 may include:

a receiving unit 31, configured to receive a logout request from the first device, where the logout request includes authentication information and credential information of the second device;

The logout unit 32 is configured to logout the second device according to the verification information and the credential information of the second device.

Optionally, in this embodiment of the present application, the verification information further includes an access token of the first device. As shown in FIG. 12 , the cloud platform 30 further includes:

The first verification unit 33 is configured to verify the access token of the first device to determine whether the first device is allowed to access the cloud platform.

Optionally, in this embodiment of the present application, the logout request further includes a logout type. The cloud platform also includes:

The second verification unit 34 is configured to verify, by the cloud platform, whether the verification information includes at least one of the user identification, device identification and access token of the first device when the logout type is self logout.

Optionally, in this embodiment of the present application, the cloud platform further includes:

The third verification unit 35 is configured to verify, by the cloud platform, whether the verification information includes the user ID of the second device, the device ID of the second device and the first device when the log-out type is third-party log-out and verify whether the credential information in the verification request is consistent with the credential content corresponding to the user ID and/or device ID of the second device in the account resources saved by the cloud platform.

Optionally, in this embodiment of the present application, the receiving unit 31 is further configured to receive a credential creation request from the first device, where the credential creation request includes credential information of the second device, the credential information of the second device is generated at this first device.

Optionally, in this embodiment of the present application, the receiving unit 31 is further configured to receive a credential creation request from a third device, where the credential creation request includes credential information of the second device, and the credential information of the second device is generated in this third device.

The registration unit 36 is configured to use the CCC resource of the second device to complete the registration of the second device, and the CCC resource of the second device is configured with credential information of the second device.

session resources of the second device;

refresh resources of the second device.

The cloud platform 30 in this embodiment of the present application can implement the corresponding functions of the cloud platform in the foregoing

method

200 and 300 embodiments. For the corresponding processes, functions, implementations, and beneficial effects of each module (sub-module, unit, or component, etc.) in the cloud platform 30, reference may be made to the corresponding descriptions in the above method embodiments, which will not be repeated here. It should be noted that the functions described by each module (submodule, unit or component, etc.) in the cloud platform 30 of the application embodiment may be implemented by different modules (submodule, unit or component, etc.), or by the same Module (submodule, unit or component, etc.) implementation.

FIG. 13 is a schematic block diagram of a communication device 40 according to an embodiment of the present application. The communication device 40 may perform the function of the first device in the above-mentioned embodiment of the method for device registration, and the communication device may include:

A sending unit 41, configured to send credential information to the second device, so as to configure the credential information in the CCC resource of the second device, and the CCC resource of the second device is used to complete the registration of the second device in the cloud platform .

Optionally, in this embodiment of the present application, as shown in FIG. 14 , the communication device 40 further includes:

The information generating unit 42 is configured to generate credential information of the second device.

Optionally, in this embodiment of the present application, the sending unit 41 is further configured to send a credential creation request to the cloud platform, where the credential creation request includes credential information of the second device.

Optionally, in this embodiment of the present application, it also includes:

The information saving unit 43 is configured to save the credential information of the second device.

Optionally, in this embodiment of the present application, the sending unit 41 is further configured to send the credential information of the second device to the fourth device for storage.

The communication device 40 in this embodiment of the present application can implement the corresponding function of the first device in the foregoing method 400 embodiment. For the corresponding processes, functions, implementations and beneficial effects of each module (sub-module, unit or component, etc.) in the communication device 40, reference may be made to the corresponding descriptions in the above method embodiments, which will not be repeated here.

It should be noted that the functions described by each module (sub-module, unit, or component, etc.) in the communication device 40 of the application embodiment may be implemented by different modules (sub-module, unit, or component, etc.), or by the same Module (submodule, unit or component, etc.) implementation.

FIG. 15 is a schematic block diagram of a communication device 50 according to an embodiment of the present application. The communication device 50 may perform the function of the second device in the above-mentioned embodiment of the method for device registration, and the communication device may include:

a receiving unit 51, configured to receive credential information;

a configuration unit 52, configured to configure the credential information in the CCC resource of the network device;

The registration unit 53 is configured to register with the cloud platform based on the CCC resource.

The communication device 50 in this embodiment of the present application can implement the corresponding function of the second device in the foregoing method 500 embodiment. For the corresponding processes, functions, implementations and beneficial effects of each module (sub-module, unit or component, etc.) in the communication device 50, reference may be made to the corresponding descriptions in the above method embodiments, which will not be repeated here. It should be noted that the functions described by each module (sub-module, unit or component, etc.) in the communication device 50 of the application embodiment may be implemented by different modules (sub-module, unit or component, etc.), or by the same Module (submodule, unit or component, etc.) implementation.

FIG. 16 is a schematic structural diagram of a communication device 600 according to an embodiment of the present application. The communication device 600 includes a processor 610, and the processor 610 can call and run a computer program from a memory, so that the communication device 600 implements the methods in the embodiments of the present application.

Optionally, as shown in FIG. 16 , the communication device 600 may further include a memory 620 . The processor 610 may call and run a computer program from the memory 620, so that the communication device 600 implements the methods in the embodiments of the present application.

The memory 620 may be a separate device independent of the processor 610 , or may be integrated in the processor 610 .

Optionally, as shown in FIG. 16 , the communication device 600 may further include a transceiver 630, and the processor 610 may control the transceiver 630 to communicate with other devices, specifically, may send information or data to other devices, or receive other devices Information or data sent by a device.

Among them, the transceiver 630 may include a transmitter and a receiver. The transceiver 630 may further include antennas, and the number of the antennas may be one or more.

Optionally, the communication device 600 may be the network device of this embodiment of the present application, and the communication device 600 may implement the corresponding processes implemented by the network device in each method of the embodiment of the present application, which is not repeated here for brevity.

Optionally, the communication device 600 may be a terminal device in this embodiment of the present application, and the communication device 600 may implement corresponding processes implemented by the terminal device in each method in the embodiment of the present application, which is not repeated here for brevity.

FIG. 17 is a schematic structural diagram of a chip 700 according to an embodiment of the present application. The chip 700 includes a processor 710, and the processor 710 can call and run a computer program from a memory, so as to implement the method in the embodiments of the present application.

Optionally, as shown in FIG. 17 , the chip 700 may further include a memory 720 . The processor 710 may call and run a computer program from the memory 720 to implement the method executed by the terminal device or the network device in the embodiment of the present application.

The memory 720 may be a separate device independent of the processor 710 , or may be integrated in the processor 710 .

Optionally, the chip 700 may further include an input interface 730 . The processor 710 may control the input interface 730 to communicate with other devices or chips, and specifically, may acquire information or data sent by other devices or chips.

Optionally, the chip 700 may further include an output interface 740 . The processor 710 can control the output interface 740 to communicate with other devices or chips, and specifically, can output information or data to other devices or chips.

Optionally, the chip can be applied to the network device in the embodiment of the present application, and the chip can implement the corresponding processes implemented by the network device in each method of the embodiment of the present application, which is not repeated here for brevity.

Optionally, the chip can be applied to the terminal device in the embodiment of the present application, and the chip can implement the corresponding processes implemented by the terminal device in each method of the embodiment of the present application, which is not repeated here for brevity.

Chips applied to network equipment and terminal equipment can be the same chip or different chips.

It should be understood that the chip mentioned in the embodiments of the present application may also be referred to as a system-on-chip, a system-on-chip, a system-on-chip, or a system-on-a-chip, or the like.

The above-mentioned processor may be a general-purpose processor, a digital signal processor (DSP), an off-the-shelf programmable gate array (field programmable gate array, FPGA), an application specific integrated circuit (ASIC) or Other programmable logic devices, transistor logic devices, discrete hardware components, etc. The general-purpose processor mentioned above may be a microprocessor or any conventional processor or the like.

The memory mentioned above may be either volatile memory or non-volatile memory, or may include both volatile and non-volatile memory. The non-volatile memory may be read-only memory (ROM), programmable read-only memory (PROM), erasable programmable read-only memory (EPROM), electrically programmable Erase programmable read-only memory (electrically EPROM, EEPROM) or flash memory. Volatile memory may be random access memory (RAM).

It should be understood that the above memory is an example but not a limitative description, for example, the memory in the embodiment of the present application may also be a static random access memory (static RAM, SRAM), a dynamic random access memory (dynamic RAM, DRAM), Synchronous dynamic random access memory (synchronous DRAM, SDRAM), double data rate synchronous dynamic random access memory (double data rate SDRAM, DDR SDRAM), enhanced synchronous dynamic random access memory (enhanced SDRAM, ESDRAM), synchronous connection Dynamic random access memory (synch link DRAM, SLDRAM) and direct memory bus random access memory (Direct Rambus RAM, DR RAM) and so on. That is, the memory in the embodiments of the present application is intended to include but not limited to these and any other suitable types of memory.

FIG. 18 is a schematic block diagram of a communication system 800 according to an embodiment of the present application. The communication system 800 may include a first device 810 and a cloud platform 820 .

The first device 810 may be configured to send a logout request to the cloud platform 820, where the logout request includes authentication information and credential information of the second device, so that the cloud platform 820 logs out the second device.

The cloud platform 820 may be configured to receive the logout request from the first device 810; logout the second device according to the verification information in the logout request and the credential information of the second device.

Optionally, the first device 810 may also be configured to send credential information to the second device, so as to configure the credential information in the CCC resource of the second device, and the CCC resource of the second device is used to complete the second device. Device registration in the cloud platform.

The first device 810 may be used to implement the corresponding functions implemented by the first device in the above method embodiments, and the cloud platform 820 may be used to implement the corresponding functions implemented by the cloud platform in the above method embodiments. For brevity, details are not repeated here.

Optionally, the communication system 800 may further include: a second device 830, configured to receive credential information; configure the credential information in the CCC resource of the second device; and register with the cloud platform based on the CCC resource.

Optionally, the communication system 800 may further include: a third device 840, configured to send a credential creation request to the cloud platform, where the credential creation request includes credential information of the second device, and the credential information of the second device is in the generated by a third device.

Optionally, the communication system 800 may further include: a fourth device 850, configured to receive and save credential information of the second device. For example, the fourth device 850 may receive the credential information of the second device from the first device 810 or the third device 840 .

In the above-mentioned embodiments, it may be implemented in whole or in part by software, hardware, firmware or any combination thereof. When implemented in software, it can be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on a computer, all or part of the processes or functions described in the embodiments of the present application are generated. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable device. The computer instructions may be stored on or transmitted from one computer readable storage medium to another computer readable storage medium, for example, the computer instructions may be transmitted over a wire from a website site, computer, server or data center (eg coaxial cable, optical fiber, Digital Subscriber Line (DSL)) or wireless (eg infrared, wireless, microwave, etc.) means to another website site, computer, server or data center. The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that includes one or more available media integrated. The available medium may be a magnetic medium (eg, a floppy disk, a hard disk, a magnetic tape), an optical medium (eg, a DVD), or a semiconductor medium (eg, a Solid State Disk (SSD)), and the like.

It should be understood that, in various embodiments of the present application, the size of the sequence numbers of the above-mentioned processes does not mean the sequence of execution, and the execution sequence of each process should be determined by its functions and internal logic, and should not be dealt with in the embodiments of the present application. implementation constitutes any limitation.

Those skilled in the art can clearly understand that, for the convenience and brevity of description, the specific working process of the above-described systems, devices and units may refer to the corresponding processes in the foregoing method embodiments, which will not be repeated here.

The above are only specific embodiments of the present application, but the protection scope of the present application is not limited to this. Any person skilled in the art who is familiar with the technical scope disclosed in the present application can easily think of changes or substitutions. Covered within the scope of protection of this application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims

A method of unregistering a device, comprising:

The first device sends a logout request to the cloud platform, where the logout request includes authentication information and credential information of the second device, so that the cloud platform logs out the second device.
The method of claim 1, wherein the authentication information includes a user identification and/or a device identification.
The method of claim 1, wherein the verification information further comprises an access token of the first device, the access token being used to verify whether the first device is allowed to access the cloud platform.
The method according to any one of claims 1 to 3, wherein the credential information includes credential content and credential type.
The method according to any one of claims 1 to 4, wherein the logout request further includes a logout type, and when the logout type is self-logout, the verification information includes the first device's At least one of a user ID, a device ID, and an access token.
The method according to any one of claims 1 to 4, wherein the logout request further includes a logout type, and when the logout type is a third-party logout, the verification information includes the second device at least one of the user identification of the second device, the device identification of the second device, and the access token of the first device.
6. The method of any one of claims 1 to 6, wherein the credential information for the second device is generated by the first device.
The method of claim 7, further comprising:

The first device sends a credential creation request to the cloud platform, where the credential creation request includes credential information of the second device.
The method of claim 7 or 8, further comprising:

The first device sends credential information to the second device to configure the credential information in the cloud platform registration configuration CCC resource of the second device, and the CCC resource of the second device is used to complete the The registration of the second device in the cloud platform.
The method of any one of claims 1 to 6, further comprising:

The first device acquires credential information of the second device from a third device, where the credential information of the second device is generated by the third device.
10. The method of any one of claims 1 to 10, wherein credential information for the second device is stored on the first device.
The method according to any one of claims 1 to 11, wherein, further comprising:

The first device sends the credential information of the second device to the fourth device for storage.
The method according to any one of claims 1 to 12, wherein credential information of a plurality of the second devices is the same.
12. The method of any one of claims 1 to 12, wherein credential information is different for each of the second devices.
A method of unregistering a device, comprising:

The cloud platform receives a logout request from the first device, where the logout request includes authentication information and credential information of the second device;

The cloud platform deregisters the second device according to the verification information and the credential information of the second device.
The method of claim 15, wherein the authentication information includes a user identification and/or a device identification.
The method of claim 16, wherein the verification information further comprises an access token of the first device, the method further comprising:

The cloud platform verifies the access token of the first device to determine whether the first device is allowed to access the cloud platform.
The method according to any one of claims 15 to 17, wherein the voucher information includes voucher content and voucher type.
The method according to any one of claims 15 to 18, wherein the logout request further includes a logout type, and the method further includes:

In the case that the logout type is self-logout, the cloud platform verifies whether the verification information includes at least one of a user ID, a device ID, and an access token of the first device.
The method according to any one of claims 15 to 18, wherein the logout request further includes a logout type, and the method further comprises:

In the case that the logout type is third-party logout, the cloud platform verifies whether the verification information includes the user ID of the second device, the device ID of the second device, and the access of the first device token, and verify whether the credential information in the verification request is consistent with the credential content corresponding to the user ID and/or device ID of the second device in the account resource saved by the cloud platform.
The method of any one of claims 15 to 20, further comprising:

The cloud platform receives a credential creation request from the first device, where the credential creation request includes credential information of the second device, and the credential information of the second device is generated on the first device.
The method of any one of claims 15 to 20, further comprising:

The cloud platform receives a credential creation request from a third device, where the credential creation request includes credential information of the second device, and the credential information of the second device is generated on the third device.
The method of any one of claims 15 to 22, further comprising:

The cloud platform uses the CCC resource of the second device to complete the registration of the second device, and the CCC resource of the second device is configured with credential information of the second device.
The method according to any one of claims 15 to 23, wherein credential information of a plurality of the second devices is the same.
23. The method of any one of claims 15 to 23, wherein credential information is different for each of the second devices.
The method according to any one of claims 15 to 25, wherein the manner of deregistering the second device comprises deleting at least one of the following resources of the second device:

Account resources of the second device, where the account resources include credential information;

session resources of the second device;

refresh resources of the second device.
A method for device registration, further comprising:

The first device sends credential information to the second device to configure the credential information in the CCC resource of the second device, and the CCC resource of the second device is used to complete the registration of the second device in the cloud platform .
The method of claim 27, further comprising:

The first device generates credential information for the second device.
The method of claim 27 or 28, further comprising:

The first device sends a credential creation request to the cloud platform, where the credential creation request includes credential information of the second device.
The method of any one of claims 27 to 29, further comprising:

The first device stores credential information of the second device.
The method of any one of claims 27 to 30, further comprising:

The first device sends the credential information of the second device to the fourth device for storage.
The method according to any one of claims 27 to 31, wherein the credential information of a plurality of the second devices is the same.
31. The method of any one of claims 27 to 31, wherein credential information is different for each of the second devices.
A method for device registration, further comprising:

The second device receives the credential information;

The second device configures the credential information in the CCC resource of the second device;

The second device registers with the cloud platform based on the CCC resource.
A communication device comprising:

A sending unit, configured to send a logout request to the cloud platform, where the logout request includes authentication information and credential information of the second device, so that the cloud platform logs out the second device.
The communication device of claim 35, wherein the authentication information includes a user identification and/or a device identification.
The communication device of claim 35, wherein the verification information further comprises an access token of the communication device, the access token being used to verify whether the communication device is allowed to access the cloud platform.
The communication device according to any one of claims 35 to 37, wherein the credential information includes credential content and credential type.
The communication device according to claims 35 to 38, wherein the logout request further includes a logout type, and in the case that the logout type is self-logout, the verification information includes a user identifier of the communication device, a device At least one of an ID and an access token.
The communication device according to claims 35 to 38, wherein the logout request further includes a logout type, and when the logout type is a third-party logout, the verification information includes a user identity of the second device , at least one of a device identification of the second device and an access token of the communication device.
A communication device according to any one of claims 35 to 40, wherein the credential information of the second device is generated by the communication device.
The communication device of claim 41, wherein the sending unit is further configured to:

A credential creation request is sent to the cloud platform, where the credential creation request includes credential information of the second device.
The communication device according to claim 41 or 42, wherein the sending unit is further configured to:

Send the credential information to the second device to configure the credential information in the cloud platform registration and configuration CCC resource of the second device, and the CCC resource of the second device is used to complete the registration of the second device in the the registration of the cloud platform.
The communication device of any one of claims 35 to 40, further comprising:

an acquiring unit, configured for the communication device to acquire credential information of the second device from a third device, where the credential information of the second device is generated by the third device.
A communication device as claimed in any one of claims 35 to 44, wherein credential information for the second device is stored on the communication device.
The communication device according to any one of claims 35 to 45, wherein the sending unit is further configured to send the credential information of the second device to the fourth device for storage.
The communication device according to any one of claims 35 to 46, wherein the credential information of a plurality of the second devices is the same.
A communication device as claimed in any one of claims 35 to 46, wherein the credential information is different for each of the second devices.
A cloud platform that includes:

a receiving unit, configured to receive a logout request from the first device, where the logout request includes authentication information and credential information of the second device;

A logout unit, configured to logout the second device according to the verification information and the credential information of the second device.
The cloud platform according to claim 49, wherein the verification information includes a user identification and/or a device identification.
The cloud platform of claim 50, wherein the verification information further comprises an access token of the first device, the cloud platform further comprising:

A first verification unit, configured to verify the access token of the first device to determine whether the first device is allowed to access the cloud platform.
The cloud platform according to any one of claims 49 to 51, wherein the credential information includes credential content and credential type.
The cloud platform according to claims 49 to 52, wherein the logout request also includes a logout type, and the cloud platform further includes:

a second verification unit, configured to verify, by the cloud platform, whether the verification information includes at least one of a user ID, a device ID and an access token of the first device when the logout type is self logout .
The cloud platform according to claims 49 to 52, wherein the logout request further includes a logout type, and the cloud platform further includes:

a third verification unit, configured to verify, by the cloud platform, whether the verification information includes the user identifier of the second device, the device identifier of the second device and the the access token of the first device, and verify whether the credential information in the verification request is consistent with the credential content corresponding to the user ID and/or device ID of the second device in the account resources saved by the cloud platform.
The cloud platform according to any one of claims 49 to 54, wherein the receiving unit is further configured to receive a credential creation request from the first device, wherein the credential creation request includes a credential creation request of the second device. Credential information, the credential information of the second device is generated at the first device.
The cloud platform according to any one of claims 49 to 54, wherein the receiving unit is further configured to receive a credential creation request from a third device, wherein the credential creation request includes credential information of the second device , the credential information of the second device is generated at the third device.
The cloud platform according to any one of claims 49 to 56, further comprising:

A registration unit, configured to use the CCC resource of the second device to complete the registration of the second device, where the CCC resource of the second device is configured with credential information of the second device.
The cloud platform according to any one of claims 49 to 57, wherein the credential information of the plurality of second devices is the same.
The cloud platform according to any one of claims 49 to 57, wherein the credential information of each of the second devices is different.
The cloud platform according to any one of claims 49 to 59, wherein the manner of deregistering the second device comprises deleting at least one of the following resources of the second device:

Account resources of the second device, where the account resources include credential information;

session resources of the second device;

refresh resources of the second device.
A communication device comprising:

A sending unit, configured to send credential information to the second device, so as to configure the credential information in the CCC resource of the second device, and the CCC resource of the second device is used to complete the cloud platform for the second device registration.
The communication device of claim 61, further comprising:

an information generating unit, configured to generate credential information of the second device.
The communication device according to claim 61 or 62, wherein the sending unit is further configured to send a credential creation request to the cloud platform, wherein the credential creation request includes credential information of the second device.
The communication device of any one of claims 61 to 63, further comprising:

An information saving unit, configured to save the credential information of the second device.
The communication device according to any one of claims 61 to 64, wherein the sending unit is further configured to send the credential information of the second device to the fourth device for storage.
The communication device according to any one of claims 61 to 65, wherein the credential information of a plurality of the second devices is the same.
A communication device as claimed in any one of claims 61 to 65, wherein the credential information is different for each of the second devices.
A communication device, comprising:

a receiving unit for receiving credential information;

a configuration unit, configured to configure the credential information in the CCC resource of the communication device;

A registration unit, configured to register with the cloud platform based on the CCC resource.
A communication device, comprising: a processor and a memory, the memory is used to store a computer program, the processor is used to call and run the computer program stored in the memory, so that the communication device executes as claimed in claims 1 to 14 The method of any of the above.
A cloud platform, comprising: a processor and a memory, the memory is used for storing a computer program, the processor is used for calling and running the computer program stored in the memory, so as to make the cloud platform execute as claimed in claims 15 to 26 The method of any of the above.
A communication device, comprising: a processor and a memory for storing a computer program, the processor for invoking and running the computer program stored in the memory, so that the communication device performs as claimed in claims 27 to 34 The method of any of the above.
A chip, comprising: a processor for invoking and running a computer program from a memory, so that a device on which the chip is installed executes the method according to any one of claims 1 to 14.
A chip, comprising: a processor for invoking and running a computer program from a memory, so that a device on which the chip is installed executes the method as claimed in any one of claims 15 to 26.
A chip, comprising: a processor for invoking and running a computer program from a memory, so that a device on which the chip is installed performs the method as claimed in any one of claims 27 to 34.
A computer-readable storage medium for storing a computer program which, when executed by a device, causes the device to perform the method of any one of claims 1 to 14.
A computer-readable storage medium for storing a computer program which, when executed by a device, causes the device to perform the method as claimed in any one of claims 15 to 26.
A computer-readable storage medium for storing a computer program which, when executed by a device, causes the device to perform the method of any one of claims 27 to 34.
A computer program product comprising computer program instructions that cause a computer to perform the method of any one of claims 1 to 14.
A computer program product comprising computer program instructions that cause a computer to perform the method of any of claims 15 to 26.
A computer program product comprising computer program instructions that cause a computer to perform the method of any of claims 27 to 34.
A computer program that causes a computer to perform the method of any one of claims 1 to 14.
A computer program that causes a computer to perform the method of any one of claims 15 to 26.
A computer program that causes a computer to perform the method of any one of claims 27 to 34.