CN116668201B - System for allocating production resources, transmission method and equipment for production resources - Google Patents

System for allocating production resources, transmission method and equipment for production resources Download PDF

Info

Publication number
CN116668201B
CN116668201B CN202310956712.XA CN202310956712A CN116668201B CN 116668201 B CN116668201 B CN 116668201B CN 202310956712 A CN202310956712 A CN 202310956712A CN 116668201 B CN116668201 B CN 116668201B
Authority
CN
China
Prior art keywords
production
resource
equipment
target
identification information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202310956712.XA
Other languages
Chinese (zh)
Other versions
CN116668201A (en
Inventor
李书珍
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Xiaomi Mobile Software Co Ltd
Original Assignee
Beijing Xiaomi Mobile Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Xiaomi Mobile Software Co Ltd filed Critical Beijing Xiaomi Mobile Software Co Ltd
Priority to CN202310956712.XA priority Critical patent/CN116668201B/en
Publication of CN116668201A publication Critical patent/CN116668201A/en
Application granted granted Critical
Publication of CN116668201B publication Critical patent/CN116668201B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/25Integrating or interfacing systems involving database management systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/30Computing systems specially adapted for manufacturing

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • Databases & Information Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Data Mining & Analysis (AREA)
  • Bioethics (AREA)
  • Software Systems (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Computer And Data Communications (AREA)

Abstract

The disclosure relates to a system for distributing production resources, a transmission method and equipment of the production resources, belongs to the technical field of data transmission, and is used for providing a safe storage area for the production resources of part of Internet of things equipment. The system comprises an interface module configured to receive a production resource request instruction sent by a request end device; the database module is configured to store production resources and determine target production resources required by producing target equipment according to equipment identification information of the target equipment in the production resource request instruction; the interface module is further configured to send the target production resource to the requesting device. When the target equipment to be produced does not have a safe storage area for backing up production resources, external data transmission is realized through the interface module, and a safe storage area is provided for production resources of part of the Internet of things equipment through the database module.

Description

System for allocating production resources, transmission method and equipment for production resources
Technical Field
The disclosure relates to the technical field of data transmission, and in particular relates to a system for allocating production resources, a transmission method and equipment of the production resources.
Background
The Internet of things equipment is various, and the production resources of the Internet of things equipment adopting a certificate authentication mode comprise equipment certificates and private keys thereof, so that the equipment certificates and the private keys thereof corresponding to the equipment need to be burnt to the Internet of things equipment when the equipment is processed in a factory.
In the related art, production resources of the internet of things equipment need to be backed up, so that the situation that a private key of the equipment cannot be retrieved after being accidentally erased is avoided, and part of the internet of things equipment does not have a safe storage area.
Disclosure of Invention
To overcome the problems in the related art, the present disclosure provides a system for allocating production resources, a transmission method of the production resources, and an apparatus thereof.
According to a first aspect of embodiments of the present disclosure, there is provided a system for allocating production resources, the system being provided in a cloud device, comprising:
the interface module is configured to receive a production resource request instruction sent by the request end equipment, wherein the production resource request instruction comprises equipment identification information of target equipment to be produced;
a database module configured to store production resources and to determine target production resources required to produce the target device based on the device identification information;
The interface module is further configured to send the target production resource to the requesting device.
Optionally, the database module is configured to determine, when the equipment identification information exists in a resource generation record, a historical production resource corresponding to the equipment identification information as the target production resource, where the resource generation record stores the equipment identification information corresponding to the historical production resource generated by the cloud device.
Optionally, the system further comprises:
the resource generation module is configured to generate a new production resource and store the database module under the condition that the equipment identification information does not exist in a resource generation record, wherein the resource generation record stores the equipment identification information corresponding to the historical production resource generated by the cloud equipment;
the database module is configured to determine the new production resource as the target production resource.
Optionally, the resource generating module is further configured to generate a check value according to the equipment identification information and the new production resource, where the equipment identification information does not exist in the resource generating record, and the check value is used for checking the target production resource by the request end equipment;
The interface module is further configured to send the check value to the request end device, so that the request end device checks the target production resource according to the check value, and stores the target production resource after the check value passes.
Optionally, the database module includes:
a secondary certificate storage area configured to store secondary certificates corresponding to different device types in an isolated manner, the secondary certificate corresponding to each device type being used to generate a production resource corresponding to the device type;
the resource generation module is configured to determine a target secondary certificate storage area corresponding to a device type to which the target device belongs, and generate the new production resource according to a secondary certificate in the target secondary certificate storage area when the device identification information does not exist in the resource generation record.
Optionally, the database module includes:
a secondary certificate storage area configured to store secondary certificates corresponding to different device types in an isolated manner, the secondary certificate corresponding to each device type being used to generate a production resource corresponding to the device type;
the resource generation module is further configured to issue a new secondary certificate and generate the new production resource according to the new secondary certificate when the device identification information does not exist in the resource generation record and the device type of the target device does not exist in the secondary certificate storage area.
Optionally, the database module further comprises:
and a root certificate storage area configured to store a root certificate of the system for allocating production resources, the root certificate being used to generate secondary certificates corresponding to the different device types.
Optionally, the database module includes:
the resource storage area is configured to store historical production resources which correspond to different equipment types and have ownership of different subjects in an isolated manner;
and the inquiring sub-module is configured to determine a target storage area from the resource storage area according to the equipment identification information, and determine the historical production resource corresponding to the equipment identification information in the target storage area as the target production resource.
Optionally, the system further comprises:
the identity authentication module is configured to receive the identity authentication information sent by the request terminal equipment and authenticate the identity authentication information; and after the authentication of the authentication information is passed, transmitting equipment group information corresponding to the authentication information to the request end equipment, so that the request end equipment transmits the production resource request instruction according to the equipment group information, wherein the equipment group information is used for representing the equipment type of the request end equipment which can apply for production resources and is determined according to the authority information of the authentication information.
According to a second aspect of the embodiments of the present disclosure, there is provided a transmission method of a production resource, which is applied to the system for allocating a production resource provided in the first aspect of the embodiments of the present disclosure, where the system for allocating a production resource is disposed in a cloud device, and includes:
receiving a production resource request instruction sent by a request end device, wherein the production resource request instruction comprises device identification information of target devices to be produced;
determining target production resources required by producing the target equipment according to the equipment identification information, wherein the target production resources are generated and stored by the system for distributing the production resources;
and sending the target production resource to the request end equipment.
According to a third aspect of the embodiments of the present disclosure, there is provided a transmission method of a production resource, applied to a request end device, including:
a production resource request instruction is sent to a cloud device, the production resource request instruction comprises device identification information of target devices to be produced, the production resource request instruction is used for triggering the cloud device to determine target production resources required by producing the target devices according to the device identification information, and the target production resources are sent to the request terminal device, wherein the target production resources are generated and stored by the cloud device;
And receiving the target production resource sent by the cloud device.
According to a fourth aspect of the embodiments of the present disclosure, there is provided a computer-readable storage medium having stored thereon computer program instructions which, when executed by a processor, implement a method of transferring a production resource as provided by the second aspect of the embodiments of the present disclosure, or implement a method of transferring a production resource as provided by the third aspect of the embodiments of the present disclosure.
According to a fifth aspect of embodiments of the present disclosure, there is provided a cloud device comprising a system for allocating production resources as provided by the first aspect of embodiments of the present disclosure.
According to a sixth aspect of embodiments of the present disclosure, there is provided a request-side device, including:
a storage device having a computer program stored thereon;
processing means for executing the computer program in the storage means to implement the transmission method of production resources as provided in the third aspect of the embodiments of the present disclosure.
The technical scheme provided by the embodiment of the disclosure can comprise the following beneficial effects:
in the embodiment of the disclosure, the system for allocating production resources is disposed in the cloud device, and the database module of the system can provide a secure storage area for the production resources of the internet of things device. Therefore, the request end device can receive the production resource request instruction sent by the request end device for the target device through the interface module, and the database module determines the target production resource of the target device from the production resources stored in the database module according to the device identification information in the production resource request instruction, so that the request end device can find the target production resource of the target device from the system for distributing the production resource, and therefore the production resource of the target device can be retrieved after the private key of the target device is accidentally erased, the distribution requirements of the production resource under different scenes are met, and the normal production process is ensured.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the disclosure and together with the description, serve to explain the principles of the disclosure.
FIG. 1 is a block diagram illustrating a system for allocating production resources according to an exemplary embodiment.
FIG. 2 is a schematic flow diagram illustrating a process for acquiring production resources according to an example embodiment.
Fig. 3 is a schematic diagram illustrating the structure of a database module according to an exemplary embodiment.
Fig. 4 is a schematic diagram illustrating an architecture of a system for allocating production resources, according to an example embodiment.
Fig. 5 is a flow chart illustrating a method of transmission of production resources according to an exemplary embodiment.
FIG. 6 is a flow diagram illustrating a requesting device obtaining production resources from a cloud device, according to an example embodiment.
Fig. 7 is a flow chart illustrating another method of transmission of production resources according to an example embodiment.
Fig. 8 is a block diagram illustrating a transmission apparatus for manufacturing resources according to an exemplary embodiment.
Fig. 9 is a block diagram illustrating an apparatus for transmitting production resources according to an exemplary embodiment.
Fig. 10 is a block diagram illustrating an apparatus for transmitting production resources according to an example embodiment.
Detailed Description
Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples are not representative of all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus and methods consistent with some aspects of the present disclosure as detailed in the accompanying claims.
The internet of things devices, also called smart home devices and IoT devices (Internet of Things), commonly used wireless protocols include BLE (Bluetooth Low Energy ), wiFi, zigBee, and the like, and according to the transmission protocols of the bottom layers, each device manufacturer can construct a rich application ecology. At present, a common development mode of equipment side in the field of smart home is that some equipment manufacturers develop SDKs (Software Development Kit, software development kits) adapting to ecological protocols of various equipment manufacturers based on modules and provide the SDKs for various equipment manufacturers to perform secondary development, so that products of the equipment manufacturers are created.
Along with the release of the intelligent home connection standard Matter protocol, all equipment manufacturers follow up and release the internet of things equipment supporting the Matter protocol successively. The production resources required by the Internet of things equipment based on the Matter protocol are different from those of other equipment, the Internet of things equipment based on the Matter protocol adopts a certificate authentication mode, and the production resources comprise equipment certificates and private keys thereof. The production resources of the Internet of things equipment need to be backed up so as to avoid the situation that the private key of the equipment cannot be retrieved after being accidentally erased, and part of the Internet of things equipment does not have a safe storage area.
Based on the above requirements, embodiments of the present disclosure provide a system for allocating production resources, a transmission method of production resources, and an apparatus, and the embodiments of the present disclosure are further described below with reference to the accompanying drawings. It is understood that in the following description, the device to be produced is not limited to the cloud device, the request device, or the device manufacturer device.
Referring to fig. 1, fig. 1 is a block diagram illustrating a system for allocating production resources, the system being disposed in a cloud device, according to an exemplary embodiment, comprising:
An interface module 101 configured to receive a production resource request instruction sent by a request end device, the production resource request instruction including device identification information of a target device to be produced;
a database module 102 configured to store production resources and to determine target production resources required to produce a target device based on the device identification information;
the interface module 101 is further configured to send the target production resource to the requesting device.
For example, when the production resources of a batch of devices to be produced are stored in a system for allocating production resources, as shown in fig. 2, the production resource obtaining flow of a target device to be produced generally applies for the production resources of the batch of devices to a cloud end by a device manufacturer end, and after approval, a developer platform of the cloud end generates and stores the production resources of the batch of devices by the system for allocating production resources; after the equipment manufacturer side places the production order of the batch of equipment to the request side, the request side can acquire the production resources required by the batch of equipment from the cloud. The request end may be a factory for producing the batch of devices, and after the factory produces the batch of devices, the factory writes the device certificate and the private key thereof in the production resource into the device. The request end equipment is provided with a factor Client program, and can obtain production resources applied by equipment manufacturers through the Client program agent and store the production resources into a request end MES system (Manufacturing Execution System ).
Illustratively, the production resource request instruction includes device identification information, which is a unique identifier of the device, such as a MAC address (Media Access Control Address ) of the device, ID (Identity document, identification number) information of the device, and so forth. The target device is a device to be produced, the target production resource includes information such as a device certificate of the target device and a private key thereof, the interface module is used for data transmission to the external device, the interface protocol of the specific interface module 101 may adopt HTTP (Hypertext Transfer Protocol ), and further may adopt stateless HTTPs (Hypertext Transfer Protocol Secure, hypertext transfer security protocol).
For example, the database module may determine, according to the device identification information, a target production resource required for producing the target device, and specifically may directly use the device identification information as an index, or may generate a specific index according to the device identification information, where a specific form is not limited in the disclosure.
In the embodiment of the disclosure, the system for allocating production resources is disposed in the cloud device, and the database module of the system can provide a secure storage area for the production resources of the internet of things device. Therefore, the request end device can receive the production resource request instruction sent by the request end device for the target device through the interface module, and the database module determines the target production resource of the target device from the production resources stored in the database module according to the device identification information in the production resource request instruction, so that the request end device can find the target production resource of the target device from the system for distributing the production resource, and therefore the production resource of the target device can be retrieved after the private key of the target device is accidentally erased, the distribution requirements of the production resource under different scenes are met, and the normal production process is ensured.
For example, because of various devices at the device manufacturer end, the internet of things device with higher cost is provided with a secure storage area, a private key can be generated by the internet of things device, and the private key cannot be erased; the internet of things equipment with lower cost does not have a safe storage area, and the private key can be accidentally erased, so that the private key can be retrieved and needs to be backed up in other places where the private key can be safely stored. In order to be compatible with the production requirements of the production resources of the devices with different costs, the production resources of the devices can be stored in the database module 102, the request end device obtains the device certificate and the private key thereof generated based on the request of the manufacturer end of the devices from the system for distributing the production resources, and writes the device, and once the device certificate and the private key thereof need to be re-written, the MAC address of the device can be used as an index, and the device certificate and the private key thereof generated by the history of the devices can be obtained from the database module.
In the embodiment of the disclosure, the database module stores the target production resources of the target equipment to be produced, so that the production requirements of equipment certificates and private keys of equipment with different costs can be compatible, the universality is realized, and the control of the production flow is facilitated.
As an optional embodiment, the database module is configured to determine, when the equipment identification information exists in the resource generation record, a historical production resource corresponding to the equipment identification information as a target production resource, where the resource generation record stores the equipment identification information corresponding to the historical production resource generated by the cloud device.
Illustratively, the resource generation record includes device identification information of the device that has generated the production resource. After the system for allocating production resources generates the production resources of one device, a resource generation record of the device may be formed by saving device identification information of the device as an index. After the private key is accidentally erased, whether the equipment identification information exists or not can be searched in the resource generation record according to the equipment identification information, and if so, the historical production resource corresponding to the equipment identification information can be used as a target production resource to be sent to the requesting terminal equipment.
As an alternative embodiment, the system for allocating production resources further comprises a data statistics module, which can be used for recording the application and use cases of the production resources and displaying the application and use cases as a visual chart. The data statistics module records the number of the equipment certificates and the private keys applied by the equipment manufacturer end, and when the number of the equipment certificates and the private keys generated by the equipment manufacturer end reaches the upper threshold, the generation of new equipment certificates and the private keys is stopped, and at the moment, the equipment manufacturer end needs to apply for production resources again.
In the embodiment of the disclosure, when the system for allocating production resources generates the device certificate and the private key thereof, a certain production cost is generated, that is, each time one device certificate and the private key thereof are generated, a corresponding cost is generated. If the historically generated production resources cannot be retrieved after the private key is accidentally erased, new production resources are regenerated, and the regeneration causes the increase of production cost. Therefore, the generated production resources can be stored in the database module to be used as backup, the safety of the production resources is ensured, and meanwhile, after the private key is accidentally erased, the backup production resources are retrieved from the database module, so that the production cost can be saved.
As an alternative embodiment, the system further comprises:
the resource generation module is configured to generate a new production resource and store the new production resource in the database module under the condition that equipment identification information does not exist in a resource generation record, wherein the resource generation record stores the equipment identification information corresponding to the historical production resource generated by the cloud equipment;
and a database module configured to determine the new production resource as a target production resource.
For example, in the case where the device identification information does not exist in the resource generation record, the target device may not have generated the production resource in the cloud device. Therefore, a new production resource can be regenerated by the resource generating module to serve as a target production resource, the target production resource is stored in the database module, and the equipment identification information corresponding to the target production resource is stored in the resource generating record, so that whether the target production resource is generated or not can be determined according to the equipment identification information next time.
As an optional embodiment, the resource generating module is further configured to generate a check value according to the device identification information and the new production resource when the device identification information does not exist in the resource generating record, where the check value is used for checking the target production resource by the request end device;
And the interface module is further configured to send the check value to the request end equipment so that the request end equipment can check the target production resource according to the check value and store the target production resource after the check value passes.
For example, in the case that the equipment identification information does not exist in the resource generation record, generating a new production resource, and simultaneously generating a check value corresponding to the new production resource, where the check value is used for the requesting end equipment to confirm the identity, qualification or authenticity and credibility of the cloud end equipment for generating the certificate. For example, the check value may be calculated by check_sum=sha256 (mac+cert+key), where check_sum is a check value, MAC is a MAC address of a target device, CERT is a device certificate of the target device, KEY is a device private KEY of the target device, + represents a string concatenation, SHA256 () represents SHA256 encryption algorithm, and SHA256 encryption algorithm protects data from interception or tampering by converting data such as a message and a file into a string which has a fixed length of 256 bits and is difficult to distinguish. And sending the encrypted check value to the request terminal equipment so that the request terminal equipment checks the target production resource according to the check value and stores the target production resource after the check is passed.
The internet of things device based on the Matter protocol, which is disclosed by the disclosure, uses a three-level certificate system as a certificate chain during authentication, and the three-level certificate system comprises a root certificate, a plurality of two-level certificates and a plurality of device certificates, wherein each device class corresponds to one two-level certificate, and each device corresponds to one device certificate. Each device certificate contains a device public key which can verify the digital signature, thereby authenticating the device identity, negotiating a session key and ensuring the security of data transmission. The public key is the part of the secret key which is disclosed to the outside, and the private key is the part which is not disclosed. Specifically, the private key of the root certificate is used for signing the secondary certificate to generate a corresponding secondary certificate, and the private key of the secondary certificate is used for signing the equipment certificate to generate a corresponding equipment certificate. In some cases, a factory may produce equipment for one equipment manufacturer, or may produce equipment for multiple equipment manufacturers. The ownership of the root certificate and its private key, the secondary certificate and its private key, and the device certificate and its private key respectively belong to different entities, for example, the ownership of the root certificate and its private key, the secondary certificate and its private key belongs to the entity to which the cloud device belongs, and the ownership of the device certificate and its private key belongs to the device manufacturer. Therefore, in the database module, the root certificate and the private key thereof, the secondary certificate and the private key thereof, and the equipment certificate and the private key thereof are stored in an isolated storage area, so that the safe storage of the production resource is ensured.
As an alternative embodiment, the database module includes:
the secondary certificate storage area is configured to store secondary certificates corresponding to different equipment types in an isolated mode, and the secondary certificate corresponding to each equipment type is used for generating production resources corresponding to the equipment type;
the resource generation module is configured to determine a target secondary certificate storage area corresponding to the equipment type of the target equipment under the condition that equipment identification information does not exist in the resource generation record, and generate a new production resource according to the secondary certificate in the target secondary certificate storage area.
For example, when generating the target production resource of the target device, the device certificate of the target device may be signed by the private key of the secondary certificate by using the secondary certificate under the device type corresponding to the target device, so as to generate the target production resource of the target device. Therefore, when it is determined that the target secondary certificate storage area corresponding to the device type to which the target device belongs exists, a new production resource can be generated according to the secondary certificate in the target secondary certificate storage area.
As another alternative embodiment, when it is determined that the target secondary certificate storage area corresponding to the device type to which the target device belongs does not exist, a new secondary certificate under the device type may be generated, and a new production resource may be generated according to the new secondary certificate. Therefore, the resource generating module is further configured to issue a new secondary certificate and generate a new production resource according to the new secondary certificate when the device identification information does not exist in the resource generating record and the device type of the target device does not exist in the secondary certificate storage area.
The new secondary certificate may be issued by the private key of the root certificate. Thus, as an alternative embodiment, the database module further comprises:
a root certificate store configured to store root certificates of the system for allocating production resources, the root certificates being used to generate secondary certificates corresponding to different device types.
As an alternative embodiment, the database module includes:
the resource storage area is configured to store historical production resources which correspond to different equipment types and have ownership of different subjects in an isolated manner;
and the inquiring sub-module is configured to determine a target storage area from the resource storage area according to the equipment identification information, and determine the historical production resource corresponding to the equipment identification information in the target storage area as a target production resource.
For example, the root certificate and its private key, the secondary certificate and its private key, and the device certificate and its private key are all stored separately in respective storage areas. As shown in fig. 3, specifically, the root certificate and its private key are stored in the root certificate storage area, the secondary certificate of each device type and its private key are respectively stored in the secondary certificate storage area under the device type, and the device certificates and their private keys of each device type and having ownership of different device manufacturers are stored in different resource storage areas. The device types include device types 1 to N, and each device type may include device manufacturers 1 to M corresponding to a request end, where a production resource required by a batch of devices produced by the device manufacturer 1 includes production resources corresponding to device identification information MACa to MACn, and a production resource required by another batch of devices produced by the device manufacturer M includes production resources corresponding to device identification information MACb to MACp. The equipment manufacturer that another request end may correspond to only includes equipment manufacturer x, and the production resources required by the request end for a batch of equipment produced by equipment manufacturer x include production resources corresponding to equipment identification information MACc to MACq.
In the embodiment of the disclosure, the ownership and the use right of the production resources of each equipment manufacturer are isolated and subdivided in the storage areas isolated from each other, so that the application and the safe use requirements of the production resources under the complex substitution relation can be met.
As an alternative embodiment, the system further comprises:
the identity authentication module is configured to receive the identity authentication information sent by the request terminal equipment and authenticate the identity authentication information; and after the authentication of the authentication information is passed, transmitting equipment group information corresponding to the authentication information to the request terminal equipment, so that the request terminal equipment transmits a production resource request instruction according to the equipment group information, wherein the equipment group information is used for representing the equipment type of the request terminal equipment which is determined according to the authority information of the authentication information and can apply for production resources.
For example, before the interface module receives the production resource request instruction sent by the request end device, the identity of the request end device may be authenticated by the identity authentication module. The authentication information of the user of the request terminal device is an account number, and the user of the request terminal device can register the account number through a developer platform of the cloud terminal device. When a device manufacturer applies for a batch of production resources of a device, the device manufacturer can specify an account number of a user of the request end device, and the account number can be expressed as that the device manufacturer will entrust the request end corresponding to the account number to produce the batch of the device, and meanwhile, the account number of the specified request end device has the authority to apply for the batch of the production resources of the device. The system of the cloud end equipment for distributing the production resources adds permission to the account, so that the user account of the request end equipment can acquire the production resources applied by the equipment manufacturer.
As shown above, the architecture of the system for allocating production resources is shown in fig. 4, wherein the system includes an interface module 101, a database module 102, a resource generation module 401, an identity authentication module 402, a log monitoring module 403, and a data statistics module 404. The interface module 101 may be used for data transmission to external devices, providing a remote invocation scheme for connection and use by the requesting device. The database module 102 may be used to securely store production resources for devices to be produced and may use the device identification information to retrieve the generated production resources. The resource generation module 401 is used to generate production resources. The identity authentication module 402 is configured to authenticate identities of the requesting devices, distinguish user rights of the requesting devices, and implement a legal user access mechanism. The log monitoring module 403 is configured to record the running states of the modules, and alarm when suspicious behaviors are found, for example, an attempt of illegal login, the interface module 101 is subject to DoS attack (Denial of Service, denial of service attack), and the like. The data statistics module 404 is configured to record the application and usage of the production resources, and may be displayed as a visual chart.
Referring to fig. 5, fig. 5 is a flowchart illustrating a method for transmitting a production resource according to an exemplary embodiment, and as shown in fig. 5, the method for transmitting a production resource is applied to a system for allocating a production resource provided in the present disclosure, the system for allocating a production resource is provided in a cloud device, and the method for transmitting a production resource includes the following steps.
In step S501, a production resource request instruction sent by a requesting device is received, where the production resource request instruction includes device identification information of a target device to be produced.
In step S502, a target production resource required for producing the target device is determined based on the device identification information, the target production resource being generated and stored by the system for allocating production resources.
In step S503, the target production resource is transmitted to the requesting device.
In the embodiment of the present disclosure, the system for allocating production resources in the cloud device may determine, according to a production resource request instruction sent by the request end device, a target production resource required for producing the target device by using device identification information of the target device to be produced included in the production resource request instruction, and send the target production resource to the request end device, so that the request end device may obtain the target production resource for producing the target device. Therefore, when the target equipment does not have the safe storage area for backing up the production resources, the system for distributing the production resources is used for generating and storing the target production resources, if the private key is accidentally erased, the target production resources corresponding to the target equipment can be found out from the cloud equipment again according to the equipment identification information of the target equipment, and therefore the requirement of recovering the target production resources corresponding to the target equipment after the private key of the target equipment is accidentally erased is met.
As an alternative embodiment, determining a target production resource required for producing the target device according to the device identification information includes:
determining whether equipment identification information exists in the resource generation record;
under the condition that equipment identification information exists in the resource generation record, taking a historical production resource corresponding to the equipment identification information as a target production resource; the resource generation record stores equipment identification information corresponding to the historical production resources generated by the system for distributing the production resources of the cloud equipment.
As an alternative embodiment, the method further comprises:
and when the equipment identification information does not exist in the resource generation record, generating a new production resource as a target production resource, and storing the target production resource and the equipment identification information corresponding to the target production resource in the resource generation record.
As an alternative embodiment, the method further comprises:
generating a check value according to the equipment identification information of the target equipment and the newly generated target production resource under the condition that the equipment identification information does not exist in the resource generation record, wherein the check value is used for checking the target production resource by the request terminal equipment;
and sending the check value to the request terminal equipment so that the request terminal equipment checks the target production resource according to the check value and stores the target production resource after the check value passes.
For example, when the equipment identification information does not exist in the resource generation record, generating a new production resource, and generating a check value corresponding to the production resource, wherein the check value is used for confirming the authenticity and credibility of the identity, qualification or credit of the cloud equipment for generating the certificate.
As an optional embodiment, historical production resources of a plurality of devices are respectively stored in a plurality of isolated storage areas of the cloud device;
when the equipment identification information exists in the resource generation record, taking the historical production resource corresponding to the equipment identification information as a target production resource, wherein the method comprises the following steps:
and under the condition that the equipment identification information exists in the resource generation record, determining a target isolation storage area from a plurality of isolation storage areas according to the equipment identification information, and taking the historical production resource corresponding to the equipment identification information in the target isolation storage area as a target production resource.
As an alternative embodiment, before receiving the production resource request instruction sent by the requesting end device, the method further includes:
receiving identity verification information sent by a request terminal device, and authenticating the identity verification information;
and after the authentication of the authentication information is passed, transmitting equipment group information corresponding to the authentication information to the request terminal equipment, so that the request terminal equipment transmits a production resource request instruction according to the equipment group information, wherein the equipment group information is used for representing the equipment type of the request terminal equipment which is determined according to the authority information of the authentication information and can apply for production resources.
As an optional implementation manner, referring to a flow chart of a request end device obtaining a production resource from a cloud end device shown in fig. 6, a factor Client program is carried in the request end device, and the production resource applied by a device manufacturer can be obtained through the Client program agent.
Specifically, the process of obtaining the production resource from the cloud device by the request end device includes that a user of the request end device inputs an account number and a password of the user through a factor Client program to log in a system of the cloud device for distributing the production resource, authentication of authentication information is performed, and after the authentication of the system for distributing the production resource is passed, a cookie, enterprise group_id and product group_id list information of the enterprise group to which the account number belongs are returned. And the user selects enterprise group_id, equipment category group product_id and cookie corresponding to the production resource of the target equipment in the factor Client program, wherein the cookie is data which is used for identity authentication and is stored in the cloud equipment locally, so that the corresponding equipment type and the equipment manufacturer information of the target equipment to be produced are obtained. When a system for distributing production resources receives a production resource request instruction requesting equipment certificates and private keys thereof, a resource generation record is searched according to the MAC address of target equipment. If the MAC address exists in the resource generation record, the historical production resource corresponding to the MAC address is returned to the Factory Client program as the target production resource of the target equipment, and is transmitted to the MES system (Manufacturing Execution System ) of the request end through the intranet. If the historical production resource is not generated for the MAC address, generating a new production resource, backing up the new production resource to a database of the cloud end equipment, returning the new production resource to be the target production resource of the target equipment, returning the equipment MAC address and the check value, checking the check value by the request end equipment, and storing the target production resource into an MES system of the request end after the check is passed. The method for logging into the cloud device by the factor Client program for allocating the system for producing the resource may be stateless HTTPS.
For example, to be compatible with the actual situations of different request end devices, the following three methods exist for interacting the Factory Client program with the MES system.
In one approach, the factor Client program opens a localhost Server, provides an HTTP interface to the MES system, and loads the device certificate and its private key in the HTTP return value in HexString code.
In another approach, the factor Client program communicates with the MES system using an inter-process PIPE (PIPE), and the message uses a JSON (JavaScript Object Notation) format.
In yet another manner, the factor Client program stores the received device certificate and its private key in a binary file in a local directory, and the requesting end user transfers the production resources of the device through a removable medium such as a hard disk, an optical disk, etc., and imports the production resources into the MES system.
In the embodiment of the disclosure, three interaction methods of the factor Client program and the MES system are provided, so that the system adaptation cost of the request terminal equipment is reduced, and meanwhile, the management cost is also reduced.
Fig. 7 is a flowchart illustrating another transmission method of a production resource according to an exemplary embodiment, and the transmission method of the production resource is used in a request end device, as shown in fig. 7, and includes the following steps.
In step S701, a production resource request instruction is sent to a cloud device, where the production resource request instruction includes device identification information of a target device to be produced, and the production resource request instruction is used to trigger the cloud device to determine a target production resource required for producing the target device according to the device identification information, and send the target production resource to a request end device, where the target production resource is generated and stored by the cloud device;
in step S701, a target production resource sent by a cloud device is received.
The cloud device generates and stores a target production resource, and the request end device sends a production resource request instruction to the cloud device after receiving a device order issued by the device manufacturer, wherein the production resource request instruction comprises device identification information of the batch of devices, and can extract the batch of device production resources from the cloud device. When the private key of the target equipment of the batch of equipment is accidentally erased, the request end equipment sends a production resource request instruction containing the equipment identification information of the target equipment to the cloud end equipment, and the cloud end equipment determines target production resources required by producing the target equipment according to the equipment identification information and sends the target production resources to the request end equipment. The structure and method process in which the cloud device generates and stores the production resource, and determines the target production resource of the target device according to the device identification information are described in detail in the above embodiments of the system for allocating the production resource, and in particular, reference to the above embodiments will not be repeated herein.
In the embodiment of the disclosure, the system for allocating production resources is disposed in the cloud device, and the database module of the system can provide a secure storage area for the production resources of the internet of things device. When the target equipment to be produced does not have the safe storage area, if the private key of the target equipment is accidentally erased, a production resource request instruction sent by the request end equipment for the target equipment can be received through the interface module, equipment identification information in the production resource request instruction is used as an index through the database module, and the target production resource of the target equipment is determined from the production resources stored in the database module, so that the request end equipment can find the target production resource of the target equipment again from a system for distributing the production resources, and the requirement of recovering the production resources of the target equipment after the private key of the target equipment is accidentally erased is met.
As an optional embodiment, the target production resource is a new production resource generated when no production resource corresponding to the device identification information exists in the resource generation record of the cloud device, and the method further includes:
receiving a check value sent by the cloud device, wherein the check value is generated by the cloud device according to the device identification information of the target device and the new production resource under the condition that the production resource corresponding to the device identification information does not exist in the resource generation record;
And checking the target production resource according to the check value, and storing the target production resource after the check value passes.
As an optional embodiment, before sending the production resource request instruction to the cloud device, the method further includes:
the method comprises the steps of sending identity verification information to cloud equipment, so that the cloud equipment authenticates the identity verification information;
receiving equipment group information corresponding to the identity verification information, wherein the equipment group information is sent to the request terminal equipment by the cloud terminal equipment after the identity verification information passes authentication, and the equipment group information is used for representing equipment types of the request terminal equipment which are determined according to authority information of the identity verification information and can apply for production resources;
sending a production resource request instruction to cloud equipment, including:
and sending a production resource request instruction to the cloud device according to the device group information.
Fig. 8 is a block diagram illustrating a transmission apparatus for manufacturing resources according to an exemplary embodiment. Referring to fig. 8, the transmission apparatus 800 for production resources is applied to a requesting device, and includes a first transmitting module 810 and a first receiving module 820.
The first sending module 810 is configured to send a production resource request instruction to the cloud device, where the production resource request instruction includes device identification information of a target device to be produced, and the production resource request instruction is used to trigger the cloud device to determine, according to the device identification information, a target production resource required for producing the target device, and send the target production resource to the requesting device, where the target production resource is generated and stored by the cloud device;
The first receiving module 820 is configured to receive a target production resource sent by the cloud device.
As an optional embodiment, the target production resource is a new production resource generated when no production resource corresponding to the device identification information exists in the resource generation record of the cloud device, and the transmission apparatus 800 of the production resource further includes:
the second receiving module is configured to receive a check value sent by the cloud device, wherein the check value is generated by the cloud device according to the device identification information of the target device and the new production resource under the condition that the production resource corresponding to the device identification information does not exist in the resource generation record;
and the storage module is configured to verify the target production resource according to the verification value and store the target production resource after the verification is passed.
As an alternative embodiment, the transmission device 800 for production resources further includes:
the second sending module is configured to send the identity verification information to the cloud device so that the cloud device can authenticate the identity verification information;
the third receiving module is configured to receive equipment group information corresponding to the identity verification information, wherein the equipment group information is sent to the request terminal equipment by the cloud terminal equipment after the identity verification information passes authentication, and the equipment group information is used for representing equipment types of the request terminal equipment which are determined according to the authority information of the identity verification information and can apply for production resources;
The first receiving module 820 is specifically configured to:
and sending a production resource request instruction to the cloud device according to the device group information.
With respect to the transmission apparatus 800 for production resources applied to a request terminal device in the above-described embodiment, a specific manner in which each module performs an operation has been described in detail in the embodiment regarding the transmission method for production resources applied to a request terminal device, and will not be described in detail herein.
The present disclosure also provides a computer-readable storage medium having stored thereon computer program instructions that, when executed by a processor, implement a method for transmitting a production resource provided by the present disclosure that is applied to the above-mentioned system for allocating a production resource, or implement a method for transmitting a production resource provided by the present disclosure that is applied to a requesting device.
The disclosure also provides cloud equipment, which comprises the system for distributing production resources provided by the embodiment of the disclosure.
The present disclosure also provides a request terminal device, including:
a storage device having a computer program stored thereon;
processing means for executing the computer program in the storage means to implement the transmission method of the production resource applied to the requesting device as provided in the present disclosure.
Fig. 9 is a block diagram illustrating an apparatus 900 for transmitting production resources according to an example embodiment. The apparatus 900 for transmitting the production resource may be the above-mentioned request end device or the above-mentioned cloud end device. For example, the means 900 for transmitting the production resource may be a mobile phone, a computer, etc.
Referring to fig. 9, an apparatus 900 for transferring production resources may include one or more of the following components: a first processing component 902, a first memory 904, a first power component 906, a multimedia component 908, an audio component 910, a first input/output interface 912, a sensor component 914, and a communication component 916.
The first processing component 902 generally controls overall operations of the apparatus 900, such as operations associated with display, telephone calls, data communications, camera operations, and recording operations. The first processing component 902 may include one or more first processors 920 to execute instructions to perform all or part of the steps of the transmission method of production resources applied to the cloud device and/or the requesting device. Further, the first processing component 902 may include one or more modules that facilitate interactions between the first processing component 902 and other components. For example, the first processing component 902 can include a multimedia module to facilitate interaction between the multimedia component 908 and the first processing component 902.
The first memory 904 is configured to store various types of data to support the operation of the apparatus 900 in transmitting production resources. Examples of such data include instructions for any application or method operating on the device 900 that transmits the production resource, contact data, phonebook data, messages, pictures, video, and the like. The first memory 904 may be implemented by any type of volatile or non-volatile memory device or combination thereof, such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disk.
The first power supply component 906 provides power to the various components of the apparatus 900 that transport the production resources. The first power component 906 can include a power management system, one or more power sources, and other components associated with generating, managing, and distributing power for the apparatus 900 that transports the production resources.
The multimedia component 908 comprises a screen providing an output interface between the device 900 transmitting the production resource and the user. In some embodiments, the screen may include a Liquid Crystal Display (LCD) and a Touch Panel (TP). If the screen includes a touch panel, the screen may be implemented as a touch screen to receive input signals from a user. The touch panel includes one or more touch sensors to sense touches, swipes, and gestures on the touch panel. The touch sensor may sense not only the boundary of a touch or slide action, but also the duration and pressure associated with the touch or slide operation. In some embodiments, the multimedia component 908 includes a front-facing camera and/or a rear-facing camera. When the apparatus 900 for transmitting production resources is in an operation mode, such as a photographing mode or a video mode, the front camera and/or the rear camera may receive external multimedia data. Each front camera and rear camera may be a fixed optical lens system or have focal length and optical zoom capabilities.
The audio component 910 is configured to output and/or input audio signals. For example, the audio component 910 includes a Microphone (MIC) configured to receive external audio signals when the device 900 is in an operational mode, such as a call mode, a recording mode, and a voice recognition mode. The received audio signals may be further stored in the first memory 904 or transmitted via the communication component 916. In some embodiments, the audio component 910 further includes a speaker for outputting audio signals.
The first input/output interface 912 provides an interface between the first processing component 902 and a peripheral interface module, which may be a keyboard, click wheel, button, or the like. These buttons may include, but are not limited to: homepage button, volume button, start button, and lock button.
The sensor assembly 914 includes one or more sensors for providing status assessment of various aspects of the apparatus 900 for transporting production resources. For example, the sensor assembly 914 may detect the on/off status of the device 900 transporting the production resource, the relative positioning of the assemblies, such as the display and keypad of the device 900, the sensor assembly 914 may also detect a change in position of the device 900 transporting the production resource or a component of the device 900 transporting the production resource, the presence or absence of a user's contact with the device 900 transporting the production resource, the orientation or acceleration/deceleration of the device 900 transporting the production resource, and a change in temperature of the device 900 transporting the production resource. The sensor assembly 914 may include a proximity sensor configured to detect the presence of nearby objects without any physical contact. The sensor assembly 914 may also include a light sensor, such as a CMOS or CCD image sensor, for use in imaging applications. In some embodiments, the sensor assembly 914 may also include an acceleration sensor, a gyroscopic sensor, a magnetic sensor, a pressure sensor, or a temperature sensor.
The communication component 916 is configured to facilitate communication in a wired or wireless manner between the apparatus 900 and other devices that transmit production resources. The device 900 transmitting the production resources may access a wireless network based on a communication standard, such as WiFi,2G or 3G, or a combination thereof. In one exemplary embodiment, the communication component 916 receives broadcast signals or broadcast-related information from an external broadcast management system via a broadcast channel. In one exemplary embodiment, the communication component 916 further includes a Near Field Communication (NFC) module to facilitate short range communications. For example, the NFC module may be implemented based on Radio Frequency Identification (RFID) technology, infrared data association (IrDA) technology, ultra Wideband (UWB) technology, bluetooth (BT) technology, and other technologies.
In an exemplary embodiment, the apparatus 900 for transmitting a production resource may be implemented by one or more Application Specific Integrated Circuits (ASICs), digital Signal Processors (DSPs), digital Signal Processing Devices (DSPDs), programmable Logic Devices (PLDs), field Programmable Gate Arrays (FPGAs), controllers, microcontrollers, microprocessors, or other electronic elements for performing the above-described transmission method of a production resource applied to a cloud device and/or a requesting device.
In an exemplary embodiment, a non-transitory computer readable storage medium is also provided, such as a first memory 904 including instructions executable by the first processor 920 of the apparatus 900 for transmitting production resources to complete the above-described transmission method of production resources applied to the cloud device and/or the requesting device. For example, the non-transitory computer readable storage medium may be ROM, random Access Memory (RAM), CD-ROM, magnetic tape, floppy disk, optical data storage device, etc.
In another exemplary embodiment, a computer program product is also provided, comprising a computer program executable by a programmable apparatus, the computer program having code portions for performing the above-mentioned transmission method applied to the production resources of the cloud device and/or the requesting device when executed by the programmable apparatus.
Fig. 10 is a block diagram illustrating an apparatus 1000 for transmitting production resources, according to an example embodiment. For example, the apparatus 1000 may be provided as a server. Referring to fig. 10, the apparatus 1000 includes a second processing component 1022 that further includes one or more processors, and memory resources represented by a second memory 1032, for storing instructions, such as applications, executable by the second processing component 1022. The application program stored in the second memory 1032 may include one or more modules each corresponding to a set of instructions. In addition, the second processing component 1022 is configured to execute instructions to perform the above-described transmission method of the production resource applied to the cloud device and/or the requesting device.
The apparatus 1000 may also include a second power supply component 1026 configured to perform power management of the apparatus 1000, a wired or wireless network interface 1050 configured to connect the apparatus 1000 to a network, and a second input/output interface 1058. The apparatus 1000 may operate based on an operating system stored in memory 1032, such as Windows Server TM ,Mac OS X TM ,Unix TM , Linux TM ,FreeBSD TM Or the like.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure. This application is intended to cover any adaptations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.
It is to be understood that the present disclosure is not limited to the precise arrangements and instrumentalities shown in the drawings, and that various modifications and changes may be effected without departing from the scope thereof. The scope of the present disclosure is limited only by the appended claims.

Claims (13)

1. A system for allocating production resources, the system disposed in a cloud device, comprising:
The interface module is configured to receive a production resource request instruction sent by the request end equipment, wherein the production resource request instruction comprises equipment identification information of target equipment to be produced;
a database module configured to store production resources and to determine target production resources required to produce the target device based on the device identification information;
the interface module is further configured to send the target production resource to the requesting device;
the database module comprises:
a secondary certificate storage area configured to store secondary certificates corresponding to different device types in an isolated manner, the secondary certificate corresponding to each device type being used to generate a production resource corresponding to the device type;
the system further comprises:
the resource generation module is configured to generate a new production resource according to the secondary certificate storage area and the equipment type of the target equipment under the condition that the equipment identification information does not exist in a resource generation record, and the new production resource is stored in the database module, wherein the resource generation record stores the equipment identification information corresponding to the historical production resource generated by the cloud equipment;
The database module is further configured to determine the new production resource as the target production resource.
2. The system of claim 1, wherein the system further comprises a controller configured to control the controller,
and the database module is further configured to determine the historical production resource corresponding to the equipment identification information as the target production resource under the condition that the equipment identification information exists in a resource generation record, wherein the resource generation record stores the equipment identification information corresponding to the historical production resource generated by the cloud equipment.
3. The system of claim 1, wherein the system further comprises a controller configured to control the controller,
the resource generating module is further configured to generate a check value according to the equipment identification information and the new production resource when the equipment identification information does not exist in the resource generating record, wherein the check value is used for checking the target production resource by the request terminal equipment;
the interface module is further configured to send the check value to the request end device, so that the request end device checks the target production resource according to the check value, and stores the target production resource after the check value passes.
4. The system of claim 1, wherein the system further comprises a controller configured to control the controller,
the resource generating module is further configured to determine a target secondary certificate storage area corresponding to a device type to which the target device belongs, and generate the new production resource according to the secondary certificate in the target secondary certificate storage area, if the device identification information does not exist in the resource generating record.
5. The system of claim 1, wherein the system further comprises a controller configured to control the controller,
the resource generation module is further configured to issue a new secondary certificate and generate the new production resource according to the new secondary certificate when the device identification information does not exist in the resource generation record and the device type of the target device does not exist in the secondary certificate storage area.
6. The system of claim 4 or 5, wherein the database module further comprises:
and a root certificate storage area configured to store a root certificate of the system for allocating production resources, the root certificate being used to generate secondary certificates corresponding to the different device types.
7. The system of any one of claims 1-5, wherein the database module comprises:
The resource storage area is configured to store historical production resources which correspond to different equipment types and have ownership of different subjects in an isolated manner;
and the inquiring sub-module is configured to determine a target storage area from the resource storage area according to the equipment identification information, and determine the historical production resource corresponding to the equipment identification information in the target storage area as the target production resource.
8. The system of any one of claims 1-5, wherein the system further comprises:
the identity authentication module is configured to receive the identity authentication information sent by the request terminal equipment and authenticate the identity authentication information; and after the authentication of the authentication information is passed, transmitting equipment group information corresponding to the authentication information to the request end equipment, so that the request end equipment transmits the production resource request instruction according to the equipment group information, wherein the equipment group information is used for representing the equipment type of the request end equipment which can apply for production resources and is determined according to the authority information of the authentication information.
9. A transmission method of production resources, applied to the system for allocating production resources according to any one of claims 1 to 8, wherein the system for allocating production resources is disposed in a cloud device, and includes:
Receiving a production resource request instruction sent by a request end device, wherein the production resource request instruction comprises device identification information of target devices to be produced;
determining a target production resource required for producing the target device according to the device identification information, wherein the target production resource is generated and stored by a system for distributing the production resource;
transmitting the target production resource to the request end equipment;
determining, according to the device identification information, a target production resource required for producing the target device, including:
generating a new production resource according to a secondary certificate storage area and the equipment type of the target equipment under the condition that the equipment identification information does not exist in a resource generation record, wherein the resource generation record stores equipment identification information corresponding to historical production resources generated by the system for distributing the production resource, the secondary certificate storage area is configured to store secondary certificates corresponding to different equipment types in an isolated mode, and the secondary certificate corresponding to each equipment type is used for generating the production resource corresponding to the equipment type;
and determining the new production resource as the target production resource.
10. A method for transmitting production resources, applied to a requesting device, comprising:
a production resource request instruction is sent to a cloud device, the production resource request instruction comprises device identification information of target devices to be produced, the production resource request instruction is used for triggering the cloud device to determine target production resources required by producing the target devices according to the device identification information, and the target production resources are sent to the request terminal device, wherein the target production resources are generated and stored by the cloud device; wherein the determining, according to the device identification information, a target production resource required for producing the target device includes: generating a new production resource according to a secondary certificate storage area and the equipment type of the target equipment under the condition that the equipment identification information does not exist in a resource generation record, wherein the resource generation record stores the equipment identification information corresponding to the historical production resource generated by the cloud equipment, the secondary certificate storage area is configured to store secondary certificates corresponding to different equipment types in an isolated mode, and the secondary certificate corresponding to each equipment type is used for generating the production resource corresponding to the equipment type; determining the new production resource as the target production resource;
And receiving the target production resource sent by the cloud device.
11. A computer readable storage medium having stored thereon computer program instructions, which when executed by a processor, implement the method of transmission of production resources according to claim 9 or implement the method of transmission of production resources according to claim 10.
12. Cloud device comprising a system for allocating production resources according to any of claims 1-8.
13. A requesting device, comprising:
a storage device having a computer program stored thereon;
processing means for executing said computer program in said storage means to implement the method of transmission of production resources according to claim 10.
CN202310956712.XA 2023-07-31 2023-07-31 System for allocating production resources, transmission method and equipment for production resources Active CN116668201B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310956712.XA CN116668201B (en) 2023-07-31 2023-07-31 System for allocating production resources, transmission method and equipment for production resources

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310956712.XA CN116668201B (en) 2023-07-31 2023-07-31 System for allocating production resources, transmission method and equipment for production resources

Publications (2)

Publication Number Publication Date
CN116668201A CN116668201A (en) 2023-08-29
CN116668201B true CN116668201B (en) 2023-10-20

Family

ID=87721076

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310956712.XA Active CN116668201B (en) 2023-07-31 2023-07-31 System for allocating production resources, transmission method and equipment for production resources

Country Status (1)

Country Link
CN (1) CN116668201B (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101688812B1 (en) * 2016-04-18 2016-12-22 (주)케이사인 Method and system of authorizing/managing iot device based on owner's authorization server
CN109361753A (en) * 2018-11-02 2019-02-19 上海帆尚行科技有限公司 A kind of Internet of things system framework and encryption method
CN111010410A (en) * 2020-03-09 2020-04-14 南京红阵网络安全技术研究院有限公司 Mimicry defense system based on certificate identity authentication and certificate signing and issuing method
KR20200120563A (en) * 2019-04-12 2020-10-21 (주)한국공인인증서비스 METHOD FOR ISSUING TEMPORAY CERTIFICATE FOR IoT DEVICE
CN111953683A (en) * 2020-08-12 2020-11-17 相舆科技(上海)有限公司 Equipment authentication method, device, storage medium and authentication system
CN112187470A (en) * 2020-09-22 2021-01-05 青岛海尔科技有限公司 Internet of things certificate distribution method, device and system, storage medium and electronic device
WO2022170821A1 (en) * 2021-02-10 2022-08-18 华为技术有限公司 Service certificate management method and apparatus, system, and electronic device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20230188361A1 (en) * 2021-12-13 2023-06-15 Gm Cruise Holdings Llc Certificate revocation and management for autonomous vehicles

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101688812B1 (en) * 2016-04-18 2016-12-22 (주)케이사인 Method and system of authorizing/managing iot device based on owner's authorization server
CN109361753A (en) * 2018-11-02 2019-02-19 上海帆尚行科技有限公司 A kind of Internet of things system framework and encryption method
KR20200120563A (en) * 2019-04-12 2020-10-21 (주)한국공인인증서비스 METHOD FOR ISSUING TEMPORAY CERTIFICATE FOR IoT DEVICE
CN111010410A (en) * 2020-03-09 2020-04-14 南京红阵网络安全技术研究院有限公司 Mimicry defense system based on certificate identity authentication and certificate signing and issuing method
CN111953683A (en) * 2020-08-12 2020-11-17 相舆科技(上海)有限公司 Equipment authentication method, device, storage medium and authentication system
CN112187470A (en) * 2020-09-22 2021-01-05 青岛海尔科技有限公司 Internet of things certificate distribution method, device and system, storage medium and electronic device
WO2022170821A1 (en) * 2021-02-10 2022-08-18 华为技术有限公司 Service certificate management method and apparatus, system, and electronic device

Also Published As

Publication number Publication date
CN116668201A (en) 2023-08-29

Similar Documents

Publication Publication Date Title
EP3657370B1 (en) Methods and devices for authenticating smart card
KR102375777B1 (en) Payment authentication method, device and system for on-board terminal
EP3001640B1 (en) Secure information exchange methods and wearable device
EA036987B1 (en) Systems and methods for device authentication
US20090037728A1 (en) Authentication System, CE Device, Mobile Terminal, Key Certificate Issuing Station, And Key Certificate Acquisition Method
CN107682160B (en) Authentication method and device for production equipment and electronic equipment
CN113242224B (en) Authorization method and device, electronic equipment and storage medium
CN111628871B (en) Block chain transaction processing method and device, electronic equipment and storage medium
CN110611657A (en) File stream processing method, device and system based on block chain
CN104158659B (en) Anti-counterfeit authentication method, device and system
CN111488596A (en) Data processing permission verification method and device, electronic equipment and storage medium
CN112202770B (en) Device networking method and device, device and storage medium
CN105791309A (en) Method, device and system for executing business processing
CN104702580A (en) Multi-communication-channel authentication authorization platform system and method
CN111917728A (en) Password verification method and device
EP3261317B1 (en) Authentication system, communication system, and authentication and authorization method
CN114218510A (en) Service page display method, device and equipment
CN117879814A (en) Vehicle key sharing method, device and storage medium
CN113055169B (en) Data encryption method and device, electronic equipment and storage medium
CN114221764A (en) Public key updating method, device and equipment based on block chain
CN114095180A (en) Digital certificate management method, apparatus and medium
CN114040411A (en) Equipment binding method and device, electronic equipment and storage medium
CN113506108A (en) Account management method, device, terminal and storage medium
CN112087411B (en) System, method and device for authorization processing and electronic equipment
CN116668201B (en) System for allocating production resources, transmission method and equipment for production resources

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant