CN117873500A - Digital twin license rapid generation and offline service deployment method and device - Google Patents

Digital twin license rapid generation and offline service deployment method and device Download PDF

Info

Publication number
CN117873500A
CN117873500A CN202311864984.3A CN202311864984A CN117873500A CN 117873500 A CN117873500 A CN 117873500A CN 202311864984 A CN202311864984 A CN 202311864984A CN 117873500 A CN117873500 A CN 117873500A
Authority
CN
China
Prior art keywords
license
service
resource
target service
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311864984.3A
Other languages
Chinese (zh)
Inventor
伊尚丰
卜凡起
郑航
展兆建
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Baweitong Technology Co ltd
Original Assignee
Baweitong Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Baweitong Technology Co ltd filed Critical Baweitong Technology Co ltd
Priority to CN202311864984.3A priority Critical patent/CN117873500A/en
Publication of CN117873500A publication Critical patent/CN117873500A/en
Pending legal-status Critical Current

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

The embodiment of the application discloses a method and a device for quickly generating a digital twin license and deploying offline service. The method relates to a digital twinning technology, and specifically comprises the following steps: generating a service license key pair and a resource license key pair based on an opening request for a target service sent by a control device; encrypting the authorization information of the target service and the equipment characteristic information acquired from the control equipment by using the private key and the symmetric key of the service license to obtain the service license of the target service; constructing resource data corresponding to the target service based on the resource license public key, and constructing target service data based on the service license public key and the resource data; the control device deploys the target service based on the service license public key, the symmetric key, and the target service data, and deploys the resource data based on the resource license private key. By the method, the efficiency of generating the service license is improved, meanwhile, the data security is ensured by using asymmetric encryption, and the deployment efficiency of offline service is improved.

Description

Digital twin license rapid generation and offline service deployment method and device
Technical Field
The application relates to the field of digital twinning, in particular to a method and a device for quickly generating digital twinning license and deploying offline service.
Background
In the service deployment process, the generation of a license is involved, and if information leakage occurs, the license is information with privacy, which can cause threat of user information security and cause user loss.
In the related art, it is generally necessary to carry a large amount of information when generating a license. This is because the management and delivery process of keys may involve more complexity. Particularly in the case of symmetric encryption, security transmission and management of keys is introduced as keys need to be communicated in the communication. To circumvent these potential problems, it is sometimes possible to employ larger key lengths or more complex key management mechanisms, resulting in the license carrying more information. Employing a larger key length or a more complex key management mechanism may result in reduced license generation efficiency, which may also result in reduced efficiency of offline service deployment.
Therefore, how to improve the efficiency of license generation and the efficiency of offline service deployment is a highly desirable problem.
Disclosure of Invention
To solve the above technical problems, embodiments of the present application provide a method, an apparatus, a device, and a computer-readable storage medium for digital twin license rapid generation and offline service deployment.
The technical scheme adopted by the application is as follows:
a digital twinned license rapid generation and offline service deployment method, the method comprising:
generating a service license public key and a service license private key, and a resource license public key and a resource license private key based on an opening request for a target service sent by a control device;
encrypting authorization information of the target service and equipment characteristic information acquired from the control equipment by utilizing the service license private key and the symmetric key to obtain a service license of the target service;
constructing resource data corresponding to the target service based on the resource license public key, and constructing target service data based on the service license public key and the resource data;
the resource data, the target service data, the service license, and the symmetric key are transmitted to the control device, so that the control device deploys the target service based on the service license public key, the symmetric key, and the target service data, and deploys the resource data based on the resource license private key.
In one embodiment of the present application, based on the foregoing scheme, the device feature information and the authorization information of the target service are encrypted by using a random password and the symmetric key, so as to obtain an encrypted ciphertext; encrypting the hash abstract and the random password corresponding to the encrypted ciphertext by using the private key of the service license to obtain a signature; a service license for the target service is generated based on the encrypted ciphertext and the signature.
In one embodiment of the present application, based on the foregoing solution, before encrypting, by using the service license private key and the symmetric key, device feature information of the control device and authorization information of the target service to obtain a service license of the target service, determining, based on an activation request of the target service, a resource package identifier and an authorization code number corresponding to the control device, where the resource package identifier and the authorization code number have usage rights; generating an authorization code list aiming at the resource package identifier with the use permission and the authorization code number; and adding the authorization code list and the resource package identifier with the use authority into the authorization information.
In one embodiment of the present application, based on the foregoing scheme, the authorization code list and the resource license public key are sent to a resource builder, so that the resource builder generates the resource data based on the authorization code list and the resource license public key; and receiving the resource data sent by the resource building party.
In one embodiment of the present application, based on the foregoing scheme, the service license public key is sent to a service builder, so that the service builder builds target service data corresponding to the target service based on the service license public key; and receiving the target service data sent by the service constructor.
In one embodiment of the present application, based on the foregoing scheme, the process of deploying the target service by the control device based on the service license public key, the symmetric key, and the target service data includes: the control device sends the service license to a designated server so that the designated server can verify the service license by using the service license public key and the symmetric key to obtain the authorization information, and the target service is deployed on the designated server based on the authorization information.
In one embodiment of the present application, based on the foregoing scheme, the deploying the resource data based on the resource license private key includes: the control device transmits identification information of specified resource data to a specified server, so that the specified server acquires an authorization code matched with a specified user from the authorization code list, consumes the acquired authorization code, generates a resource license based on the resource license private key and the symmetric key, and deploys the resource data based on the resource license and the identification information of a resource package contained in the resource license.
A digital twinned license quick generation and offline service deployment apparatus, the apparatus comprising:
a processing unit for generating a service license public key and a service license private key, and a resource license public key and a resource license private key based on an opening request for a target service sent by the control device;
an encrypting unit, configured to encrypt the device feature information of the control device and the authorization information of the target service by using the service license private key and the symmetric key, so as to obtain a service license of the target service;
a construction unit, configured to construct resource data corresponding to the target service based on the resource license public key, and construct target service data based on the service license public key and the resource data;
and the receiving and transmitting unit is used for transmitting the resource data, the target service data, the service license and the symmetric key to the control equipment so that the control equipment deploys the target service based on the service license public key, the symmetric key and the target service data and deploys the resource data based on the resource license private key.
A digital twin license rapid generation and offline service deployment device comprises a processor and a memory, wherein computer readable instructions are stored in the memory, and the computer readable instructions realize the digital twin license rapid generation and offline service deployment method when being executed by the processor.
A computer readable storage medium having stored thereon computer readable instructions which, when executed by a processor of a computer, cause the computer to perform the digital twinned license quick generation and offline service deployment method as above.
A computer program product comprising computer readable instructions which, when executed by a processor, implement a digital twinned license quick generation and offline service deployment method as above.
In the above-mentioned technical scheme, the method comprises the steps of,
after receiving the opening request for the target service sent by the control device, a corresponding service license public key and a corresponding service license private key, and a resource license public key and a resource license private key can be generated. When the service license is generated, the device characteristic information of the control device and the authorization information of the target service can be encrypted by using the private key and the symmetric key of the service license to obtain the service license of the target service, so that the service license is generated by using an encryption mode combining asymmetric encryption and symmetric encryption, and the efficiency of generating the service license is improved. After the service license is generated, the resource data may be constructed based on the resource license public key and the target service data may be constructed based on the service license public key, so that the control device may deploy the target service based on the service license public key, the symmetric key, and the target service data, and deploy the resource data based on the resource license private key.
According to the method, on one hand, the service license is generated by using an encryption mode combining asymmetric encryption and symmetric encryption, so that the efficiency of generating the service license is improved, and meanwhile, the data security is ensured by using the asymmetric encryption; on the other hand, the rapid generation of the license improves the construction efficiency of the resource data and the target service data required by the offline service and improves the deployment efficiency of the offline service. In this case, by adopting a hybrid encryption strategy, the advantages of symmetric and asymmetric encryption are combined, so that the amount of information carried can be effectively reduced while the security is ensured.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the application and together with the description, serve to explain the principles of the application. It is apparent that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained from these drawings without inventive effort for a person of ordinary skill in the art. In the drawings:
FIG. 1 is a schematic illustration of an implementation environment to which the present application relates;
FIG. 2 is a flowchart illustrating a method for digital twinned license quick generation and offline service deployment according to an exemplary embodiment;
FIG. 3 is a flow diagram of generating a service license using asymmetric encryption and symmetric encryption in accordance with the present application;
FIG. 4 is a flow diagram of decrypting asymmetric encryption and symmetric encryption generation service licenses in accordance with the present application;
FIG. 5 is a flowchart illustrating a method for digital twinned license quick generation and offline service deployment according to another exemplary embodiment;
FIG. 6 is a flowchart illustrating a method for digital twinned license quick generation and offline service deployment according to another exemplary embodiment;
FIG. 7 is a flowchart illustrating a method for digital twinned license quick generation and offline service deployment according to another exemplary embodiment;
FIG. 8 is a flowchart illustrating a method for digital twinned license quick generation and offline service deployment according to another exemplary embodiment;
FIG. 9 is a block diagram of a digital twinned license quick generation and offline service deployment apparatus, according to an example embodiment;
Fig. 10 is a schematic diagram of a hardware architecture of a digital twinned license quick generation and offline service deployment device, according to an example embodiment.
Detailed Description
Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples do not represent all implementations identical to the present application. Rather, they are merely examples of apparatus and methods that are identical to some aspects of the present application, as detailed in the appended claims.
The block diagrams depicted in the figures are merely functional entities and do not necessarily correspond to physically separate entities. That is, the functional entities may be implemented in software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor devices and/or microcontroller devices.
The flow diagrams depicted in the figures are exemplary only, and do not necessarily include all of the elements and operations/steps, nor must they be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the order of actual execution may be changed according to actual situations.
In this application, the term "plurality" means two or more. "and/or" describes an association relationship of an association object, meaning that there may be three relationships, e.g., a and/or B may represent: a exists alone, A and B exist together, and B exists alone. The character "/" generally indicates that the context-dependent object is an "or" relationship.
It should be noted that, in the specific embodiments of the present application, related data of a user is referred to, when the embodiments of the present application are applied to specific products or technologies, permission or consent of the user needs to be obtained, and collection, use and processing of related data need to comply with related laws and regulations and standards of related countries and regions.
Before describing the technical scheme of the embodiment of the present application, technical terms related to the embodiment of the present application are described herein.
A service license is a license used to authorize and manage the use of software or services. It is a digitized authorization mechanism that ensures that only authorized users or systems can use a particular service or software function. In embodiments of the present application, the following machine fingerprints (i.e., device characteristic information) and authorization information may be included in the service license. Wherein the authorization information includes the number of seats, the selected application, the resource license private key, a list of authorization codes (codes), and other authorization information.
Where the number of seats generally refers to the number of authorized users or devices in the software license. In a software license, a particular license may dictate the number of user seats or devices that can use the software at the same time. This is to limit access and use to ensure legal use of the software and to authorize according to the rules of the license.
The list of authorization codes refers to a set of unique identifiers or codes used to authorize access to software or services. These authorization codes are intended to ensure that a user or system has legal rights in accessing a particular software function or service.
A resource license is a license for authorizing access to and use of a particular resource or function in software that can be controlled and managed to ensure that the package of resources is loaded with legal authorization.
A software development kit (Software Development Kit, SDK) is a collection of tools, libraries, documents, and example code for developing software. SDKs provide a developer with resources and tools to create specific software applications or software frameworks in order to simplify and accelerate the software development process. The purpose of the SDK is to simplify the development process, improve development efficiency, reduce the learning curve of the developer, and ensure the stability and performance of the application in a specific platform or environment. The SDK is widely applied to the fields of mobile application development, web development, internet of things equipment development and the like. For example, android sdk is used for development of Android applications, iOSSDK is used for development of iOS applications.
The digital twin is to fully utilize data such as a physical model, sensor update, operation history and the like, integrate simulation processes of multiple disciplines, multiple physical quantities, multiple scales and multiple probabilities, and complete mapping in a virtual space, thereby reflecting the full life cycle process of corresponding entity equipment. Digital twinning is a beyond-the-reality concept that can be seen as a digital mapping system of one or more important, mutually dependent equipment systems. Digital twinning is a universally adapted theoretical technology system, can be applied in a plurality of fields, and has more application in the fields of product design, product manufacturing, medical analysis, engineering construction and the like. The most deep application in China is in the engineering construction field, the highest attention is paid, and the hottest research is in the intelligent manufacturing field. The present application applies license generation and offline service deployment in the digital twinning field.
Referring to fig. 1, fig. 1 is a schematic view of an implementation environment according to the present application.
As shown in fig. 1, the implementation environment includes a user 110, a control device 120, a designation server 130, an operation server 140, a resource builder 150, and a service builder 160.
The user 110 is an operator of the control device 120, the control device 120 and the designated server 130 are affiliated with the same organization or enterprise, for example, may be the same organization 1, and the user 110 may configure the designated server 130 by operating the control device 120.
The operations server 140, resource builder 150, and service builder 160 may also be affiliated with the same organization, such as organization 2. The three operations of generating the service license, constructing the resource data and the service data and the like can be performed to generate a service item.
In the embodiment of the present application, the organization 2 may be a provider of a service, where one target service includes resource data and service data, and the resource data may be SDK data, which may also be referred to as development data. The operation server 140 may call the resource constructor 150 to construct resource data and call the service constructor 160 to construct service data, respectively, to form a complete service.
If the user 110 needs to use the service of the organization 2, the control device 120 accesses the designated platform of the organization 2 and purchases the service, so that the control device 120 can transmit an opening request of the target service to the operation server 140. After receiving the request for opening the target service, the operation server 140 may generate a service license, construct resource data and service data accordingly, and package and send the three to the control device 120. To facilitate the internal management of the institution 1, the user 110 may deploy the service purchased from the institution 2 locally through the control device 120, which is also referred to as offline service deployment, so that after the deployment is successful, when the personnel of the institution 1 need to use the service, there is no need to access the server of the institution 2, thereby implementing the operation of the offline service.
When the specified server 130 deploys the service, the control device 120 may issue a service license to the specified server 130 to cause the specified server 130 to deploy the service.
Referring to fig. 2, fig. 2 is a flow chart illustrating a digital twinned license quick generation and offline service deployment method according to an exemplary embodiment. The method may be adapted to the implementation environment shown in fig. 2 and is specifically performed by an operating server. Of course, the method may be applied to other implementation environments, and the implementation subject of the method is not limited herein.
The digital twin license quick generation and offline service deployment method will be described in detail below using an operation server as an exemplary execution body.
As shown in fig. 2, in an exemplary embodiment, the method includes at least the steps of:
s210, a service license public key and a service license private key, and a resource license public key and a resource license private key are generated based on an provisioning request for a target service sent by the control device.
In an embodiment of the present application, after receiving an provisioning request for a target service sent by a control device, an operation server may configure organization information (may also be referred to as enterprise information) of an organization to which the control device belongs, so that a service license key pair (including a service license public key and a service license private key) and a resource license key pair (including a resource license public key and a resource license private key) specific to the organization may be generated based on the organization information.
Alternatively, the operation server may not generate the service license key pair based on the organization information, but use a preset service license key pair, so that all organizations or users can share the service data of a target service, and the operation server does not need to repeatedly construct the service data. Wherein the service data is constructed based on a service license key pair.
S220, encrypting the device characteristic information of the control device and the authorization information of the target service by using the service license private key and the symmetric key to obtain the service license of the target service.
In an embodiment of the present application, after generating the service license key pair and the resource license key pair, the operation server may configure authorization information for an organization to which the control device belongs, where the authorization information includes a seat number, a selected application, a resource license private key, a code (code) list, and other authorization information. Wherein the authorization code list may be an authorization code list of a specific application item. Because a control device may purchase different applications, each application is independent of the other, and the number of users (the same as the number of authorization codes) that each application can support is different, each application has a corresponding list of authorization codes. If the user purchases a plurality of applications through the control device, there will be a list of authorization codes corresponding to the plurality of applications, for example, a list of authorization codes corresponding to the application soombi, a list of authorization codes of the application SoonManager, etc. The operation server can generate a designated number of authorization codes for each application according to the purchase condition of the control equipment, and obtain an authorization code list corresponding to each application.
In an embodiment of the present application, the operation server also needs to acquire the device characteristic information from the control device before generating the service license of the target service. Wherein the device characteristic information may be a machine fingerprint. Specifically, the operation server needs to send a request message of the device feature information to the control device, and after the control device receives the request message, the device feature information needs to be generated by using a generating program of the device feature information, where the device feature information may belong to a designated server to which the control device is connected. The control device may forward the request message of the device feature information to the designated server, and after the designated server invokes the generating program of the device feature information to generate the device feature information, the device feature information is returned to the control device, and the control device sends the device feature information to the operation server.
After receiving the device characteristic information sent by the control device, the operation server can encrypt the device characteristic information of the control device and the authorization information of the target service by using the service license private key and the symmetric key to obtain the service license of the target service.
In the embodiment of the present application, the service license generation process uses an encryption scheme that combines two encryption schemes, i.e., symmetric encryption and asymmetric encryption.
Specifically, the operation server may encrypt the device feature information and the authorization information of the target service by using a random password and a symmetric key to obtain an encrypted ciphertext, then encrypt the hash digest and the random password corresponding to the encrypted ciphertext by using a private key of the service license to obtain a signature, and finally generate the service license of the target service based on the encrypted ciphertext and the signature.
As shown in fig. 3, the operation server may first encrypt the plaintext with a random password and a symmetric key by using the device feature information and the authorization information as the plaintext, to obtain an encrypted ciphertext, and then perform a hash operation on the encrypted ciphertext to obtain a corresponding hash digest. And then the previous random password is used, the random password and the hash digest are taken as a whole, the signature information is called signature information, and the signature information is encrypted by using a service license to obtain a signature. Finally, the signature is combined with the encrypted ciphertext, so that the service license of the target service can be obtained.
Alternatively, in embodiments of the present application, the service license may be in the form of JSON format. The asymmetric encryption algorithm may use an RSA algorithm, the key format in RSA uses pkcs#8, and the encrypted stuffing scheme uses an rsa_pkcs1_padding scheme. The symmetric encryption algorithm uses the AES algorithm, the encryption mode uses ECB, and the pad mode uses PKCS #7. The hash algorithm used in the hashing operation may be MD5.
S230, constructing resource data corresponding to the target service based on the public key of the resource license, and constructing target service data based on the public key of the service license and the resource data.
The method comprises the steps of constructing resource data corresponding to a target service based on a public key of a resource license, wherein the resource data comprises the following specific steps: the operating server needs to send the list of authorized codes and the public key of the resource license to the resource builder. The resource constructor may be disposed on an operation server, or may be disposed on a server independent from the operation server, which is not limited herein. The resource building party can build an SDK by obtaining the authorized code list and the public key of the resource license, and the public key of the resource license and the authorized code list are built in the SDK. The SDK file may be referred to as resource data.
After the resource building side builds the resource data, the resource data is returned to the operation server, and accordingly, the operation server can receive the resource data sent by the resource building side.
In addition, the target service data is constructed based on the service license public key and the resource data, specifically: the operation server needs to send the service license public key to the service builder. The service builder may be deployed on an operation server, or may be deployed on a server independent of the operation server, which is not limited herein. The service builder obtains the service license public key to build a service data in which the service license public key is built for decrypting the service license. The service data is the target service data corresponding to the target service.
After the service building side builds the target service data, the target service data is returned to the operation server, and accordingly, the operation server can receive the target service data sent by the service building side.
And S240, the resource data, the target service data, the service license and the symmetric key are transmitted to the control device, so that the control device deploys the target service based on the service license public key, the symmetric key and the target service data, and deploys the resource data based on the resource license private key.
Wherein the message composed of the resource data, the target service data, the service license and the symmetric key may be referred to as an activation response of the target service. After receiving the opening response, the control device can start to deploy the target service in the mechanism.
The control device sends the service license to the appointed server, so that the appointed server uses the public key and the symmetric key of the service license to verify the service license, authorization information corresponding to the target service is obtained, and the target service is deployed on the appointed server based on the authorization information. Wherein, since the service data contains the service license public key, the designated server can verify the service license by using the service license public key and the received symmetric key.
Specifically, as shown in fig. 4, the encrypted ciphertext and the signature are included in the service license, and the designated server may first extract the encrypted ciphertext and the signature, respectively. And decrypting the signature by using the public key of the service license to obtain signature information, wherein the signature information comprises the hash digest and the random password. Then, the appointed server needs to extract the hash abstract and the random password from the signature information, and carries out hash operation on the encrypted ciphertext to obtain the ciphertext abstract, and at the moment, whether the hash abstract and the ciphertext abstract are the same or not needs to be judged, and if the hash abstract and the ciphertext abstract are different, verification fails. If the hash digest is the same, the ciphertext digest and the random password can be decrypted by using the symmetric key to obtain a plaintext. The plaintext is the equipment characteristic information of the appointed server and the authorization information of the target service.
The appointed server needs to carry out identity verification based on the decrypted equipment characteristic information, namely, the machine fingerprint is verified, if verification is passed, service deployment can be carried out according to the authorization information, and in the process, the appointed server needs to carry out service data deployment so as to enable the appointed server to have the use function of the target service. After deployment is completed, the target service needs to be initialized and started.
After the service is started, if the control device needs to export resource data for a new item in the target service, an export request for the resource data may be sent to the designated server. The control device at this time may be any device that is connected to the designated server and has an authorization code in the authorization code list. The control device transmits identification information of specified resource data (i.e., a resource package) to the specified server, so that the specified server acquires an authorization code matching with the specified user from the authorization code list, consumes the acquired authorization code, generates a resource license based on the resource license private key and the symmetric key, and deploys the resource data based on the resource license and the identification information of the specified resource package contained in the resource license.
Specifically, after receiving the export request sent by the control device, the specified server can detect which user the control device belongs to, take the user as the specified user, acquire the authorization code matched with the specified user from the authorization code list, consume the authorization code and bind the authorization code with the control device. In this way, the designated server can generate a resource license based on the resource license in the authorization information so that the control device can use the resource data through the resource license. In addition, the designated server also needs to deploy the resource data sent by the operation server.
Wherein the control device adds identification information of the required use resource package in the export request of the resource data before generating the resource license. The resource data may include a plurality of resource packages, each of which corresponds to one of the identification information, and the control device may designate to generate a resource license corresponding to a certain resource package. Thus, the designated server can generate a resource license for the corresponding resource package based on the identification information. In the generation process of the resource license, the designated server also adopts a mode of combining asymmetric encryption and symmetric encryption to encrypt, and the resource license can be generated by consuming a private key and a symmetric key of the resource license.
After the resource license is generated, the designated server needs to return both the resource package designated by the control device and the resource license corresponding to the resource package to the control device so that the control device can use the resource package.
In an embodiment of the present application, when the control device needs to use the resource package, the resource package and the resource license of the resource package need to be sent to the SDK connected to the control device, where the SDK is in the same organization as the control device and the designated server. The SDK may verify the resource license using the public key of the resource license contained in the resource data, and if the verification is passed, the resource package may be used to perform the operation of the related item. In embodiments of the present application, the items may include rendering items, such as rendering of a subway three-dimensional model, rendering of a train three-dimensional travel model, and so on.
According to the method, on one hand, the service license is generated by using an encryption mode combining asymmetric encryption and symmetric encryption, so that the efficiency of generating the service license is improved, and meanwhile, the data security is ensured by using the asymmetric encryption; on the other hand, the rapid generation of the license improves the construction efficiency of the resource data and the target service data required by the offline service and improves the deployment efficiency of the offline service. In this case, by adopting a hybrid encryption strategy, the advantages of symmetric and asymmetric encryption are combined, so that the amount of information carried can be effectively reduced while the security is ensured.
In one embodiment of the present application, another digital twinned license quick generation and offline service deployment method is provided, which can be performed by an operation server. As shown in fig. 5, the digital twin license quick generation and offline service deployment method may include S210, S510 to S530, S220 to S240. That is, S510 to S530 are specific implementation methods before S220 shown in fig. 2.
S510 to S530 are described below:
s510, determining the resource package identifier and the authorization code number with the use authority corresponding to the control equipment based on the opening request of the target service.
When the control device purchases the target service, the control device needs to select the required function and the number of times or the number of users to use, so that after the purchase is successful, the control device has the use authority of the specific function, and each function has the corresponding resource package. Therefore, the opening request contains the information of the resource package identifier with the use authority and the authorization code number.
S520, an authorization code list is generated for the resource package identification with the use authority and the authorization code number.
The operation server may generate a corresponding authorization code list for each resource package having the usage rights.
S530, adding the authorization code list and the function with the use authority to the authorization information.
That is, the authorization information includes a function having a use right corresponding to the control device and an authorization code list corresponding to the function.
By the method, the operation server can timely generate the authorization code list corresponding to the function of the control equipment with the use authority, timely obtain the authorization information of the target service, and improve the generation efficiency of the service license.
In one embodiment of the present application, another digital twinned license quick generation and offline service deployment method is provided, which can be performed by an operation server. As shown in fig. 6, the digital twin license quick generation and offline service deployment method may include S210 to S220, S610 to S630, and S240. That is, S610 to S630 are specific implementation methods of S230 shown in fig. 2.
S610 and S630 are described below:
and S610, transmitting the authorization code list and the public key of the resource license to the resource constructor so that the resource constructor generates resource data based on the authorization code list and the public key of the resource license.
The operation server needs to send the authorization code list and the public key of the resource license to the resource constructor, and the resource constructor can add the public key of the resource license and all the authorization code lists to the resource data. The resource data may further include various kinds of resource files for implementing corresponding functions, such as a rendering file, a modeling file, a color file, and the like. The resource builder at this time may also be referred to as an SDK builder, and SDK data (i.e., resource data) may be built using an SDK builder.
S620, receiving the resource data sent by the resource constructor.
The resource builder may return the resource data to the operation server accordingly.
S630, constructing target service data based on the service license public key and the resource data.
By the method, the operation server can call the resource building party to build the resource data without self-building, so that a large amount of computing resources are saved, and the generation efficiency of the service license is improved.
In one embodiment of the present application, another digital twinned license quick generation and offline service deployment method is provided, which can be performed by an operation server. As shown in fig. 7, the digital twin license quick generation and offline service deployment method may include S210 to S220, S710 to S730, and S240. That is, S710 to S730 are specific implementation methods of S230 shown in fig. 2.
S710 to S730 are described below:
s710, constructing resource data corresponding to the target service based on the public key of the resource license.
S720, sending the public key of the service license to the service construction party so that the service construction party can construct target service data corresponding to the target service based on the public key of the service license.
The service builder starts building target service data corresponding to the target service based on the service license public key in combination with other data and algorithms. The service constructor can combine the resource data to construct target service data.
And S730, receiving target service data sent by the service constructor.
By the method, the operation server can call the service construction party to construct the target service data without constructing the service data, so that a large amount of computing resources are saved, and the generation efficiency of the service license is improved.
In one embodiment of the present application, another digital twinned license quick generation and offline service deployment method is provided, which can be executed by a computer. As shown in fig. 8, the digital twin license quick generation and offline service deployment method may include S801 to S821.
S801 to S821 are described below:
s801, the control device purchases the target service and triggers sending of an opening request of the target service to the operation server.
S802, the operation server generates a service license key pair and a resource license key pair.
S803, the operation server determines the resource package identifier and the authorization code number with the use authority corresponding to the control device based on the opening request of the target service.
S804, the operation server generates an authorization code list aiming at the resource data identification with the use authority and the authorization code quantity to obtain authorization information.
S805, the operation server acquires device characteristic information of the specified server from the control device.
And S806, the operation server encrypts the authorization information of the target service and the equipment characteristic information acquired from the control equipment by using the private key and the symmetric key of the service license to obtain the service license of the target service.
S807, the operation server transmits the authorization code list and the resource license public key to the resource builder.
S808, the resource builder generates resource data based on the authorization code list and the resource license public key.
S809, the operation server receives the resource data sent by the resource constructor.
S810, the operation server sends the service license public key to the service builder.
S811, the service construction side constructs target service data corresponding to the target service based on the service license public key.
And S812, the operation server receives the target service data sent by the service construction party.
S813, the operation server transmits the resource data, the target service data, the service license, and the symmetric key to the control device.
S814, the control device transmits the service license to the specified server.
S815, the designated server verifies the service license by using the service license public key and the symmetric key to obtain authorization information, and deploys the target service on the designated server based on the authorization information.
S816, if the control device needs to export the resource data, it sends an export request of the specified resource data to the specified server.
Wherein the export request includes identification information specifying the resource data (resource package).
S817, the designated server acquires the authorization code matched with the designated user from the authorization code list.
S818, the server is appointed to consume the acquired authorization code, a resource license is generated based on the private key and the symmetric key of the resource license, and the resource data is deployed based on the resource license and the identification information of the resource package contained in the resource license.
And S819, the control device sends the specified resource data and the resource license to the SDK.
S820, the SDK verifies the resource license.
S821, if the verification is passed, the SDK uses the resource package to perform the operation of the related item.
Wherein S801 to S806 are construction processes of a service license; s807 to S809 are construction processes of resource data (SDK); s810 to S814 are construction processes of target service data; s815 is a deployment procedure of an offline service; s816 to S818 are deployment procedures of resource data; s819 to S821 are use permission procedures of the resource package.
According to the method, on one hand, the service license is generated by using an encryption mode combining asymmetric encryption and symmetric encryption, so that the efficiency of generating the service license is improved, and meanwhile, the data security is ensured by using the asymmetric encryption; on the other hand, the rapid generation of the license improves the construction efficiency of the resource data and the target service data required by the offline service and improves the deployment efficiency of the offline service. In this case, by adopting a hybrid encryption strategy, the advantages of symmetric and asymmetric encryption are combined, so that the amount of information carried can be effectively reduced while the security is ensured.
FIG. 9 is a block diagram of a digital twinned license quick generation and offline service deployment apparatus, as shown in one embodiment of the present application. As shown in fig. 9, the apparatus includes:
a processing unit 910, configured to generate a service license public key and a service license private key, and a resource license public key and a resource license private key, based on an activation request for a target service sent by the control device;
an encryption unit 920, configured to encrypt the device feature information of the control device and the authorization information of the target service by using the service license private key and the symmetric key, so as to obtain a service license of the target service;
a construction unit 930 for constructing resource data corresponding to the target service based on the resource license public key, and constructing target service data based on the service license public key and the resource data;
the transceiver unit 940 is configured to send the resource data, the target service data, the service license, and the symmetric key to the control device, so that the control device deploys the target service based on the service license public key, the symmetric key, and the target service data, and deploys the resource data based on the resource license private key.
In one embodiment of the present application, based on the foregoing scheme, the encryption unit 920 is further configured to encrypt the device feature information and the authorization information of the target service by using a random password and a symmetric key, to obtain an encrypted ciphertext; the encrypting unit 920 is further configured to encrypt the hash digest and the random password corresponding to the encrypted ciphertext with a private key of the service license, and the processing unit 910 is further configured to obtain a signature; a service license for the target service is generated based on the encrypted ciphertext and the signature.
In one embodiment of the present application, based on the foregoing solution, before encrypting the device feature information of the control device and the authorization information of the target service by using the service license private key and the symmetric key to obtain the service license of the target service, the processing unit 910 is further configured to determine, based on the activation request of the target service, the number of resource packages identifier and authorization codes with use rights corresponding to the control device; generating an authorization code list aiming at the resource package identification with the use authority and the authorization code quantity; and adding the authorization code list and the resource package identifier with the use authority into the authorization information.
In one embodiment of the present application, based on the foregoing solution, the transceiver unit 940 is further configured to send the authorization code list and the public key of the resource license to the resource builder, so that the building unit 930 of the resource builder generates the resource data based on the authorization code list and the public key of the resource license; and receiving the resource data sent by the resource building side.
In one embodiment of the present application, based on the foregoing solution, the transceiver unit 940 is further configured to send a service license public key to the service builder, so that the building unit 930 in the service builder builds the target service data corresponding to the target service based on the service license public key; and receiving target service data sent by the service constructor.
In one embodiment of the present application, based on the foregoing scheme, the process of deploying the target service by the control device based on the service license public key, the symmetric key, and the target service data includes: the transceiving unit 940 in the control device transmits the service license to the designated server so that the processing unit 910 in the designated server verifies the service license using the service license public key and the symmetric key, obtains authorization information, and deploys the target service on the designated server based on the authorization information.
In one embodiment of the present application, based on the foregoing scheme, the process of deploying resource data based on the resource license private key includes: the transceiving unit 940 in the control device transmits identification information of the specified resource data to the specified server, so that the processing unit 910 in the specified server acquires an authorization code matching the specified user from the authorization code list, consumes the acquired authorization code, generates a resource license based on the resource license private key and the symmetric key, and performs deployment of the resource data based on the resource license and the identification information of the resource package included in the resource license.
It should be noted that the apparatus provided in the foregoing embodiment and the method provided in the foregoing embodiment belong to the same concept, and the specific manner in which the respective modules and units perform the operations have been described in detail in the method embodiment.
The embodiment of the application also provides a device for quickly generating and deploying digital twin license and offline service, comprising: one or more processors; and a memory for storing one or more programs that, when executed by the one or more processors, cause the electronic device to implement a digital twinned license quick generation and offline service deployment method as before.
FIG. 10 is a schematic diagram of a computer system suitable for use in implementing the digital twinned license quick generation and offline service deployment device of an embodiment of the present application.
It should be noted that, the computer system 1000 of the electronic device shown in fig. 10 is only an example, and should not impose any limitation on the functions and the application scope of the embodiments of the present application.
As shown in fig. 10, the computer system 1000 includes a central processing unit (Central Processing Unit, CPU) 1001 which can perform various appropriate actions and processes, such as performing the method in the above-described embodiment, according to a program stored in a Read-Only Memory (ROM) 1002 or a program loaded from a storage section 1008 into a random access Memory (Random Access Memory, RAM) 1003. In the RAM 1003, various programs and data required for system operation are also stored. The CPU 1001, ROM 1002, and RAM 1003 are connected to each other by a bus 1004. An Input/Output (I/O) interface 1005 is also connected to bus 1004.
The following components are connected to the I/O interface 1005: an input section 1006 including a keyboard, a mouse, and the like; an output portion 1007 including a Cathode Ray Tube (CRT), a liquid crystal display (Liquid Crystal Display, LCD), and a speaker; a storage portion 1008 including a hard disk or the like; and a communication section 1009 including a network interface card such as a LAN (Local Area Network ) card, a modem, or the like. The communication section 1009 performs communication processing via a network such as the internet. The drive 1010 is also connected to the I/O interface 1005 as needed. A removable medium 1011, such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like, is installed as needed in the drive 1010, so that a computer program read out therefrom is installed as needed in the storage section 1008.
In particular, according to embodiments of the present application, the processes described above with reference to flowcharts may be implemented as computer software programs. For example, embodiments of the present application include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising a computer program for performing the method shown in the flowchart. In such an embodiment, the computer program may be downloaded and installed from a network via the communication portion 1009, and/or installed from the removable medium 1011. When executed by a Central Processing Unit (CPU) 1001, the computer program performs various functions defined in the system of the present application.
It should be noted that, the computer readable medium shown in the embodiments of the present application may be a computer readable signal medium or a computer readable storage medium, or any combination of the two. The computer readable medium can be, for example, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples of the computer-readable medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-Only Memory (ROM), an erasable programmable read-Only Memory (Erasable Programmable Read Only Memory, EPROM), flash Memory, an optical fiber, a portable compact disc read-Only Memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present application, however, a computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, with a computer-readable computer program embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. A computer program embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. Where each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units involved in the embodiments of the present application may be implemented by means of software, or may be implemented by means of hardware, and the described units may also be provided in a processor. Wherein the names of the units do not constitute a limitation of the units themselves in some cases.
Another aspect of the present application also provides a computer readable medium having stored thereon a computer program which, when executed by a processor, implements a digital twinned license quick generation and offline service deployment method as before. The computer-readable medium may be included in the electronic device described in the above embodiment or may exist alone without being incorporated in the electronic device.
Another aspect of the present application also provides a computer program product or computer program comprising computer instructions stored in a computer readable medium. The processor of the computer device reads the computer instructions from the computer-readable medium, and the processor executes the computer instructions, so that the computer device performs the digital twinned license quick generation and offline service deployment method provided in the above embodiments.
The foregoing is merely a preferred exemplary embodiment of the present application and is not intended to limit the embodiments of the present application, and those skilled in the art may make various changes and modifications according to the main concept and spirit of the present application, so that the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (10)

1. A digital twinned license rapid generation and offline service deployment method, comprising:
generating a service license public key and a service license private key, and a resource license public key and a resource license private key based on an opening request for a target service sent by a control device;
encrypting authorization information of the target service and equipment characteristic information acquired from the control equipment by utilizing the service license private key and the symmetric key to obtain a service license of the target service;
constructing resource data corresponding to the target service based on the resource license public key, and constructing target service data based on the service license public key and the resource data;
the resource data, the target service data, the service license, and the symmetric key are transmitted to the control device, so that the control device deploys the target service based on the service license public key, the symmetric key, and the target service data, and deploys the resource data based on the resource license private key.
2. The method according to claim 1, wherein encrypting the authorization information of the target service and the device characteristic information acquired from the control device using the service license private key and the symmetric key to obtain the service license of the target service includes:
Encrypting the equipment characteristic information and the authorization information of the target service by utilizing a random password and the symmetric key to obtain an encrypted ciphertext;
encrypting the hash abstract and the random password corresponding to the encrypted ciphertext by using the private key of the service license to obtain a signature;
a service license for the target service is generated based on the encrypted ciphertext and the signature.
3. The method of claim 1, wherein prior to encrypting the device characteristic information of the control device and the authorization information of the target service using the service license private key and the symmetric key to obtain the service license for the target service, the method further comprises:
determining a resource package identifier and an authorization code number which correspond to the control equipment and have the use permission based on the opening request of the target service;
generating an authorization code list aiming at the resource package identifier with the use permission and the authorization code number;
and adding the authorization code list and the resource package identifier with the use authority into the authorization information.
4. The method of claim 3, wherein the constructing the resource data corresponding to the target service based on the resource license public key comprises:
Transmitting the authorization code list and the resource license public key to a resource constructor so that the resource constructor generates the resource data based on the authorization code list and the resource license public key;
and receiving the resource data sent by the resource building party.
5. The method of claim 1, wherein the constructing the target service data based on the service license public key and the resource data comprises:
sending the service license public key to a service construction party so that the service construction party constructs target service data corresponding to the target service based on the service license public key;
and receiving the target service data sent by the service constructor.
6. The method of claim 1, wherein the process of the control device deploying the target service based on the service license public key, the symmetric key, and the target service data comprises:
the control device sends the service license to a designated server so that the designated server can verify the service license by using the service license public key and the symmetric key to obtain the authorization information, and the target service is deployed on the designated server based on the authorization information.
7. The method of claim 3, wherein the deploying the resource data based on the resource license private key comprises:
the control device transmits identification information of specified resource data to a specified server, so that the specified server acquires an authorization code matched with a specified user from the authorization code list, consumes the acquired authorization code, generates a resource license based on the resource license private key and the symmetric key, and deploys the resource data based on the resource license and the identification information of a resource package contained in the resource license.
8. A digital twinned license quick generation and offline service deployment apparatus, comprising:
a processing unit for generating a service license public key and a service license private key, and a resource license public key and a resource license private key based on an opening request for a target service sent by the control device;
an encrypting unit, configured to encrypt the device feature information of the control device and the authorization information of the target service by using the service license private key and the symmetric key, so as to obtain a service license of the target service;
A construction unit, configured to construct resource data corresponding to the target service based on the resource license public key, and construct target service data based on the service license public key and the resource data;
and the receiving and transmitting unit is used for transmitting the resource data, the target service data, the service license and the symmetric key to the control equipment so that the control equipment deploys the target service based on the service license public key, the symmetric key and the target service data and deploys the resource data based on the resource license private key.
9. A digital twinned license quick generation and offline service deployment apparatus, comprising:
a memory storing computer readable instructions;
a processor reading computer readable instructions stored in a memory to perform the method of any one of claims 1 to 7.
10. A computer readable storage medium having stored thereon computer readable instructions which, when executed by a processor of a computer, cause the computer to perform the method of any of claims 1 to 7.
CN202311864984.3A 2023-12-29 2023-12-29 Digital twin license rapid generation and offline service deployment method and device Pending CN117873500A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311864984.3A CN117873500A (en) 2023-12-29 2023-12-29 Digital twin license rapid generation and offline service deployment method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311864984.3A CN117873500A (en) 2023-12-29 2023-12-29 Digital twin license rapid generation and offline service deployment method and device

Publications (1)

Publication Number Publication Date
CN117873500A true CN117873500A (en) 2024-04-12

Family

ID=90596268

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311864984.3A Pending CN117873500A (en) 2023-12-29 2023-12-29 Digital twin license rapid generation and offline service deployment method and device

Country Status (1)

Country Link
CN (1) CN117873500A (en)

Similar Documents

Publication Publication Date Title
CN109478223B (en) Method and system for realizing block chain
US8495383B2 (en) Method for the secure storing of program state data in an electronic device
CN101300583B (en) Simple scalable and configurable secure boot for trusted mobile phones
CN111737366B (en) Private data processing method, device, equipment and storage medium of block chain
EP2845141B1 (en) Method and system for activation
Gürgens et al. Security evaluation of scenarios based on the TCG’s TPM specification
KR20070057968A (en) Sharing a secret by using random function
EP3264671A1 (en) Key replacement direction control system, and key replacement direction control method
KR20230078706A (en) Certificate-based security using post-quantum cryptography
CN114465803B (en) Object authorization method, device, system and storage medium
CN110619222A (en) Authorization processing method, device, system and medium based on block chain
US11748521B2 (en) Privacy-enhanced computation via sequestered encryption
CN107920060A (en) Data access method and device based on account
CN106358246B (en) Access token issuing method and related equipment
Dalheimer et al. Genlm: license management for grid and cloud computing environments
CN111510462B (en) Communication method, system, device, electronic equipment and readable storage medium
CN111901287A (en) Method and device for providing encryption information for light application and intelligent equipment
CN117873500A (en) Digital twin license rapid generation and offline service deployment method and device
Hein et al. An autonomous attestation token to secure mobile agents in disaster response
Raghav et al. Privacy-preserving cloud data sharing for healthcare systems with hybrid blockchain
CN114567425B (en) Internet of things communication method and system, soC Sim and Internet of things terminal
CN116561820B (en) Trusted data processing method and related device
CN117873499A (en) Digital twin offline service deployment method and device based on license and security lock
Chaki et al. Verification across intellectual property boundaries
Zhan et al. Multi-party Non-interactive Atomic Fair Data Exchange based on Blockchain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination