CN117857180A - Edge node authorization method, equipment and medium - Google Patents
Edge node authorization method, equipment and medium Download PDFInfo
- Publication number
- CN117857180A CN117857180A CN202410029072.2A CN202410029072A CN117857180A CN 117857180 A CN117857180 A CN 117857180A CN 202410029072 A CN202410029072 A CN 202410029072A CN 117857180 A CN117857180 A CN 117857180A
- Authority
- CN
- China
- Prior art keywords
- edge node
- edge
- unique identifier
- authorization
- cloud platform
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000013475 authorization Methods 0.000 title claims abstract description 130
- 238000000034 method Methods 0.000 title claims abstract description 50
- 238000012795 verification Methods 0.000 claims description 14
- 238000003860 storage Methods 0.000 claims description 12
- 238000012790 confirmation Methods 0.000 claims description 6
- 238000010586 diagram Methods 0.000 description 8
- 238000004590 computer program Methods 0.000 description 7
- 238000007726 management method Methods 0.000 description 7
- 230000008569 process Effects 0.000 description 5
- 230000009286 beneficial effect Effects 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 4
- 238000009826 distribution Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 238000012545 processing Methods 0.000 description 4
- 230000000694 effects Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000013523 data management Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000007774 longterm Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The application discloses an edge node authorization method, equipment and a medium, wherein the method comprises the following steps: the cloud platform receives an identifier registration request uploaded by an edge node, generates a unique identifier for the edge node, and sends the unique identifier to the edge node; receiving an authorization request uploaded by an edge node, and analyzing the authorization request to obtain a unique identifier to be checked; comparing the unique identifier with the unique identifier to be checked; if the comparison is consistent, determining that the unique identification to be checked passes the check; generating an edge authorization encryption file of the edge node through an asymmetric encryption algorithm and the unique identifier; and sending the edge authorization encryption file to the edge node to authorize the edge node. The unique identifier of the edge node is generated by the cloud platform, the edge node does not need to acquire the unique identifier in a mode of acquiring the hardware identifier, the edge node automatically sends an authorization request to the cloud platform, the edge node completes automatic authorization, and the edge node can be effectively and efficiently authorized.
Description
Technical Field
The present disclosure relates to the field of computer technologies, and in particular, to a method, an apparatus, and a medium for authorizing an edge node.
Background
In the field of the Internet of things, cloud edge cooperative technology is applied on a large scale. The cloud platform cloud computing system is mainly characterized in that a cloud platform is deployed at a cloud end, and a plurality of edge nodes are deployed at an edge end close to equipment. The cloud platform is mainly used for carrying out resource management, message management and data management on the edge nodes. In the actual application scene, the deployment instance of the edge node needs to be authorized and managed, so that the use and registration of the unauthorized instance to the cloud platform are prevented.
At present, a unique hardware identifier of a deployment server is obtained through an edge node, the unique hardware identifier is sent to a cloud platform, and the cloud platform generates an edge authorization file used by the edge node based on the unique hardware identifier. After the edge node acquires the edge authorization file, the edge authorization file is loaded, and whether the unique identifier contained in the edge authorization file is matched with the hardware information or not is checked when the edge node is started, and the edge node can work normally only when the unique identifier is matched with the hardware information.
However, the hardware identifier is acquired and verified by the edge node, and the cloud platform cannot acquire the hardware identifier, so that verification and use of the edge certificate cannot be effectively managed. When an edge node is deployed in a container platform (e.g., kubernetes, k3s, etc.), a service that obtains hardware information may drift over multiple hardware resources, while considering that server resources of the edge node may be dynamically scaled, all hardware resources cannot be enumerated. Therefore, the edge platform generates the hardware identifier by acquiring the hardware unique identifier, which results in failure to authorize the edge node efficiently and accurately.
Disclosure of Invention
The embodiment of the application provides an edge node authorization method, equipment and medium, which are used for solving the problem that an edge node cannot be authorized efficiently and accurately.
The embodiment of the application adopts the following technical scheme:
in one aspect, an embodiment of the present application provides an edge node authorization method, where the method includes: the cloud platform receives an identifier registration request uploaded by an edge node, generates a unique identifier for the edge node, and sends the unique identifier to the edge node; receiving an authorization request uploaded by the edge node, and analyzing the authorization request to obtain a unique identifier to be checked; comparing the unique identifier with the unique identifier to be verified; if the comparison is consistent, determining that the unique identification to be checked passes the check; generating an edge authorization encryption file of the edge node through an asymmetric encryption algorithm and the unique identifier; and sending the edge authorization encryption file to the edge node to authorize the edge node.
In one example, the generating the edge authorization encrypted file of the edge node by the asymmetric encryption algorithm and the unique identifier specifically includes: the cloud platform acquires an edge authorization file of the edge node;
encrypting the edge authorization file through a private key of an asymmetric encryption algorithm to generate an edge authorization encryption character string; and inserting the generation time stamp, the failure time stamp and the unique identifier of the edge authorization file into the edge authorization encryption character string to generate the edge authorization encryption file.
In one example, after the sending the edge authorization encrypted file to the edge node, the method further includes: the edge node decrypts the edge authorization encrypted file through the public key of the asymmetric encryption algorithm to obtain the generation time stamp, the failure time stamp and the unique identifier; comparing the unique identifier with the unique identifier distributed by the cloud platform; if the comparison is consistent, judging whether the failure time stamp is later than the current verification time; if yes, the edge authorization encryption file is determined to be a valid edge authorization encryption file, the generation time stamp, the failure time stamp and the unique identifier are output to a database, and the edge node is determined to be successfully started.
In one example, after the determining that the edge node is started successfully, the method further includes: the edge node calculates the time difference between the current verification time and the failure time stamp in the database in a preset period; if the time difference value is smaller than a preset time threshold value, determining that the authorization valid period of the edge node is insufficient; and uploading a new authorization request to the cloud platform again to acquire an updated edge authorization encryption file.
In one example, after the determining that the edge node is started successfully, the method further includes: the edge node receives a query operation request; acquiring the failure time stamp and the unique identifier from the database; comparing the unique identifier with the unique identifier distributed by the cloud platform; if the comparison is consistent, judging whether the failure time stamp is later than the current query time; if yes, determining that the query operation request passes verification, and allowing the query operation request to be executed.
In one example, the generating the unique identifier for the edge node specifically includes: the cloud platform searches whether the registration record information of the edge node exists or not from the identification registration record information; if yes, judging whether the edge node is registered or not according to the registration record information; if not, randomly selecting an identification code from the code database, and determining the identification code as the unique identification of the edge node.
In one example, the method further comprises: if the edge node is registered, the cloud platform acquires the registration time of the edge node; and generating repeated registration notification information of the edge node according to the registration time, and sending the repeated registration notification information to a management user terminal of the edge node.
In one example, the method further comprises: if the unique identifier is inconsistent with the identifier to be verified in comparison, the cloud platform generates confirmation information of the unique identifier to be verified, and sends the confirmation information to the edge node so as to confirm whether the identifier to be verified is in an authorization request uploaded by the edge node or not to the edge node; if yes, determining the edge node as an illegal authorized node, and outputting the edge node to a blacklist; if not, determining that the authorization request of the edge node is illegally tampered, generating illegal tampering information of the authorization request, and sending the illegal tampering information to the edge node.
In another aspect, an embodiment of the present application provides an edge node authorization device, applied to a cloud platform, including: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to: receiving an identifier registration request uploaded by an edge node, generating a unique identifier for the edge node, and sending the unique identifier to the edge node; receiving an authorization request uploaded by the edge node, and analyzing the authorization request to obtain a unique identifier to be checked; comparing the unique identifier with the unique identifier to be verified; if the comparison is consistent, determining that the unique identification to be checked passes the check; generating an edge authorization encryption file of the edge node through an asymmetric encryption algorithm and the unique identifier; and sending the edge authorization encryption file to the edge node to authorize the edge node.
In another aspect, an embodiment of the present application provides an edge node-authorized non-volatile computer storage medium storing computer-executable instructions for application to a cloud platform, the computer-executable instructions configured to: receiving an identifier registration request uploaded by an edge node, generating a unique identifier for the edge node, and sending the unique identifier to the edge node; receiving an authorization request uploaded by the edge node, and analyzing the authorization request to obtain a unique identifier to be checked; comparing the unique identifier with the unique identifier to be verified; if the comparison is consistent, determining that the unique identification to be checked passes the check; generating an edge authorization encryption file of the edge node through an asymmetric encryption algorithm and the unique identifier; and sending the edge authorization encryption file to the edge node to authorize the edge node.
The above-mentioned at least one technical scheme that this application embodiment adopted can reach following beneficial effect:
the unique identifier of the edge node is generated by the cloud platform, the edge node does not need to acquire the unique identifier in a mode of acquiring the hardware identifier, the edge node automatically transmits an authorization request to the cloud platform, after the unique identifier of the edge node passes verification, the cloud platform can ensure that the edge node is a legal edge node, so that an edge authorization encrypted file is continuously transmitted to the edge node, the edge node is automatically authorized, and finally the edge node can be effectively and efficiently authorized.
Drawings
In order to more clearly illustrate the technical solutions of the present application, some embodiments of the present application will be described in detail below with reference to the accompanying drawings, in which:
fig. 1 is a flow chart of an edge node authorization method provided in an embodiment of the present application;
fig. 2 is a schematic structural diagram of an edge node authorization device according to an embodiment of the present application.
Detailed Description
For the purposes, technical solutions and advantages of the present application, the technical solutions of the present application will be clearly and completely described below with reference to specific embodiments and corresponding drawings. It will be apparent that the described embodiments are only some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present disclosure.
Some embodiments of the present application are described in detail below with reference to the accompanying drawings.
Fig. 1 is a flow chart of an edge node authorization method according to an embodiment of the present application. The method can be applied to different business fields, such as the internet financial business field, the electric business field, the instant messaging business field, the game business field, the public business field and the like. Some of the input parameters or intermediate results in the flow allow for manual intervention adjustments to help improve accuracy.
The flow in fig. 1 includes the following steps:
s101: the cloud platform receives an identifier registration request uploaded by an edge node, generates a unique identifier for the edge node, and sends the unique identifier to the edge node.
In some embodiments of the present application, the cloud platform generates multiple unique identifiers for edge nodes in advance according to the deployment requirements of the edge platform, where each unique identifier can only be used by one edge node and can only be registered once.
Based on this, the cloud platform retrieves, from the identification registration record information, whether there is registration record information of the edge node.
If yes, judging whether the edge node is registered according to the registration record information. If not, randomly selecting an identification code from the code database, and determining the identification code as the unique identification of the edge node.
In addition, if the edge node is already registered, the cloud platform acquires the registration time of the edge node, generates repeated registration notification information of the edge node according to the registration time, and sends the repeated registration notification information to the management user terminal of the edge node.
In addition, if the cloud platform does not have the registration information of the edge node, the cloud platform directly determines that the edge node is registered for the first time, randomly selects an identification code from the code database, and determines the identification code as the unique identification of the edge node.
S102: and receiving the authorization request uploaded by the edge node, and analyzing the authorization request to obtain the unique identification to be checked.
When the edge node is deployed, the edge node requests authorization from the cloud platform by using the unique identifier distributed by the cloud platform.
S103: and comparing the unique identifier with the unique identifier to be verified.
It should be noted that, the unique identifier sent by the edge node to the cloud platform is not necessarily the unique identifier distributed by the cloud platform. For example, the edge node is not the unique identifier of the distribution when transmitting, or is the unique identifier of the distribution when transmitting, but the unique identifier of the distribution is tampered in the transmission process, so that the cloud platform receives the unique identifier which is not the unique identifier of the distribution.
S104: and if the comparison is consistent, determining that the unique identification to be checked passes the check.
If the comparison of the unique identifier and the identifier to be checked is inconsistent, the cloud platform generates confirmation information of the unique identifier to be checked, and the confirmation information is sent to the edge node so as to confirm whether the identifier to be checked is in an authorization request uploaded by the edge node or not to the edge node;
if yes, determining the edge node as an illegal authorized node, and outputting the edge node to a blacklist;
if not, determining that the authorization request of the edge node is illegally tampered, generating illegal tampered information of the authorization request, and sending the illegal tampered information to the edge node.
It should be noted that the unique identifier is inconsistent with the identifier to be checked, but the edge node confirms that the identifier to be checked is uploaded by itself, and the operation of the edge node at the moment by an illegal user is described. And conversely, when the edge node does not confirm that the mark to be verified is uploaded by itself, the authorized request is tampered in the transmission process.
S105: and generating the edge authorization encryption file of the edge node through an asymmetric encryption algorithm and the unique identifier.
In some embodiments of the present application, the cloud platform generates the edge authorization file using an asymmetric encryption algorithm, and needs to add information such as a unique identifier of the edge platform, a generation timestamp, and a failure timestamp in the edge authorization encryption string. Thus, since the edge authorized encrypted file carries the generation time stamp, the edge authorized encrypted file generated each time is different.
Based on the edge authorization file, the cloud platform acquires the edge node. Then, the edge authorization file is encrypted through a private key of the asymmetric encryption algorithm, and an edge authorization encryption character string is generated. And finally, inserting a generation time stamp, an invalidation time stamp and a unique identifier of the edge authorization file into the edge authorization encryption character string to generate the edge authorization encryption file.
For example, the generation time stamp is month C of year a, and the failure time stamp is month F of year D.
S106: and sending the edge authorization encryption file to the edge node to authorize the edge node.
In some embodiments of the present application, the edge node decrypts the edge authorization encrypted file by the public key of the asymmetric encryption algorithm to obtain the generated timestamp, the failure timestamp, and the unique identifier.
The unique identification is then compared to the unique identification stored by the edge node.
If the comparison is consistent, judging whether the failure time stamp is later than the current verification time. For example, the expiration time stamp D year E month F day, and the current time is a year G month H day. At this time, the current verification time is the day A, month G and day H.
If yes, the edge authorization encryption file is determined to be a valid edge authorization encryption file, the generated timestamp, the invalid timestamp and the unique identifier are output to a database, and the edge node is determined to be started successfully.
If the unique identifier is inconsistent with the unique identifier stored in the edge node, the cloud platform is described as being tampered with the unique identifier or tampered with the unique identifier stored in the edge node in the process of transmitting the edge authorization encrypted file to the edge node, so that the edge node generates authorization failure notification information of the edge node and transmits the authorization failure notification information to the management user terminal.
In addition, if the failure time stamp is earlier than or equal to the current verification time, the edge authorization encryption file is determined to be the failure edge authorization encryption file, authorization failure notification information of the edge node is generated, and the authorization failure notification information is sent to the management user terminal.
In some embodiments of the present application, the validity period of the edge authorization encryption file will be automatically checked periodically after the edge node is successfully started.
Specifically, the edge node calculates a time difference between the current verification time and the failure timestamp in the database in a preset period. If the time difference value is smaller than the preset time threshold value, determining that the authorization valid period of the edge node is insufficient. And uploading a new authorization request to the cloud platform again to acquire an updated edge authorization encryption file.
In some embodiments of the present application, after the edge node is successfully started, when a user performs a query request on the edge node, the edge node needs to check the unique identifier and whether the edge authorization encrypted file is out of date.
Based on the above, the edge node receives the query operation request, and obtains the failure time stamp and the unique identifier from the database. Then, comparing the unique identifier with the unique identifier distributed by the cloud platform; if the comparison is consistent, judging whether the failure time stamp is later than the current query time; if yes, determining that the query operation request passes verification, and allowing the query operation request to be executed.
It should be noted that, if the comparison is inconsistent, the query operation request is not allowed to be executed, and if the failure timestamp is earlier than or equal to the current query time, the query operation request is not allowed to be executed.
In summary, the unique identifier of the edge node is generated by the cloud platform, and the edge node does not need to acquire the unique identifier by acquiring the hardware identifier. In addition, the security of the authorization file is ensured by encrypting the authorization file, the edge authorization encrypted file has a validity period, and the long-term illegal use of the authorization encrypted file caused by the leakage of the edge authorization encrypted file is not worried about, so that the operation requirement of the edge platform program is better protected. In addition, the renewal of the edge authorization encrypted file is automatically initiated by the edge platform without manual intervention. In addition, the edge platform is required to be provided with regular communication with the cloud platform after deployment, and the authorized encrypted file is updated, so that the edge platform cannot be separated from the cloud platform for a long time to use, and the management of the edge platform by the cloud platform is enhanced.
It should be noted that, although the embodiment of the present application is described with reference to fig. 1 to sequentially describe steps S101 to S106, this does not represent that steps S101 to S106 must be performed in strict order. The steps S101 to S106 are sequentially described according to the sequence shown in fig. 1 in the embodiment of the present application, so as to facilitate the understanding of the technical solution of the embodiment of the present application by those skilled in the art. In other words, in the embodiment of the present application, the sequence between the steps S101 to S106 may be appropriately adjusted according to the actual needs.
By the method of fig. 1, the unique identifier of the edge node is generated by the cloud platform, the edge node does not need to acquire the unique identifier in a manner of acquiring the hardware identifier, the edge node automatically transmits an authorization request to the cloud platform, and after the unique identifier of the edge node passes the verification, the cloud platform can ensure that the edge node is a legal edge node, so that an edge authorization encrypted file is continuously transmitted to the edge node, the edge node completes automatic authorization, and finally the edge node can be effectively and efficiently authorized.
Based on the same thought, some embodiments of the present application further provide a device and a non-volatile computer storage medium corresponding to the above method.
Fig. 2 is a schematic structural diagram of an edge node authorization device provided in an embodiment of the present application, which is applied to a cloud platform, and includes:
at least one processor; the method comprises the steps of,
a memory communicatively coupled to the at least one processor; wherein,
the memory stores instructions executable by the at least one processor to enable the at least one processor to:
receiving an identifier registration request uploaded by an edge node, generating a unique identifier for the edge node, and sending the unique identifier to the edge node;
receiving an authorization request uploaded by the edge node, and analyzing the authorization request to obtain a unique identifier to be checked;
comparing the unique identifier with the unique identifier to be verified;
if the comparison is consistent, determining that the unique identification to be checked passes the check;
generating an edge authorization encryption file of the edge node through an asymmetric encryption algorithm and the unique identifier;
and sending the edge authorization encryption file to the edge node to authorize the edge node.
Some embodiments of the present application provide an edge node-authorized non-volatile computer storage medium storing computer-executable instructions for application to a cloud platform, the computer-executable instructions configured to:
receiving an identifier registration request uploaded by an edge node, generating a unique identifier for the edge node, and sending the unique identifier to the edge node;
receiving an authorization request uploaded by the edge node, and analyzing the authorization request to obtain a unique identifier to be checked;
comparing the unique identifier with the unique identifier to be verified;
if the comparison is consistent, determining that the unique identification to be checked passes the check;
generating an edge authorization encryption file of the edge node through an asymmetric encryption algorithm and the unique identifier;
and sending the edge authorization encryption file to the edge node to authorize the edge node.
All embodiments in the application are described in a progressive manner, and identical and similar parts of all embodiments are mutually referred, so that each embodiment mainly describes differences from other embodiments. In particular, for the apparatus and medium embodiments, the description is relatively simple, as it is substantially similar to the method embodiments, with reference to the section of the method embodiments being relevant.
The devices and media provided in the embodiments of the present application are in one-to-one correspondence with the methods, so that the devices and media also have similar beneficial technical effects as the corresponding methods, and since the beneficial technical effects of the methods have been described in detail above, the beneficial technical effects of the devices and media are not described in detail herein.
It will be appreciated by those skilled in the art that embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In one typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of computer-readable media.
Computer readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. Computer-readable media, as defined herein, does not include transitory computer-readable media (transmission media), such as modulated data signals and carrier waves.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or apparatus that comprises the element.
The foregoing is merely exemplary of the present application and is not intended to limit the present application. Various modifications and changes may be made to the present application by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the technical principles of the present application should fall within the protection scope of the present application.
Claims (10)
1. A method of edge node authorization, the method comprising:
the cloud platform receives an identifier registration request uploaded by an edge node, generates a unique identifier for the edge node, and sends the unique identifier to the edge node;
receiving an authorization request uploaded by the edge node, and analyzing the authorization request to obtain a unique identifier to be checked;
comparing the unique identifier with the unique identifier to be verified;
if the comparison is consistent, determining that the unique identification to be checked passes the check;
generating an edge authorization encryption file of the edge node through an asymmetric encryption algorithm and the unique identifier;
and sending the edge authorization encryption file to the edge node to authorize the edge node.
2. The method according to claim 1, wherein the generating the edge authorization encrypted file of the edge node by the asymmetric encryption algorithm and the unique identifier specifically comprises:
the cloud platform acquires an edge authorization file of the edge node;
encrypting the edge authorization file through a private key of an asymmetric encryption algorithm to generate an edge authorization encryption character string;
and inserting the generation time stamp, the failure time stamp and the unique identifier of the edge authorization file into the edge authorization encryption character string to generate the edge authorization encryption file.
3. The method of claim 2, wherein after the sending the edge authorization encrypted file to the edge node, the method further comprises:
the edge node decrypts the edge authorization encrypted file through the public key of the asymmetric encryption algorithm to obtain the generation time stamp, the failure time stamp and the unique identifier;
comparing the unique identifier with the unique identifier distributed by the cloud platform;
if the comparison is consistent, judging whether the failure time stamp is later than the current verification time;
if yes, the edge authorization encryption file is determined to be a valid edge authorization encryption file, the generation time stamp, the failure time stamp and the unique identifier are output to a database, and the edge node is determined to be successfully started.
4. A method according to claim 3, wherein after said determining that the edge node has been successfully booted, the method further comprises:
the edge node calculates the time difference between the current verification time and the failure time stamp in the database in a preset period;
if the time difference value is smaller than a preset time threshold value, determining that the authorization valid period of the edge node is insufficient;
and uploading a new authorization request to the cloud platform again to acquire an updated edge authorization encryption file.
5. A method according to claim 3, wherein after said determining that the edge node has been successfully booted, the method further comprises:
the edge node receives a query operation request;
acquiring the failure time stamp and the unique identifier from the database;
comparing the unique identifier with the unique identifier distributed by the cloud platform;
if the comparison is consistent, judging whether the failure time stamp is later than the current query time;
if yes, determining that the query operation request passes verification, and allowing the query operation request to be executed.
6. The method according to claim 1, wherein the generating a unique identifier for the edge node specifically comprises:
the cloud platform searches whether the registration record information of the edge node exists or not from the identification registration record information;
if yes, judging whether the edge node is registered or not according to the registration record information;
if not, randomly selecting an identification code from the code database, and determining the identification code as the unique identification of the edge node.
7. The method of claim 6, wherein the method further comprises:
if the edge node is registered, the cloud platform acquires the registration time of the edge node;
and generating repeated registration notification information of the edge node according to the registration time, and sending the repeated registration notification information to a management user terminal of the edge node.
8. The method according to claim 1, wherein the method further comprises:
if the unique identifier is inconsistent with the identifier to be verified in comparison, the cloud platform generates confirmation information of the unique identifier to be verified, and sends the confirmation information to the edge node so as to confirm whether the identifier to be verified is in an authorization request uploaded by the edge node or not to the edge node;
if yes, determining the edge node as an illegal authorized node, and outputting the edge node to a blacklist;
if not, determining that the authorization request of the edge node is illegally tampered, generating illegal tampering information of the authorization request, and sending the illegal tampering information to the edge node.
9. An edge node authorization device, characterized by being applied to a cloud platform, comprising:
at least one processor; the method comprises the steps of,
a memory communicatively coupled to the at least one processor; wherein,
the memory stores instructions executable by the at least one processor to enable the at least one processor to:
receiving an identifier registration request uploaded by an edge node, generating a unique identifier for the edge node, and sending the unique identifier to the edge node;
receiving an authorization request uploaded by the edge node, and analyzing the authorization request to obtain a unique identifier to be checked;
comparing the unique identifier with the unique identifier to be verified;
if the comparison is consistent, determining that the unique identification to be checked passes the check;
generating an edge authorization encryption file of the edge node through an asymmetric encryption algorithm and the unique identifier;
and sending the edge authorization encryption file to the edge node to authorize the edge node.
10. An edge node-authorized non-volatile computer storage medium storing computer-executable instructions, characterized in that, applied to a cloud platform, the computer-executable instructions are configured to:
receiving an identifier registration request uploaded by an edge node, generating a unique identifier for the edge node, and sending the unique identifier to the edge node;
receiving an authorization request uploaded by the edge node, and analyzing the authorization request to obtain a unique identifier to be checked;
comparing the unique identifier with the unique identifier to be verified;
if the comparison is consistent, determining that the unique identification to be checked passes the check;
generating an edge authorization encryption file of the edge node through an asymmetric encryption algorithm and the unique identifier;
and sending the edge authorization encryption file to the edge node to authorize the edge node.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410029072.2A CN117857180A (en) | 2024-01-05 | 2024-01-05 | Edge node authorization method, equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410029072.2A CN117857180A (en) | 2024-01-05 | 2024-01-05 | Edge node authorization method, equipment and medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117857180A true CN117857180A (en) | 2024-04-09 |
Family
ID=90541471
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410029072.2A Pending CN117857180A (en) | 2024-01-05 | 2024-01-05 | Edge node authorization method, equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117857180A (en) |
-
2024
- 2024-01-05 CN CN202410029072.2A patent/CN117857180A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107579958B (en) | Data management method, device and system | |
| WO2018121445A1 (en) | Multi-tenant access control method and apparatus | |
| US20110258434A1 (en) | Online secure device provisioning with updated offline identity data generation and offline device binding | |
| CN110597538A (en) | Software upgrading method based on OTA upgrading system and OTA upgrading system | |
| CN111931199A (en) | Health authentication method, equipment and medium based on block chain and dynamic code | |
| CN113497709A (en) | Trusted data source management method based on block chain, signature device and verification device | |
| CN114826661A (en) | Data access method, device and medium based on open API | |
| CN107066346B (en) | Data backup method, data recovery method and device | |
| CN110995419A (en) | Symmetric encryption and decryption method, device and medium based on data on link | |
| US11483165B2 (en) | Certificate renewal method, apparatus, system, medium, and device | |
| CN111835711A (en) | Digital encryption cloud service information protection method and cloud service system | |
| CN111682937B (en) | Method and device for applying and distributing key of enhanced CPK | |
| CN108933766B (en) | Method and client for improving equipment ID security | |
| CN115114630A (en) | Data sharing method and device and electronic equipment | |
| CN111460465A (en) | Identity authentication method, equipment and medium based on block chain | |
| CN117857180A (en) | Edge node authorization method, equipment and medium | |
| CN110995454A (en) | Service verification method and system | |
| CN114091078A (en) | Test report processing method, test platform and user terminal | |
| CN113378120A (en) | Version authorization control method, device, equipment and storage medium based on block chain | |
| KR20210139052A (en) | Apparatus and method for managing identity based on blockchain | |
| CN116707915B (en) | News command dispatching instruction distribution method based on block chain encryption and consensus algorithm | |
| CN115021917B (en) | Certificate-based security verification method, system, equipment and medium | |
| US11936773B2 (en) | Encryption key management method in data subscription system | |
| CN109740308B (en) | Server-side version protection method and system | |
| CN107888565B (en) | Method and device for security processing and method and device for encryption processing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |