CN117873499A

CN117873499A - Digital twin offline service deployment method and device based on license and security lock

Info

Publication number: CN117873499A
Application number: CN202311863486.7A
Authority: CN
Inventors: 郑航; 伊尚丰; 展兆建; 卜凡起
Original assignee: Baweitong Technology Co ltd
Current assignee: Baweitong Technology Co ltd
Priority date: 2023-12-29
Filing date: 2023-12-29
Publication date: 2024-04-12

Abstract

The embodiment of the application discloses a digital twin offline service deployment method and device based on a license and a security lock. The method relates to a digital twinning technology, and specifically comprises the following steps: generating authorization information corresponding to the control equipment and an application license key of the target application service based on an opening request for the target application service sent by the control equipment; constructing application service data corresponding to the target application service, and associating the application service data with the authorization information and the application license key; constructing resource data corresponding to the target application service data based on the resource key corresponding to the control equipment; and sending the resource data, the target application service data and the target security lock information to the control equipment so that the control equipment deploys the target application service data based on the application license key and the authorization information and loads the resource data based on the resource key. By the method, compatibility of the license and the security lock in the offline service deployment process is improved.

Description

Digital twin offline service deployment method and device based on license and security lock

Technical Field

The application relates to the field of digital twinning, in particular to a digital twinning offline service deployment method and device based on a license and a security lock.

Background

Dongles are hardware key locks, hardware locks, or USB dongles, which are hardware devices that provide additional security and license management in software applications. It is typically a physical device similar to a USB flash drive, but with built-in encryption and authorization functions.

During service deployment, after a user purchases a service, the service provider may provide a dongle that is tied to the service purchased by the user. The user can use the dongle locally and deploy the purchased service on the local server so that the service can be used.

In the related art, in the deployment of a service, it is generally necessary to verify whether a local server has the right to use the service using a license, which requires that a machine fingerprint of the local server be provided by a user at the beginning, so that the license is bound to the server. However, if a dongle is used, there is no need to provide a machine fingerprint of the local server, and therefore, both schemes are incompatible, resulting in service deployment failure.

Therefore, how to ensure the compatibility of license and security lock in the offline service deployment process is a urgent issue to be resolved.

Disclosure of Invention

To solve the above technical problems, embodiments of the present application provide a digital twin offline service deployment method, apparatus, device and computer readable storage medium based on license and security lock.

The technical scheme adopted by the application is as follows:

a digital twin offline service deployment method based on a license and a security lock, the method comprising:

generating authorization information corresponding to control equipment and an application license key of a target application service based on an opening request for the target application service sent by the control equipment;

constructing application service data corresponding to the target application service based on a preset password, preset license identification information and the application service identification, and associating the application service data with the authorization information and the application license key to obtain target application service data and target security lock information which are associated with each other;

constructing resource data corresponding to the target application service data based on the resource key corresponding to the control equipment;

And sending the resource data, the target application service data and the target security lock information to the control equipment so that the control equipment deploys the target application service data based on the application license key and the authorization information and loads the resource data based on the resource key.

In one embodiment of the present application, based on the foregoing scheme, the preset password is read from a preset security lock file; the preset password is sent to a service construction party, so that the service construction party respectively constructs platform service data corresponding to the target service and application service data corresponding to the target application service based on the preset password; receiving platform service data and application service data sent by the service building party; and integrating the platform service data and the application service data based on the preset license identification information to obtain the target application service data.

In one embodiment of the present application, based on the foregoing scheme, the preset password, the preset permission identification information, the authorization information and the application license key are sent to a security lock binding party, so that the security lock binding party uses the preset password and the preset permission identification information to import the authorization information and the application license key into preset security lock information, and obtain imported preset security lock information; the application service data and the application license key are sent to the security lock binding party, so that the security lock binding party binds the application service data with the imported preset security lock information to obtain the target application service data and the target security lock information which are associated with each other, and the target security lock information contains the application license key; and receiving the target application service data and the target security lock information sent by the security lock binding party.

In one embodiment of the present application, based on the foregoing scheme, the resource key includes an authentication key and a debug key; transmitting the verification key and the debugging key to a resource building party so that the resource building party generates the resource data based on the verification key and the debugging key; and receiving the resource data sent by the resource building party.

In one embodiment of the present application, based on the foregoing solution, the process of deploying, by the control device, the target application service data based on the application license key and the authorization information includes: the control device sends the preset password and the preset permission identification information read from the target security lock information to a specified server, so that the specified server reads the application license key and the authorization information from the target security lock information based on the preset password and the preset permission identification information; the appointed server initializes the target application service data by using an application license key and the authorization information, and generates an application license corresponding to the target application service by using the application license key; the designated server deploys the target application service based on the target application service data and the application license.

In one embodiment of the present application, based on the foregoing solution, the process of loading the resource data by the control device based on the resource key includes: the control device sends the preset password and preset license identification information to a designated server so that the designated server uses the application license key to load the resource data; and the designated server calls a resource license corresponding to the resource data generated by using the verification key, and runs the resource data based on the verification key and the resource license.

In one embodiment of the present application, based on the foregoing solution, if the control device receives the export request of the resource data, the preset password and the preset license identifier information are sent to the specified server, so that the specified server generates a debug license based on a debug key, and uses the debug license to debug the resource data, so as to obtain the debugged resource data.

A digital twin offline service deployment apparatus based on a license and a security lock, the apparatus comprising:

a processing unit for generating a service license public key and a service license private key, and a resource license public key and a resource license private key based on an opening request for a target service sent by the control device;

An encrypting unit, configured to encrypt the device feature information of the control device and the authorization information of the target service by using the service license private key and the symmetric key, so as to obtain a service license of the target service;

a construction unit, configured to construct resource data corresponding to the target service based on the resource license public key, and construct target application service data based on the service license public key and the resource data;

and the receiving and transmitting unit is used for transmitting the resource data, the target application service data, the service license and the symmetric key to the control equipment so that the control equipment deploys the target service based on the service license public key, the symmetric key and the target application service data and deploys the resource data based on the resource license private key.

A digital twin offline service deployment device based on a license and a security lock comprises a processor and a memory, wherein the memory is stored with computer readable instructions, and the computer readable instructions realize the digital twin offline service deployment method based on the license and the security lock when being executed by the processor.

A computer readable storage medium having stored thereon computer readable instructions which, when executed by a processor of a computer, cause the computer to perform a digital twin offline service deployment method based on a license and a security lock as above.

A computer program product comprising computer readable instructions which, when executed by a processor, implement a digital twin offline service deployment method based on a license and a security lock as above.

In the above technical solution, after receiving an activation request for a target application service sent by a control device side, corresponding authorization information and an application license key may be generated, application service data corresponding to the target application service is constructed based on a preset password, preset license identification information and an application service identification, and the application service data is associated with the authorization information and the application license key, so as to obtain target application service data and target security lock information that are associated with each other. Then, after constructing the resource data based on the resource key, finally, the control device may deploy the target application service data based on the application license key and the authorization information, and load the resource data based on the resource key.

According to the method, after the authorization information and the application license key of the target application service are generated, the application service data are associated with the authorization information and the application license key to obtain the target application service data and the target security lock information which are associated with each other, and the construction of the license is carried out by the appointed server, so that the machine fingerprint of the appointed server is not required to be acquired when the target application service data are constructed, and the compatibility of the license and the security lock in the offline service deployment process is improved.

It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.

Drawings

The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the application and together with the description, serve to explain the principles of the application. It is apparent that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained from these drawings without inventive effort for a person of ordinary skill in the art. In the drawings:

FIG. 1 is a schematic illustration of an implementation environment to which the present application relates;

FIG. 2 is a flowchart illustrating a method for digital twin offline service deployment based on licenses and security locks, in accordance with an exemplary embodiment;

FIG. 3 is a flowchart illustrating a digital twin offline service deployment method based on a license and a security lock, according to another exemplary embodiment;

FIG. 4 is a flowchart illustrating a digital twin offline service deployment method based on a license and security lock, according to another exemplary embodiment;

FIG. 5 is a flowchart illustrating a digital twin offline service deployment method based on a license and security lock, according to another exemplary embodiment;

FIG. 6 is a flowchart illustrating a digital twin offline service deployment method based on a license and security lock, according to another exemplary embodiment;

FIG. 7 is a flow chart of a method of using resource data via an SDK using a resource license in an example of the present application;

FIG. 8 is a block diagram of a digital twin offline service deployment device based on a license and security lock, according to an example embodiment;

fig. 9 is a schematic hardware architecture diagram of a digital twin offline service deployment device based on a license and a security lock, according to an example embodiment.

Detailed Description

Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples do not represent all implementations identical to the present application. Rather, they are merely examples of apparatus and methods that are identical to some aspects of the present application, as detailed in the appended claims.

The block diagrams depicted in the figures are merely functional entities and do not necessarily correspond to physically separate entities. That is, the functional entities may be implemented in software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor devices and/or microcontroller devices.

The flow diagrams depicted in the figures are exemplary only, and do not necessarily include all of the elements and operations/steps, nor must they be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the order of actual execution may be changed according to actual situations.

In this application, the term "plurality" means two or more. "and/or" describes an association relationship of an association object, meaning that there may be three relationships, e.g., a and/or B may represent: a exists alone, A and B exist together, and B exists alone. The character "/" generally indicates that the context-dependent object is an "or" relationship.

It should be noted that, in the specific embodiments of the present application, related data of a user is referred to, when the embodiments of the present application are applied to specific products or technologies, permission or consent of the user needs to be obtained, and collection, use and processing of related data need to comply with related laws and regulations and standards of related countries and regions.

Before describing the technical scheme of the embodiment of the present application, technical terms related to the embodiment of the present application are described herein.

An application service license is a license used to authorize and manage the use of software or application services. It is a digitized authorization mechanism that ensures that only authorized users or systems can use a particular service or software function. In embodiments of the present application, the following machine fingerprints (i.e., device characteristic information) and authorization information may be included in the service license. Wherein the authorization information includes the number of seats, the selected application, the resource license private key, a list of authorization codes (codes), and other authorization information.

Where the number of seats generally refers to the number of authorized users or devices in the software license. In a software license, a particular license may dictate the number of user seats or devices that can use the software at the same time. This is to limit access and use to ensure legal use of the software and to authorize according to the rules of the license.

The list of authorization codes refers to a set of unique identifiers or codes used to authorize access to software or services. These authorization codes are intended to ensure that a user or system has legal rights in accessing a particular software function or service.

A resource license is a license for authorizing access to and use of a particular resource or function in software that can be controlled and managed to ensure that the package of resources is loaded with legal authorization.

Dongles are hardware devices that generally have a USB-like appearance, but have encryption and authorization functions integrated therein. The primary purpose is to provide additional security and license management in software applications. As a hardware key lock, dongles are used to store and protect software license information, ensuring that only users with valid licenses can run specific software. In service deployment, after a user purchases a service, a service provider may provide a dongle that binds the purchased service, and the user may use the dongle locally to ensure secure deployment of the service. The dongle also has a function of preventing illegal copying and distribution, and as a hardware security lock, requires a user to insert the dongle before running the software, thereby enhancing the security of the software. In the embodiments of the present application, the dongle may also be referred to as security lock information.

A software development kit (Software Development Kit, SDK) is a collection of tools, libraries, documents, and example code for developing software. SDKs provide a developer with resources and tools to create specific software applications or software frameworks in order to simplify and accelerate the software development process. The purpose of the SDK is to simplify the development process, improve development efficiency, reduce the learning curve of the developer, and ensure the stability and performance of the application in a specific platform or environment. The SDK is widely applied to the fields of mobile application development, web development, internet of things equipment development and the like. For example, android sdk is used for development of Android applications, iOSSDK is used for development of iOS applications.

The digital twin is to fully utilize data such as a physical model, sensor update, operation history and the like, integrate simulation processes of multiple disciplines, multiple physical quantities, multiple scales and multiple probabilities, and complete mapping in a virtual space, thereby reflecting the full life cycle process of corresponding entity equipment. Digital twinning is a beyond-the-reality concept that can be seen as a digital mapping system of one or more important, mutually dependent equipment systems. Digital twinning is a universally adapted theoretical technology system, can be applied in a plurality of fields, and has more application in the fields of product design, product manufacturing, medical analysis, engineering construction and the like. The most deep application in China is in the engineering construction field, the highest attention is paid, and the hottest research is in the intelligent manufacturing field. The present application applies license generation and offline service deployment in the digital twinning field.

Referring to fig. 1, fig. 1 is a schematic view of an implementation environment according to the present application.

As shown in fig. 1, the implementation environment includes a user 110, a control device 120, a designation server 130, an operation server 140, a resource builder 150, a service builder 160, and a security lock binder 170.

The user 110 is an operator of the control device 120, the control device 120 and the designated server 130 are affiliated with the same organization or enterprise, for example, may be the same organization 1, and the user 110 may configure the designated server 130 by operating the control device 120.

The operations server 140, resource builder 150, service builder 160, and security lock binder 170 may also be affiliated with the same organization, such as organization 2. The four operations of generating application license, constructing resource data and application service data can be performed to generate a service item.

In the embodiment of the present application, the organization 2 may be a provider of a service, where one target service includes resource data and service data, and the resource data may be SDK data, which may also be referred to as development data. The operation server 140 may call the resource constructor 150 to construct resource data and call the service constructor 160 to construct service data, respectively, to form a complete service. The security lock binder 170 may associate the security lock information with the application service data, and form an interrelated relationship with each other. The security lock information in the embodiment of the present application may be a dongle.

If the user 110 needs to use the service of the organization 2, the control device 120 accesses the designated platform of the organization 2 and purchases the service, so that the control device 120 can transmit an opening request of the target service to the operation server 140. After receiving the request for opening the target service, the operation server 140 may generate a service license, construct resource data and service data accordingly, and package and send the three to the control device 120. To facilitate the internal management of the institution 1, the user 110 may deploy the service purchased from the institution 2 locally through the control device 120, which is also referred to as offline service deployment, so that after the deployment is successful, when the personnel of the institution 1 need to use the service, there is no need to access the server of the institution 2, thereby implementing the operation of the offline service.

When the specified server 130 deploys the service, the control device 120 may issue a service license to the specified server 130 to cause the specified server 130 to deploy the service.

Referring to fig. 2, fig. 2 is a flow chart illustrating a digital twin offline service deployment method based on a license and a security lock, according to an exemplary embodiment. The method may be adapted to the implementation environment shown in fig. 2 and is specifically performed by an operating server. Of course, the method may be applied to other implementation environments, and the implementation subject of the method is not limited herein.

The license and security lock based digital twin offline service deployment method will be described in detail below with an operating server as an exemplary implementation subject.

As shown in fig. 2, in an exemplary embodiment, the method includes at least the steps of:

s210, generating authorization information corresponding to the control equipment and an application license key of the target application service based on an opening request for the target application service sent by the control equipment.

In an embodiment of the present application, after receiving an activation request for a target application service sent by a control device, an operation server may configure organization information (may also be referred to as enterprise information) of an organization to which the control device belongs, so that authorization information specific to the organization may be generated based on the organization information. Before generating the authorization information, the number of authorization codes specified in the provisioning request needs to be read, where the number of authorization codes is used to represent the number of authorization codes purchased by the control device, such as the number of accounts, and represents that multiple users can use the target application service. The operator server may then generate a list of authorization codes corresponding to the target application service based on the number of authorization codes.

The authorization code list may be an authorization code list of a specific application service. Because a control device may purchase different application services, each application service is independent of the other, and the number of users (the same as the number of authorization codes) that each application service can support is different, each application service has a corresponding list of authorization codes. If the user purchases a plurality of application services through the control device, there may be a plurality of authorization code lists corresponding to the application services, for example, an authorization code list corresponding to the application service SoonBI, an application service SoonManager authorization code list, and the like. The operation server can generate a designated number of authorization codes for each application service according to the purchase condition of the control device, and obtain an authorization code list corresponding to each application service.

In embodiments of the present application, the authorization code information may include a number of seats, an identification of the selected application service, a list of authorization codes, and other authorization information (if any).

In addition, the operation server may also generate a corresponding application license key based on the provisioning request of the target application service, including an application license public key and an application license private key. The application license key may be used for subsequent control devices to deploy the target application service data.

S220, constructing application service data corresponding to the target application service based on the preset password, the preset license identification information and the application service identification, and associating the application service data with the authorization information and the application license key to obtain the target application service data and the target security lock information which are associated with each other.

The preset password can be read from a preset security lock file, the preset security file is an initialized dongle, information in the preset security file is initialized, each dongle has an API password belonging to the dongle, and the API password can be used as the preset password.

After receiving the preset password, the operation server needs to send the preset password to the service building party so that the service building party can respectively build platform service data corresponding to the target service and application service data corresponding to the target application service based on the preset password. The platform service data may also be referred to as CPS service data, and the preset password needs to be added to the CPS service data. Likewise, the preset password is also required to be added to the application service data. In the embodiment of the application, the platform service data and the application service data only need to be constructed once.

After the construction is completed, the operation server may generate preset license identification information, where the preset license identification information refers to a license ID (identifier) corresponding to the dongle, where the license ID is used when the built-in program in the dongle needs to be executed, and may indicate which license needs to be used. In embodiments of the present application, the license ID may be directed to an application service license.

The operation server needs to package the preset license identification information, the platform service data and the application service data, and plug-in the preset license identification information and send the information to the service building party, so that the service building party builds a service package, wherein the service package comprises the platform service data and the application service data, and a preset password and the preset license identification information are also built in the service package. In this way, the operation server can receive the service package sent by the service constructor.

Next, the operation server needs to generate a resource key, including an authentication key and a debug key, which can respectively authenticate and debug the subsequently generated resource data. It should be noted that the authentication key may generate different authentication keys for different users (i.e., control devices), and the debug key may be shared by all users.

The operation server needs to send the preset password, the preset permission identification information, the authorization information and the application license key to the safety lock binding party so that the safety lock binding party can import the authorization information and the application license key into the preset safety lock information by using the preset password and the preset permission identification information to obtain the imported preset safety lock information.

Further, the operation server sends the application service data and the application license key to the security lock binding party so that the security lock binding party binds the application service data with the imported preset security lock information. In the binding process, the security lock binding party can also obtain target security lock information based on adding the application license key into the imported preset security lock information, namely the dongle which can be sent to the control equipment. Thus, the target application service data and the target security lock information which are related to each other can be obtained. The target application service data comprises an API password of the dongle, platform service data and application service data, and a license ID of the dongle is externally arranged; the target security lock information includes authorization information and an application license key. In this way, the operation server receives the target application service data and the target security lock information sent by the security lock binding party.

S230, constructing resource data corresponding to the target application service data based on the resource key corresponding to the control equipment.

Wherein the resource key includes a validation key and a debug key. Specifically, the operation server needs to send the verification key and the debug key to the resource builder so that the resource builder generates resource data based on the verification key and the debug key. Wherein the verification key is specifically a verification public key, and can be used for decrypting the resource license; the debug key is specifically a debug public key that can be used to decrypt the debugged resource license. The resource license is data that the control device side will use later. After the resource building side builds the resource data, the operation server can receive the resource data sent by the resource building side. The resource data is SDK data.

And S240, the resource data, the target application service data and the target security lock information are sent to the control equipment, so that the control equipment deploys the target application service data based on the application license key and the authorization information, and loads the resource data based on the resource key.

After the operation server generates the target security lock information, the target application service data and the resource data, they can all be sent to the control device. After the control device receives the request, the target application service needs to be deployed.

Specifically, the control device transmits the preset password and the preset license identification information read from the target security lock information to the specified server, so that the specified server reads the application license key and the authorization information from the target security lock information based on the preset password and the preset license identification information. The designated server initializes the target application service data using the application license key and the authorization information.

Further, the designated server needs to consume the authorization code corresponding to the control device, and needs to acquire the authorization code corresponding to the control device from the authorization code list to bind and consume. Next, the specified server needs to write the API password and license ID corresponding to the target security lock information as binding information into the dongle, and generate an application license corresponding to the target application service using an application license key (specifically, an application license private key), and finally, deploy the target application service based on the target application service data and the application license. When the target application service is deployed, the designated server needs to embed the resource data corresponding to the target application service and the application license into the target application service, so that the deployment of the target application service is completed.

After the deployment of the target application service is completed, the resource data also needs to be loaded. Specifically, the control device sends an instruction to open the target application service to the specified server, the specified server needs to acquire the application license public key from the security lock information based on the API password and the license ID, and if the application license public key is successful in verifying the application license, the resource data can be loaded.

After the resource data is loaded successfully, if the control device needs to use the target application service, an opening instruction of the target application service needs to be sent to the local SDK. The SDK generates a random code C, and encrypts the random code C by using the verification public key to obtain a ciphertext M1. The SDK calls the dongle to enable the dongle to decrypt the ciphertext M1 by using the verification private key to obtain C2, encrypt C2 by using the verification private key to obtain the ciphertext M2, and finally generate a resource license for the resource data by using the verification private key. After the SDK receives the ciphertext M2, the resource license and the resource data returned by the dongle, the SDK decrypts the M2 by using the verification public key to obtain C3, if the C3 is identical to the C, the SDK indicates that the verification is passed, and the resource license can be decrypted by using the verification public key, so that the resource data is used.

If the control device receives the export request of the resource data, the control device sends a preset password and preset license identification information to the appointed server, so that the appointed server generates a debugging license based on the debugging key, and the debugging license is used for debugging the resource data to obtain the debugged resource data.

If the control device needs to use the debugged resource data, the debugged public key needs to be used by the SDK to verify the debugging license, and if the debugging is successful, the debugged resource data can be used.

In one embodiment of the present application, another license and security lock based digital twin offline service deployment method is provided, which may be performed by an operational server. As shown in fig. 3, the license and security lock based digital twin offline service deployment method may include S210, S310 to S340, S230 to S240. In S220 shown in fig. 2, S310 to S340 are specific implementation methods for "constructing application service data corresponding to the target application service based on the preset password, the preset license identifier information, and the application service identifier".

S310 to S340 are described below:

s310, reading a preset password from a preset security lock file.

The preset security lock file is an initialized dongle, and the internal information of the preset security lock file is set in the initialization stage. Each dongle has its unique API password, and this API password can be used as a preset password.

And S320, the preset password is sent to the service construction party, so that the service construction party respectively constructs platform service data corresponding to the target service and application service data corresponding to the target application service based on the preset password.

After the operation server receives the preset password, the password needs to be sent to the service building party so that the service building party can perform two-aspect building work based on the password. First, a service builder uses a preset password to build platform service data (also referred to as CPS service data) corresponding to a target service and application service data corresponding to a target application service, respectively.

In the embodiment of the present application, the platform service data (CPS service data) and the application service data need only be constructed once. The key point is that the preset password is embedded into the data, so that the uniqueness and the safety of the preset password in the construction process are ensured. In this way, the service builder associates the preset password with the platform service data and the application service data, thereby ensuring the consistency and security of the data.

S330, receiving platform service data and application service data sent by the service constructor.

The operation server receives a service package, wherein the service package comprises platform service data and application service data, and preset passwords and preset license identification information are also built in the service package.

And S340, integrating the platform service data and the application service data based on the preset license identification information to obtain target application service data.

The operating server needs to generate resource keys, including authentication keys and debug keys. The purpose of the two keys is to verify and debug subsequently generated resource data, respectively. Notably, the authentication key may generate different keys according to different users (i.e., control devices), while the debug key may be a shared key for use by all users.

By the method, the operation server can consider the information of the platform on which the application needs to operate when constructing the target application service data and the combination of the information with the permission ID and the API password of the dongle, so that the safety and the compatibility of the target application service data are enhanced.

In one embodiment of the present application, another license and security lock based digital twin offline service deployment method is provided, which may be performed by an operational server. As shown in fig. 4, the license and security lock based digital twin offline service deployment method may include S210, S410 to S430, S230 to S240. In S220 shown in fig. 2, S410 to S430 are specific implementation methods for "associating application service data with authorization information to obtain target application service data and target security lock information associated with each other".

S410 to S430 are described below:

s410, the preset password, the preset license identification information, the authorization information and the application license key are sent to the safety lock binding party, so that the safety lock binding party uses the preset password and the preset license identification information to import the authorization information and the application license key into the preset safety lock information, and the imported preset safety lock information is obtained.

Next, the operation server needs to transmit the preset password, the preset license identification information, the authorization information, and the application license key to the security lock binder. In the process, the security lock binding party uses a preset password and preset license identification information to import the authorization information and the application license key into the preset security lock information so as to obtain the imported preset security lock information.

S420, the application service data and the application license key are sent to a security lock binding party, so that the security lock binding party binds the application service data with the imported preset security lock information to obtain the target application service data and the target security lock information which are mutually related, and the target security lock information contains the application license key.

The operating server sends the application service data and the application license key to the security lock binder. This enables the security lock binding party to bind the application service data with the imported preset security lock information. The security lock binding party not only adds the application license key to the imported preset security lock information, but also generates target security lock information. The target security lock information contains authorization information and an application license key and is finally transmitted to the dongle of the control device. Thus, after the operation server successfully completes the series of steps, the target application service data and the target security lock information which are related to each other can be obtained. The target application service data comprises the API password of the dongle, the platform service data and the application service data, and simultaneously the license ID of the dongle is also externally arranged. The target security lock information contains authorization information and an application permission key.

S430, receiving the target application service data and the target security lock information sent by the security lock binding party.

By the method, the operation server can bind the dongle with the service package of the target application service, ensure the safety, controllability and legality of the target application service in the deployment and operation processes, and provide more reliable service delivery and use guarantee for service providers and end users.

In one embodiment of the present application, another license and security lock based digital twin offline service deployment method is provided, which may be performed by a control device and a designated server. As shown in fig. 5, the license and security lock based digital twin offline service deployment method may include S210 to S230 and S510 to S530. That is, S510 to S530 are specific implementation methods of S240 shown in fig. 2.

S510 to S530 are described below:

s510, the control device sends the preset password and the preset permission identification information read from the target security lock information to the designated server, so that the designated server reads the application license key and the authorization information from the target security lock information based on the preset password and the preset permission identification information.

S520, the appointed server initializes the target application service data by using the application license key and the authorization information, and generates an application license corresponding to the target application service by using the application license key.

S530, the designated server deploys the target application service based on the target application service data and the application license.

The appointed server needs to consume the authorization code corresponding to the control equipment, and needs to acquire the authorization code corresponding to the control equipment from the authorization code list to bind and consume. Next, the specified server needs to write the API password and license ID corresponding to the target security lock information as binding information into the dongle, and generate an application license corresponding to the target application service using an application license key (specifically, an application license private key), and finally, deploy the target application service based on the target application service data and the application license. When the target application service is deployed, the designated server needs to embed the resource data corresponding to the target application service and the application license into the target application service, so that the deployment of the target application service is completed.

By the method, the application license can be generated on the designated server and is not generated on the operation server, so that the operation server does not need to acquire the machine fingerprint of the designated server, the generation of the application service based on the dongle is realized, and the compatibility of the license and the security lock in the offline service deployment process is enhanced.

In one embodiment of the present application, another license and security lock based digital twin offline service deployment method is provided, which may be performed by a computer (including an operation server, a security lock binder, a service builder, a resource builder). As shown in fig. 6, the license and security lock based digital twin offline service deployment method may include S601 to S617.

S601 to S617 are described below:

s601, the control equipment purchases the target service and triggers the sending of an opening request of the target application service to the operation server.

S602, the operation server generates authorization information corresponding to the control equipment.

Wherein the authorization information contains a specified number of authorization codes.

And S603, the operation server sends the preset password to the service construction party so that the service construction party respectively constructs platform service data corresponding to the target service and application service data corresponding to the target application service based on the preset password.

S604, the operation server generates a license ID of the dongle.

S605, the operation server generates a verification key pair and a debug key pair.

S606, the operation server sends the preset password, the preset license identification information, the authorization information and the application license key to the security lock binding party.

S607, the security lock binding party uses the preset password and the preset license identification information to import the authorization information and the application license key into the preset security lock information to obtain the imported preset security lock information.

And S608, the security lock binding party binds the application service data with the imported preset security lock information to obtain the target application service data and the target security lock information which are related to each other.

Accordingly, the security lock binding party returns the target application service data and the target security lock information to the operation server.

S609, the operation server transmits the resource data, the target application service data, and the target security lock information to the control device.

S610, the control device sends a preset password and preset permission identification information to a specified server.

S611, the designated server reads the application license key and the authorization information from the target security lock information based on the preset password and the preset license identification information.

S612, initializing the target application service data by the appointed server by using the application license key and the authorization information, and generating an application license corresponding to the target application service by using the application license key.

S613, the specified server deploys the target application service based on the target application service data and the application license.

S614 designates the server to load the resource data using the application license key.

S615 designates the SDK in the server to generate a resource license corresponding to the resource data using the authentication key, and runs the resource data based on the authentication key and the resource license.

S616, if the control device receives the export request of the resource data, the control device sends the preset password and the preset permission identification information to the designated server.

S617, the designated server generates a debugging license based on the debugging key, and uses the debugging license to debug the resource data to obtain the debugged resource data.

In one embodiment of the present application, a method of using resource data through an SDK using a resource license is provided, which may be performed by a computer (including a control device, an SDK, and a dongle). As shown in fig. 7, the method may include S701 to S713.

S701 to S713 are described below:

s701, the control device sends an opening instruction of the target application service to the local SDK.

S702, the SDK generates a random code C.

S703, the SDK encrypts the random code C by using the verification public key to obtain a ciphertext M1.

S704, the SDK sends the ciphertext M1 to the dongle.

S705, the dongle decrypts the ciphertext M1 using the authentication private key, resulting in C2.

S706, the dongle encrypts C2 by using the verification private key to obtain ciphertext M2.

S707, the dongle generates a resource license corresponding to the target application service using the verification private key.

S708, the SDK receives the resource license, the ciphertext M2, and the resource data sent by the dongle.

S709, the SDK decrypts M2 using the verification public key, resulting in C3.

S710, the SDK verifies whether C3 is identical to C.

S711, if the SDK verifies that the same is obtained, the resource license is decrypted using the verification public key.

S712, if the SDK decrypts successfully, the resource data is used.

S713, the SDK performs processing of rendering the scene to the control device.

In the present application, the processing of rendering a scene belongs to rendering items, for example, rendering of a subway three-dimensional model, rendering of a train three-dimensional running model, and the like.

By the method, the security opening of the target application service is ensured by the encryption and verification mechanism. The control device sends an opening instruction to the SDK, the SDK generates a random code and encrypts the random code by using the verification public key, and the ciphertext is sent to the dongle. The dongle uses the verification private key to decrypt the ciphertext and then encrypts the ciphertext by the verification private key to generate a resource license of the target application service. The SDK receives the resource license and the ciphertext sent by the dongle, decrypts the resource license after verification, ensures the integrity and finally uses the resource data. Thus, confidentiality and integrity of communication and reliable use of resource data are ensured.

FIG. 8 is a block diagram of a digital twinned offline service deployment device based on a license and security lock, as shown in one embodiment of the present application. As shown in fig. 8, the apparatus includes:

a processing unit 810 for generating a service license public key and a service license private key, and a resource license public key and a resource license private key, based on an activation request for a target service sent by the control device;

An encryption unit 820 for encrypting the device characteristic information of the control device and the authorization information of the target service by using the service license private key and the symmetric key to obtain a service license of the target service;

a construction unit 830, configured to construct resource data corresponding to the target service based on the resource license public key, and construct target application service data based on the service license public key and the resource data;

the transceiver unit 840 is configured to send the resource data, the target application service data, the service license, and the symmetric key to the control device, so that the control device deploys the target service based on the service license public key, the symmetric key, and the target application service data, and deploys the resource data based on the resource license private key.

In one embodiment of the present application, based on the foregoing solution, the processing unit 810 is further configured to read a preset password from a preset security lock file; the transceiver unit 840 is further configured to send a preset password to the service builder, so that the service builder builds platform service data corresponding to the target service and application service data corresponding to the target application service based on the preset password respectively; receiving platform service data and application service data sent by a service construction side; the processing unit 810 is further configured to integrate the platform service data and the application service data based on the preset license identifier information, to obtain target application service data.

In one embodiment of the present application, based on the foregoing solution, the transceiver unit 840 is further configured to send the preset password, the preset license identifier information, the authorization information, and the application license key to the security lock binding party, so that the security lock binding party uses the preset password and the preset license identifier information to import the authorization information and the application license key into the preset security lock information, and obtain the imported preset security lock information; transmitting the application service data and the application license key to a security lock binding party so that the security lock binding party binds the application service data with the imported preset security lock information to obtain target application service data and target security lock information which are associated with each other, wherein the target security lock information contains the application license key; and receiving the target application service data and the target security lock information sent by the security lock binding party.

In one embodiment of the present application, based on the foregoing scheme, the resource key includes an authentication key and a debug key; the transceiver unit 840 is further configured to send the verification key and the debug key to the resource builder, so that the resource builder generates resource data based on the verification key and the debug key; and receiving the resource data sent by the resource building side.

In one embodiment of the present application, based on the foregoing scheme, the process of deploying the target application service data by the control device based on the application license key and the authorization information includes: the transceiving unit 840 in the control apparatus transmits the preset password and the preset license identification information read from the target security lock information to the designated server, so that the processing unit 810 in the designated server reads the application license key and the authorization information from the target security lock information based on the preset password and the preset license identification information; the appointed server uses the application license key and the authorization information to initialize the target application service data, and uses the application license key to generate an application license corresponding to the target application service; the designated server deploys the target application service based on the target application service data and the application license.

In one embodiment of the present application, based on the foregoing scheme, the process of loading the resource data by the control device based on the resource key includes: the transceiving unit 840 in the control apparatus transmits a preset password and preset license identification information to the designated server to cause the designated server to load resource data using the application license key; the processing unit 810 in the specified server invokes the resource license corresponding to the resource data generated using the authentication key, and runs the resource data based on the authentication key and the resource license.

In one embodiment of the present application, based on the foregoing solution, if the transceiver unit 840 in the control device receives the export request of the resource data, the preset password and the preset license identifier information are sent to the specified server, so that the processing unit 810 in the specified server generates a debug license based on the debug key, and uses the debug license to debug the resource data, so as to obtain the debugged resource data.

It should be noted that the apparatus provided in the foregoing embodiment and the method provided in the foregoing embodiment belong to the same concept, and the specific manner in which the respective modules and units perform the operations have been described in detail in the method embodiment.

The embodiment of the application also provides a digital twin offline service deployment device based on the license and the security lock, which comprises: one or more processors; and a memory for storing one or more programs that, when executed by the one or more processors, cause the electronic device to implement a digital twin offline service deployment method based on the license and the security lock as before.

FIG. 9 is a schematic diagram of a computer system suitable for use in implementing a license and security lock based digital twin offline service deployment device in accordance with an embodiment of the present application.

It should be noted that, the computer system 900 of the electronic device shown in fig. 9 is only an example, and should not impose any limitation on the functions and the application scope of the embodiments of the present application.

As shown in fig. 9, the computer system 900 includes a central processing unit (Central Processing Unit, CPU) 901 which can perform various appropriate actions and processes, such as performing the methods in the above-described embodiments, according to a program stored in a Read-Only Memory (ROM) 902 or a program loaded from a storage section 908 into a random access Memory (Random Access Memory, RAM) 903. In the RAM 903, various programs and data required for system operation are also stored. The CPU 901, ROM 902, and RAM 903 are connected to each other through a bus 904. An Input/Output (I/O) interface 905 is also connected to bus 904.

The following components are connected to the I/O interface 905: an input section 906 including a keyboard, a mouse, and the like; an output section 907 including a speaker and the like, such as a Cathode Ray Tube (CRT), a liquid crystal display (Liquid Crystal Display, LCD), and the like; a storage portion 908 including a hard disk or the like; and a communication section 909 including a network interface card such as a LAN (Local Area Network ) card, a modem, or the like. The communication section 909 performs communication processing via a network such as the internet. The drive 910 is also connected to the I/O interface 905 as needed. A removable medium 911 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is installed as needed on the drive 910 so that a computer program read out therefrom is installed into the storage section 908 as needed.

In particular, according to embodiments of the present application, the processes described above with reference to flowcharts may be implemented as computer software programs. For example, embodiments of the present application include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising a computer program for performing the method shown in the flowchart. In such an embodiment, the computer program may be downloaded and installed from the network via the communication portion 909 and/or installed from the removable medium 911. When the computer program is executed by a Central Processing Unit (CPU) 901, various functions defined in the system of the present application are performed.

It should be noted that, the computer readable medium shown in the embodiments of the present application may be a computer readable signal medium or a computer readable storage medium, or any combination of the two. The computer readable medium can be, for example, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples of the computer-readable medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-Only Memory (ROM), an erasable programmable read-Only Memory (Erasable Programmable Read Only Memory, EPROM), flash Memory, an optical fiber, a portable compact disc read-Only Memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present application, however, a computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, with a computer-readable computer program embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. A computer program embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.

The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. Where each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.

The units involved in the embodiments of the present application may be implemented by means of software, or may be implemented by means of hardware, and the described units may also be provided in a processor. Wherein the names of the units do not constitute a limitation of the units themselves in some cases.

Another aspect of the present application also provides a computer readable medium having stored thereon a computer program which, when executed by a processor, implements a digital twin offline service deployment method based on a license and a security lock as before. The computer-readable medium may be included in the electronic device described in the above embodiment or may exist alone without being incorporated in the electronic device.

Another aspect of the present application also provides a computer program product or computer program comprising computer instructions stored in a computer readable medium. The processor of the computer device reads the computer instructions from the computer-readable medium, and the processor executes the computer instructions, so that the computer device performs the digital twin offline service deployment method based on the license and the security lock provided in the above embodiments.

The foregoing is merely a preferred exemplary embodiment of the present application and is not intended to limit the embodiments of the present application, and those skilled in the art may make various changes and modifications according to the main concept and spirit of the present application, so that the protection scope of the present application shall be subject to the protection scope of the claims.

Claims

1. A digital twin offline service deployment method based on a license and a security lock, comprising:

2. The method according to claim 1, wherein the constructing the target application service data corresponding to the target application service based on the preset password and the preset license identification information includes:

Reading the preset password from a preset security lock file;

the preset password is sent to a service construction party, so that the service construction party respectively constructs platform service data corresponding to the target service and application service data corresponding to the target application service based on the preset password;

receiving platform service data and application service data sent by the service building party;

and integrating the platform service data and the application service data based on the preset license identification information to obtain the target application service data.

3. The method according to claim 2, wherein associating the application service data with the authorization information to obtain the target application service data and the target security lock information associated with each other, comprises:

the preset password, the preset permission identification information, the authorization information and the application license key are sent to a safety lock binding party, so that the safety lock binding party uses the preset password and the preset permission identification information to import the authorization information and the application license key into preset safety lock information, and imported preset safety lock information is obtained;

The application service data and the application license key are sent to the security lock binding party, so that the security lock binding party binds the application service data with the imported preset security lock information to obtain the target application service data and the target security lock information which are associated with each other, and the target security lock information contains the application license key;

and receiving the target application service data and the target security lock information sent by the security lock binding party.

4. The method of claim 1, wherein the resource key comprises an authentication key and a debug key;

the constructing the resource data corresponding to the target application service data based on the resource key corresponding to the control device includes:

transmitting the verification key and the debugging key to a resource building party so that the resource building party generates the resource data based on the verification key and the debugging key;

and receiving the resource data sent by the resource building party.

5. The method of claim 1, wherein the process of the control device deploying target application service data based on the application license key and the authorization information comprises:

The control device sends the preset password and the preset permission identification information read from the target security lock information to a specified server, so that the specified server reads the application license key and the authorization information from the target security lock information based on the preset password and the preset permission identification information;

the appointed server initializes the target application service data by using an application license key and the authorization information, and generates an application license corresponding to the target application service by using the application license key;

the designated server deploys the target application service based on the target application service data and the application license.

6. The method of claim 1, wherein the process of loading the resource data by the control device based on the resource key comprises:

the control device sends the preset password and preset license identification information to a designated server so that the designated server uses the application license key to load the resource data;

and the designated server calls a resource license corresponding to the resource data generated by using the verification key, and runs the resource data based on the verification key and the resource license.

7. The method of claim 6, wherein the method further comprises:

and if the control equipment receives the export request of the resource data, sending the preset password and the preset permission identification information to the specified server so that the specified server generates a debugging license based on a debugging key, and debugging the resource data by using the debugging license to obtain the debugged resource data.

8. A digital twin offline service deployment apparatus based on a license and a security lock, comprising:

9. A digital twin offline service deployment device based on a license and a security lock, comprising:

a memory storing computer readable instructions;

a processor reading computer readable instructions stored in a memory to perform the method of any one of claims 1 to 7.

10. A computer readable storage medium having stored thereon computer readable instructions which, when executed by a processor of a computer, cause the computer to perform the method of any of claims 1 to 7.