WO2021081921A1 - Service authentication method and device and storage medium - Google Patents

Service authentication method and device and storage medium Download PDF

Info

Publication number
WO2021081921A1
WO2021081921A1 PCT/CN2019/114811 CN2019114811W WO2021081921A1 WO 2021081921 A1 WO2021081921 A1 WO 2021081921A1 CN 2019114811 W CN2019114811 W CN 2019114811W WO 2021081921 A1 WO2021081921 A1 WO 2021081921A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
service
activation
device identification
autonomous mobile
Prior art date
Application number
PCT/CN2019/114811
Other languages
French (fr)
Chinese (zh)
Inventor
王远
孙伟杰
陈庭欣
黄振昊
Original Assignee
深圳市大疆创新科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳市大疆创新科技有限公司 filed Critical 深圳市大疆创新科技有限公司
Priority to PCT/CN2019/114811 priority Critical patent/WO2021081921A1/en
Priority to CN201980033161.1A priority patent/CN112166587A/en
Publication of WO2021081921A1 publication Critical patent/WO2021081921A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Definitions

  • This application relates to the field of data security technology, and in particular to a service authentication method, device and storage medium.
  • Post Processed Knematic (PPK) measurement technology can provide higher accuracy and reliability than Real Time Kinematic (RTK) measurement technology, so PPK measurement technology is more favored by users.
  • PPK Post Processed Knematic
  • RTK Real Time Kinematic
  • the PPK solution service usually adopts the user account mode for authentication, that is, the user account is authenticated to determine whether the user account has the authority to use the PPK solution service.
  • the user account may be stolen or authorized by a legitimate user to other users, causing the loss of service resources and may lead to data security risks.
  • Various aspects of the present application provide a service authentication method, device, and storage medium to avoid the loss of service resources.
  • the embodiment of the present application provides a service authentication method, including:
  • the embodiment of the present application also provides a service authentication method, including:
  • the device identification and the password information are provided to a data processing server for the data processing server to perform service authentication.
  • the embodiment of the present application also provides a service authentication method, including:
  • the device identification, or the task data and the device identification are provided to a data processing server, so that the data processing server performs service authentication on the task data based on the device identification.
  • the embodiment of the present application also provides a data processing server, including a memory, a processor, and a communication component;
  • the memory is used to store one or more computer instructions
  • the processor is coupled with the memory and the communication component, and is configured to execute the one or more computer instructions for:
  • the embodiments of the present application also provide an autonomous mobile device, including a memory, a processor, and a communication component;
  • the memory is used to store one or more computer instructions
  • the processor is coupled with the memory and the communication component, and is configured to execute the one or more computer instructions for:
  • the device identifier and the password information are provided to the data processing server through the communication component, so that the data processing server can perform service authentication.
  • An embodiment of the present application also provides a data relay device, including a memory, a processor, and a communication component;
  • the memory is used to store one or more computer instructions
  • the processor is coupled with the memory and the communication component, and is configured to execute the one or more computer instructions for:
  • the device identification, or the task data and the device identification are provided to a data processing server through the communication component, so that the data processing server performs service authentication on the task data based on the device identification.
  • the embodiments of the present application also provide a computer-readable storage medium storing computer instructions, which when the computer instructions are executed by one or more processors, cause the one or more processors to perform the following operations:
  • the embodiments of the present application also provide a computer-readable storage medium storing computer instructions, which when the computer instructions are executed by one or more processors, cause the one or more processors to perform the following operations:
  • the device identification and the password information are provided to a data processing server for the data processing server to perform service authentication.
  • the embodiments of the present application also provide a computer-readable storage medium storing computer instructions, which, when the computer instructions are executed by one or more processors, cause the one or more processors to perform the following operations:
  • the device identification, or the task data and the device identification are provided to a data processing server, so that the data processing server performs service authentication on the task data based on the device identification.
  • each time the data to be processed is the authentication object, and based on the device identification associated with the data to be processed, the producer of the data to be processed can be authenticated, and if the producer has already activated the service , Provide service resources for the data to be processed. Accordingly, in the embodiments of the present application, refined management of service resources can be realized, and the service resources can be used to process task data produced by autonomous mobile devices that have already activated the service, thereby effectively avoiding the loss of service resources.
  • FIG. 1 is a schematic flowchart of a service authentication method provided by an embodiment of this application
  • FIG. 2 is a schematic flowchart of a service authentication method provided by another embodiment of this application.
  • FIG. 3 is a schematic flowchart of a service authentication method provided by another embodiment of this application.
  • FIG. 4 is a schematic diagram of an application scenario of PPK solution service authentication provided by another embodiment of this application.
  • FIG. 5 is a schematic structural diagram of a data processing server provided by another embodiment of this application.
  • FIG. 6 is a schematic structural diagram of an autonomous mobile device provided by another embodiment of this application.
  • FIG. 7 is a schematic structural diagram of a data relay device provided by another embodiment of this application.
  • the user account mode is usually used for service authentication, that is, the user account is authenticated to determine whether the user account has the authority to use the service.
  • the user account may be stolen or authorized by a legitimate user to other users, causing the loss of service resources and may lead to data security risks.
  • each time the data to be processed is the authentication object, and based on the device identification associated with the data to be processed, the producer of the data to be processed can be authenticated, and In the case where the producer has already activated the service, it provides service resources for the data to be processed.
  • the device identification of the autonomous mobile device for example, the SN number of the drone
  • it is possible to realize the uploading of each autonomous mobile device for example, a drone.
  • Data is verified to prevent the common use of multiple autonomous mobile devices for one account.
  • an autonomous mobile device is managed with an activation code.
  • FIG. 1 is a schematic flowchart of a service authentication method provided by an embodiment of this application.
  • the service authentication method provided in this embodiment can be executed by a service authentication device, the service authentication device can be implemented as software or a combination of software and hardware, and the service authentication device can be integrated in the data processing server.
  • the method includes:
  • Step 100 Obtain a device identifier associated with the data to be processed in response to a service authentication trigger event
  • Step 101 According to the service activation record and the device ID, verify whether the autonomous mobile device corresponding to the device ID has already activated the service before the service authentication trigger event occurs;
  • Step 102 Based on the verification result, determine whether the to-be-processed data passes service authentication.
  • the service authentication method provided by the embodiments of the present application can be applied to various scenarios where service resources need to be managed, for example, PPK solution service scenarios and so on. This embodiment does not limit the application scenario.
  • the autonomous mobile device can be a drone or an unmanned car, etc., and the autonomous mobile device will generate task data during the execution of the task.
  • task data that need to be further processed by service resources as data to be processed.
  • the data to be processed may be a large amount of photographing data and satellite observation data collected by the drone in the process of performing surveying and mapping tasks.
  • the data to be processed is not limited to this in this embodiment.
  • the service authentication trigger event may be a to-be-processed data transmission event or a service authentication request event, etc., which is not limited in this embodiment.
  • the service authentication process can be automatically started when the data to be processed is received.
  • the service authentication process can be started.
  • the device identification can be associated with the data to be processed that it produces.
  • an autonomous mobile device can construct a signature file while producing data to be processed, and configure its device identification in the file to be signed.
  • the data to be processed and the signature file will be associated and provided to the data processing server in this embodiment.
  • the specific scheme for the autonomous mobile device to associate its device identification with the to-be-processed data produced by it will be described in detail in the following embodiments.
  • the device identification associated with the data to be processed can be obtained.
  • the device identifier associated with the data to be processed is the device identifier of the producer of the data to be processed.
  • the device identification associated with the data to be processed may characterize the identity of the producer of the data to be processed. Among them, the device identification may be the device serial number (for example, the SN number of the drone) and other information that can characterize the identity of the autonomous mobile device.
  • the service activation record refers to activation data generated during the service activation process.
  • service activation needs to be performed for autonomous mobile devices to configure service resource usage rights for autonomous mobile devices.
  • the service activation record can contain the activation data of different autonomous mobile devices. Therefore, the service activation record can be used to verify whether the autonomous mobile device has activated the service.
  • step 101 according to the service activation record and the device identifier (for example, the SN number of the drone), it can be verified whether the autonomous mobile device corresponding to the device identifier has already activated the service before the service authentication trigger event occurs.
  • the service activation record and the device identifier for example, the SN number of the drone
  • the service activation time of the autonomous mobile device corresponding to the device identifier (for example, the activation time of the drone) needs to be completed before the service authentication trigger event occurs.
  • step 102 it can be determined whether the data to be processed has passed the service authentication based on the verification result of whether the autonomous mobile device corresponding to the device identification has performed service activation before the service authentication trigger event occurs.
  • the service authentication method provided in this embodiment can be applied in combination with a traditional service authentication scheme, or can be applied separately. For example, in the case of combined application with a traditional service authentication scheme, first verify whether the user account is a registered account. If it is verified as a registered account, the user account can be used based on the service authentication method provided in this embodiment. Provide data to be processed for service certification.
  • the data to be processed can be the object of authentication each time, and based on the device identification associated with the data to be processed, the producer of the data to be processed can be authenticated, and if the producer has already activated the service Next, provide service resources for the data to be processed.
  • service resources can be used to process task data produced by autonomous mobile devices that have been activated for services, so as to prevent unauthorized autonomous mobile devices from using authorized service resources. , Which can effectively avoid the loss of service resources.
  • multiple implementations can be used to verify whether the autonomous mobile device corresponding to the device identification has performed service activation before the service authentication trigger event occurs.
  • the device identification of the autonomous device that has performed the service activation may be recorded in the service activation record. Based on this, it is possible to look up whether there is a device identification associated with the data to be processed in the service activation record to verify whether the autonomous mobile device corresponding to the device identification has already activated the service before the service authentication trigger event occurs.
  • the service activation time is before the occurrence time of the service authentication trigger event, it can be determined that the autonomous mobile device corresponding to the device ID has already performed the service before the service authentication trigger event occurs. activation.
  • the device identification can be recorded in the service activation record during the service activation process of the autonomous mobile device corresponding to the device identification.
  • an encryption algorithm can be used to encrypt the device identification and save it in the service activation record to avoid tampering with the device identification in the service activation record.
  • the same encryption algorithm can be used to encrypt the device identifier associated with the data to be processed, and then search in the service activation record Whether there is an encryption result of the device ID managed by the data to be processed.
  • the activated activation code and the device identification can be encrypted together to obtain the first authentication information; determine whether there is target activation data matching the first authentication information in the service activation record; if there is target activation Data to determine that the autonomous mobile device corresponding to the device ID has already activated the service before issuing the service authentication request; where the target activation data is based on the activation code and activation code obtained during the service activation process for the autonomous mobile device corresponding to the device ID Encrypted information obtained by encrypting the device identifier.
  • an activation code is introduced, and the activation code is used for service activation.
  • the activation code can only be used once. After the activation code has been used to complete the service activation, the activation code will become activated to avoid repeated use of the activation code.
  • the device identification corresponding to the activated activation code can be recorded.
  • the activated activation code can be stored in the clear, and the device identification corresponding to each activated activation code may not be clearly indicated, so as to prevent the attacker from discovering the device identification that has been activated for service and embezzling it.
  • the activated activation code can also be saved in a secret code. In this case, when the activated activation code needs to be used, the activated activation code can be called by decrypting and then using it.
  • the secret code saving method can be better To ensure the security of the activated activation code.
  • the device identification associated with the data to be processed and the activated activation code corresponding to the device identification can be encrypted together to obtain the first authentication information, and determine whether there is target activation data matching the first authentication information in the service activation record .
  • the target activation data that matches the first authentication information can be found in the service activation record.
  • the service activation process of the autonomous mobile device corresponding to the device identification associated with the data to be processed may be: receiving a service activation request, the service activation request includes the activation code and the device identification of the autonomous mobile device; if the activation code is determined to be If the activation code is available, the activation code and device identification are encrypted to obtain the target activation data; the target activation data is saved in the service activation record.
  • the activation data in the service activation record is stored in an encrypted form, which can prevent the activation data in the service activation record from being tampered with, thereby ensuring the accuracy of the verification result.
  • the service activation record can be kept in the data processing server in this embodiment, of course, can also be kept in other storage locations, which is not limited in this embodiment.
  • the service activation process can be executed in the data processing server in this embodiment. Of course, it can also be executed in other processing devices to share the service activation record with the data processing server in this embodiment. This embodiment does not do anything about this. limited.
  • the verification of whether the autonomous mobile device corresponding to the device identifier has already activated the service before the service authentication trigger event occurs is not limited to this.
  • the signature file associated with the data to be processed can be obtained, and the device identification can be unchecked from the signature file as the device identification associated with the data to be processed.
  • the autonomous mobile device can construct a signature file while producing task data, and configure its device identification in the signature file, and the task data produced by the autonomous mobile device will be transmitted synchronously with the signature file constructed by the autonomous mobile device.
  • the signature file may contain clear code information and password information, where the clear code information contains at least the device identification, and the password information contains at least the encryption result of the device identification.
  • the device identification can be decrypted from the secret code information, and it is determined whether the device identification contained in the clear code information is consistent with the device identification decrypted from the secret code information, and if they are the same, the device identification that is unsigned in the signature file is determined Has not been tampered with.
  • the device ID that is actually associated with the data to be processed is the device ID of an autonomous mobile device that has not activated the service
  • the verification result corresponding to the to-be-processed data is: the autonomous mobile device corresponding to the device identification has not performed service activation before the service authentication trigger event occurs.
  • the corresponding verification result is: the autonomous mobile device corresponding to the device ID The mobile device has already activated the service before the service authentication event occurs. Then, the start time of the task associated with the data to be processed can be obtained.
  • the data to be processed may be task data generated by autonomous mobile devices to perform tasks. Therefore, the task start time can be associated in the production process of task data.
  • the task start time can be configured in the signature file mentioned in the foregoing embodiment.
  • the clear code information of the signature file may include the mission start time
  • the secret code information may include the secret encryption result of the mission start time.
  • the service activation time of the autonomous mobile device corresponding to the device identifier can also be obtained.
  • the service activation time can be stored in the service activation record during the service activation process mentioned in the foregoing embodiment.
  • the service activation time can also be stored in an encrypted manner to prevent the service activation time from being tampered with.
  • the service activation time in this embodiment is the initial activation time, and is recorded according to the actual service activation process. In addition, it is stored in an encrypted form. These measures can ensure the accuracy of the service activation time, thereby improving the accuracy of the service activation time. Accurately judge the sequence of the task start time and the service activation time.
  • the data to be processed can also be verified without tampering. In the case where it is determined that the data to be processed has not been tampered with, if it is determined that the data to be processed has passed the service authentication, data processing services are provided for the data to be processed.
  • this embodiment does not limit the processing sequence of performing non-tampering verification on the data to be processed and performing service authentication on the data to be processed.
  • the two processing procedures can be executed sequentially or simultaneously.
  • the check code associated with the data to be processed can be obtained; the check algorithm consistent with the check code is used to perform the check calculation on the data to be processed to obtain the actual check code; if the actual check code is the same as that obtained If the check codes associated with the data to be processed are consistent, it can be determined that the data to be processed has not been tampered with.
  • the check code may be an MD5 code, etc., which is not limited in this embodiment.
  • the verification code associated with the data to be processed may be configured in the signature file mentioned in the foregoing embodiment, and may be configured in the password information in the signature file to ensure the security of the verification code.
  • the security of the data to be processed can be guaranteed, thereby ensuring the accuracy of the data processing result.
  • the non-tampering verification of the task start time, the non-tampering verification of the device ID, and the non-tampering verification of the data to be processed can be used to verify whether the autonomous mobile device corresponding to the device ID has performed the service activation operation before the service authentication event occurs.
  • the prerequisite for this that is, under the condition that all the tamper-free verifications in these aspects are passed, the autonomous mobile device corresponding to the device identification is then executed to verify whether the service activation operation has been performed before the service authentication event occurs. This can ensure that accurate basic authentication information is provided for service authentication, thereby preventing the occupation of service resources by tampering with the basic authentication information.
  • the clear code information in the signature file associated with the data to be processed may include the device identification and task start time
  • the password information may include the encryption result of the device identification, the check value of the data to be processed, and the task start time.
  • FIG. 2 is a schematic flowchart of a service authentication method provided by another embodiment of this application. As shown in Figure 2, the method includes:
  • Step 200 Obtain a device identification
  • Step 201 Perform encryption processing on the device identification to generate password information
  • Step 202 Provide the device identification and password information to the data processing server for the data processing server to perform service authentication.
  • the device identification and task data are obtained; the device identification is encrypted to generate password information; the task data, device identification, and password information are provided to the data processing server to For the data processing server to perform service authentication.
  • the service authentication method is mainly explained from the side of the autonomous mobile device.
  • the camera, encryption component and flight controller for example, the flight controller of a drone
  • the flight controller for example, the flight controller of a drone
  • the camera can send an encryption request to the encryption component, and the encryption component can request the flight controller for the device identification of the autonomous mobile device to obtain the device identification of the autonomous mobile device.
  • the requested device identification can also be encrypted to generate secret code information and return the secret code information to the camera.
  • the camera can establish an association relationship between the task data and the device identification after the task is completed.
  • the camera can produce task data in the storage device of the autonomous mobile device during the execution of the task, and build a signature file in association with it. Based on the signature file, the camera can configure the device identification and password information returned by the encryption component in the signature file.
  • the camera can also associate the task data with the signature file to ensure synchronous transmission of the two.
  • the association here may represent the association relationship in the form of an identification, index, etc., or may be a mechanism of synchronous transmission to represent the association relationship, which is not limited in this embodiment.
  • the task data will be associated with the device identification, thereby marking the identity of the producer of the task data.
  • step 202 the task data will be provided to the data processing server in synchronization with the device identification and password information, and the data processing server can perform service authentication on the task data when a service authentication trigger event occurs.
  • service authentication process in the data processing server reference may be made to the relevant description in the foregoing embodiment, which will not be repeated here.
  • the autonomous mobile device can autonomously provide task data, device identification, and password information to the data processing server.
  • the autonomous mobile device can autonomously provide the device identification and password information to the data processing server.
  • a communication link between the autonomous mobile device and the data processing server needs to be established.
  • the autonomous mobile device can send task data, device identification, and password information to the data relay device, so as to use the data relay device to provide the task data, device identification, and password information to the data processing server.
  • the autonomous mobile device can send the device identification and password information to the data relay device, so as to provide the device identification and password information to the data processing server using the data relay device.
  • the storage device of the autonomous mobile device can be plugged into the data relay device for the data relay device to read tasks from the storage device. Data and its associated signature file.
  • the data relay device can obtain the task data device identification and password information, and provide them to the data processing server.
  • the data relay device may be a remote control of an autonomous mobile device, or any computing device or mobile device, etc., which is not limited in this embodiment.
  • the association relationship between the task data and the device identification can be established to mark the identity of the producer of the task data.
  • the device identification can be prevented by transmitting the device identification in the form of password information. It is tampered with to provide accurate basic information for the service authentication of the data processing server to ensure the successful use of service resources.
  • the camera may also perform verification calculations based on the task data to generate a verification code of the task data, and send the verification code to the encryption component.
  • the encryption component can encrypt the check code and configure it in the secret code information.
  • the camera can also record the task start time of the task data and send the task start time to the encryption component.
  • the encryption component can encrypt the task start time and configure the password information.
  • the password information may include the encryption result of the device identification, the task start time, and the check value corresponding to the task data.
  • the encryption component can provide such secret code information to the camera.
  • the camera can construct a signature file based on the device identification and password information it obtains from the encryption component, as well as the recorded task start time.
  • the generated signature file can contain clear code information and password information
  • the clear code information can contain the device identification and task start time
  • the password information can contain the device identification, task start time, and the encryption result of the check value corresponding to the task data.
  • the association relationship between the task data and the task start time and check code can be established, thereby implementing on the autonomous mobile device side Mark the attributes of the task data for the data processing server to perform service authentication on the task data.
  • FIG. 3 is a schematic flowchart of a service authentication method provided by another embodiment of this application. As shown in Figure 3, the method includes:
  • Step 300 Obtain the task data provided by the autonomous mobile device and the device identification associated with the task data;
  • Step 301 Provide the device identification, or the task data and the device identification, to the data processing server, so that the data processing server can perform service authentication on the task data based on the device identification.
  • the service authentication method is mainly explained from the side of the data relay device.
  • the data relay device can participate in the service authentication process of the task data produced by the autonomous mobile device by the data processing server.
  • the data processing server For details of related processing in the autonomous mobile device and the data processing server, reference may be made to the description in the foregoing embodiment, which will not be repeated here.
  • step 300 when it is detected that the storage device of the autonomous mobile device is inserted into the data relay device, the task data of the autonomous mobile device and the device identification associated with the task data can be obtained from the storage device.
  • the task data and device identification can be provided to the data processing server through the data relay device, which eliminates the need for the autonomous mobile device to establish a communication link with the data processing server, simplifies the operation link, and can improve the data Processing efficiency.
  • the data relay device can also carry the service activation function.
  • the activation code can be obtained in response to the service activation operation for the autonomous mobile device; the device ID of the autonomous mobile device can be obtained; the service activation request can be generated according to the activation code and the device ID; the service activation request can be sent to the data processing server , For the data processing server to activate the service on the autonomous mobile device.
  • processing link of providing device identification, or task data and device identification to the data processing server and the link of service activation for autonomous mobile devices can be performed in the same data relay device.
  • It can also be performed in different data relay devices, which is not limited in this embodiment.
  • FIG. 4 is a schematic diagram of an application scenario of PPK solution service authentication provided by another embodiment of this application.
  • PPK solution service authentication provided by another embodiment of this application.
  • a detailed description of the service authentication process will be carried out with reference to Figure 4, taking the PPK solution service as an example.
  • the system architecture of the PPK solution service includes an autonomous mobile device 1, a data relay device 2, and a data processing server 3.
  • the data relay device 2 is used to send the task data generated by the autonomous mobile device 1 and the device identification of the autonomous mobile device 1 to the data processing server 3, which can avoid multiple communication between the autonomous mobile device 1 and the data processing server 3 The trouble of establishing a communication link.
  • the data relay device 2 may not be involved in the system architecture, and the autonomous mobile device 1 directly provides the task data and device identification to the data processing server 3. This situation is not discussed in FIG. 4 for the time being.
  • the data relay device 2 can establish wireless communication with the autonomous mobile device 1, and obtain the SN number (as a device identification) of the autonomous mobile device (for example, a drone) 1.
  • the data relay device 2 can also obtain the activation code input for the autonomous mobile device 1 in response to the activation code input operation.
  • the data relay device 2 can provide the activation code and the acquired device identification to the data processing server 3, and the data processing server 3 can encrypt the activation code, SN number, and service activation time when the activation code is available, as The activation data of the autonomous mobile device 1 is stored in the service activation record.
  • the processor (specifically a camera) on it will create a task folder in the SD card for storing camera photo data (for example, photos taken during a drone flight) Files, and photo recording files) and the original GNSS observation data obtained from the RTK board (used in the subsequent PPK calculation processing), which are used as task data in this embodiment.
  • the photographing record file includes photographing time and other photographing attributes.
  • the processor When starting to execute a task job, the processor also records the task start time.
  • the processor After completing the task, the processor sends a command to 1860AP (that is, a processor that can be used as an encryption component) to request encrypted data, and at the same time calculates the MD5 check code based on the task data, and adds the task start time to the checksum The code is sent to 1860AP.
  • 1860AP that is, a processor that can be used as an encryption component
  • the 1860AP After receiving the request from the processor, the 1860AP requests the device SN number (for example, the AN number of the drone) from the flight controller, and the flight controller transmits the SN number to the 1860AP of the autonomous mobile device 1.
  • the 1860AP combines the SN number and verification
  • the code and task start time are encrypted by an encryption algorithm to generate secret code information.
  • the 1860AP transmits the secret code information to the processor, and the processor uses the SN number and the task start time as the clear code information, and combines the aforementioned secret code information to generate a .sig signature file in the task folder.
  • the SD card of the autonomous mobile device 1 can be removed and inserted into the data relay device 2.
  • the data relay device 2 can obtain task data and signature files from the SD card and upload them to the data processing server 3.
  • the upload event is used as a service authentication trigger event, and the data processing server 3 will start the service authentication of the task data upon receiving the task data and the signature file.
  • the data processing server 3 can unsign the signature file and obtain the following information:
  • the SN number unsigned from the signature file and the activated activation code can be encrypted to generate authentication information, and the service activation record can be used to find out whether there is target activation data that matches the authentication information.
  • the encryption algorithm here should be consistent with the encryption algorithm in the aforementioned service activation process. If the activation data of the autonomous mobile device 1 exists in the service activation record, the target activation data can be matched here, and it also indicates that the autonomous mobile device 1 that produced the task data has already activated the service before this service authentication trigger event .
  • the start time of the task unchecked out from the signature file is later than the service activation time of the autonomous mobile device 1 corresponding to the device ID unchecked out from the signature file. If it is, it is determined that the mission data passed the service certification, and the PPK solution service can be provided for the mission data.
  • FIG. 5 is a schematic structural diagram of a data processing server provided by another embodiment of this application.
  • the data processing server includes: a memory 50, a processor 51, and a communication component 52.
  • the processor 51 is coupled with the memory 50 and the communication component 52, and is configured to execute computer programs in the memory for:
  • the service activation record and device ID verify whether the autonomous mobile device corresponding to the device ID has already activated the service before the service authentication trigger event occurs;
  • the processor 51 is configured to: when verifying whether the autonomous mobile device corresponding to the device ID has already activated the service before the service authentication trigger event occurs, according to the service activation record and the device ID, the processor 51 is used to:
  • the target activation data is obtained by encrypting the activation code and the device ID obtained during service activation of the autonomous mobile device corresponding to the device ID Encrypted information;
  • the processor 51 is configured to: when performing a service activation process on the autonomous mobile device corresponding to the device identifier:
  • the service activation request contains the activation code and the device identification of the autonomous mobile device
  • the activation code is a usable activation code, encrypt the activation code and device identification to obtain the target activation data;
  • the processor 51 is configured to: when acquiring the device identification associated with the to-be-processed data:
  • the signature file includes clear code information and secret code information
  • the clear code information includes at least the device identification
  • the secret code information includes at least the encryption result of the device identification.
  • the operation of verifying whether the autonomous mobile device corresponding to the device identification has already performed service activation before the occurrence of the service authentication trigger event is performed.
  • the processor 51 determines whether the data to be processed passes the service authentication based on the verification result, the processor 51 is configured to:
  • the verification result is that the autonomous mobile device corresponding to the device identifier has already activated the service before the service authentication trigger event occurs, obtain the start time of the task associated with the to-be-processed data;
  • the processor 51 before determining whether the task start time is later than the service activation time, the processor 51 is further configured to:
  • processor 51 is further configured to:
  • the signature file includes clear code information and password information, and the clear code information includes at least one of a device identification or a task start time;
  • the decrypted code information is consistent with the clear code information, it is verified whether the autonomous mobile device corresponding to the device identifier has already activated the service before the service authentication trigger event occurs.
  • the password information further includes a check code corresponding to the data to be processed
  • the processor 51 is further configured to:
  • the autonomous mobile device corresponding to the device identifier has already activated the service before the service authentication trigger event occurs.
  • the autonomous mobile device is a drone or an unmanned vehicle.
  • the data processing server further includes: a power supply component 53 and other components. Only some components are schematically shown in FIG. 5, which does not mean that the data processing server only includes the components shown in FIG. 5.
  • an embodiment of the present application also provides a computer-readable storage medium storing a computer program, and when the computer program is executed, the steps that can be executed by the data processing server in the foregoing method embodiments can be implemented.
  • FIG. 6 is a schematic structural diagram of an autonomous mobile device provided by another embodiment of this application.
  • the autonomous mobile device may include: a memory 60, a processor 61, and a communication component 62.
  • the processor 61 is coupled with the memory 60 and the communication component 62, and is configured to execute computer programs in the memory for:
  • the device identification and password information are provided to the data processing server through the communication component 62 for the data processing server to perform service authentication.
  • the processor 61 is coupled with the memory 60 and the communication component 62, and is configured to execute computer programs in the memory for:
  • the task data, device identification, and password information are provided to the data processing server through the communication component 62 for the data processing server to perform service authentication.
  • processor 61 when the processor 61 provides the device identification to the data processing server, it is used to:
  • the device identification and password information are sent to the data relay device through the communication component 62, so that the data relay device is used to provide the device identification and password information to the data processing server.
  • processor 61 when the processor 61 provides the device identification to the data processing server, it is used to:
  • the task data, the device identification and the password information are sent to the data relay device through the communication component 62, so that the data relay device provides the task data, the device identification and the password information to the data processing server.
  • the processor 61 is configured to:
  • the processor 61 is further configured to:
  • the task start time is configured into the clear code information, so that the encryption component 63 is used to encrypt the clear code information including the device identification and the task start time to obtain the password information.
  • the processor 61 is further configured to:
  • the autonomous mobile device further includes: a power supply component 64, a flight controller 65, a camera 66 and other components.
  • the autonomous mobile device when the autonomous mobile device is a drone, the autonomous mobile device includes the power supply of the drone, the flight controller of the drone, and the camera installed on the drone. Only some of the components are schematically shown in FIG. 6, which does not mean that the autonomous mobile device only includes the components shown in FIG. 6.
  • an embodiment of the present application also provides a computer-readable storage medium storing a computer program, and when the computer program is executed, each step that can be executed by an autonomous mobile device in the foregoing method embodiment can be implemented.
  • FIG. 7 is a schematic structural diagram of a data relay device provided by another embodiment of this application. As shown in FIG. 7, the data relay device includes: a memory 70, a processor 71, and a communication component 72.
  • the processor 71 is coupled with the memory 70 and the communication component 72, and is configured to execute a computer program in the memory for:
  • the device identification, or the task data and the device identification, are provided to the data processing server through the communication component 72, so that the data processing server can perform service authentication on the task data based on the device identification.
  • processor 72 is further configured to:
  • the service activation request is sent to the data processing server through the communication component 72 for the data processing server to perform service activation on the autonomous mobile device.
  • the data relay device further includes: a power supply component 73 and other components. Only some components are schematically shown in FIG. 7, which does not mean that the data relay device only includes the components shown in FIG. 7.
  • an embodiment of the present application also provides a computer-readable storage medium storing a computer program, and when the computer program is executed, the steps that can be executed by the data relay device in the foregoing method embodiment can be implemented.
  • the memories in FIGS. 5, 6 and 7 are used to store computer programs, and can be configured to store various other data to support operations on the device to which they belong. Examples of such data include instructions for any application or method operated on the device to which it belongs, contact data, phone book data, messages, pictures, videos, etc.
  • the memory can be implemented by any type of volatile or non-volatile storage devices or their combination, such as static random access memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable and programmable Read only memory (EPROM), programmable read only memory (PROM), read only memory (ROM), magnetic memory, flash memory, magnetic disk or optical disk.
  • SRAM static random access memory
  • EEPROM electrically erasable programmable read-only memory
  • EPROM erasable and programmable Read only memory
  • PROM programmable read only memory
  • ROM read only memory
  • magnetic memory flash memory
  • flash memory magnetic disk or optical disk.
  • the communication components in Figures 5, 6 and 7 are configured to facilitate wired or wireless communication between the device where the communication component is located and other devices.
  • the device where the communication component is located can access a wireless network based on a communication standard, such as WiFi, 2G or 3G, or a combination of them.
  • the communication component receives a broadcast signal or broadcast related information from an external broadcast management system via a broadcast channel.
  • the communication component may be based on near field communication (NFC) technology, radio frequency identification (RFID) technology, infrared data association (IrDA) technology, ultra-wideband (UWB) technology, Bluetooth (BT) technology, or Other technologies are implemented to facilitate short-range communication.
  • NFC near field communication
  • RFID radio frequency identification
  • IrDA infrared data association
  • UWB ultra-wideband
  • Bluetooth Bluetooth
  • the power supply components in Figures 5, 6 and 7 provide power for various components of the equipment where the power supply component is located.
  • the power supply component may include a power management system, one or more power supplies, and other components associated with generating, managing, and distributing power for the device where the power supply component is located.
  • the embodiments of the present invention can be provided as a method, a system, or a computer program product. Therefore, the present invention may adopt the form of a complete hardware embodiment, a complete software embodiment, or an embodiment combining software and hardware. Moreover, the present invention may adopt the form of a computer program product implemented on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program codes.
  • computer-usable storage media including but not limited to disk storage, CD-ROM, optical storage, etc.
  • These computer program instructions can also be stored in a computer-readable memory that can guide a computer or other programmable data processing server to work in a specific manner, so that the instructions stored in the computer-readable memory produce an article of manufacture including the instruction device.
  • the device implements the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
  • These computer program instructions can also be loaded on a computer or other programmable data processing server, so that a series of operation steps are executed on the computer or other programmable equipment to produce computer-implemented processing, so as to execute on the computer or other programmable equipment.
  • the instructions provide steps for implementing the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
  • the computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
  • processors CPUs
  • input/output interfaces network interfaces
  • memory volatile and non-volatile memory
  • the memory may include non-permanent memory in a computer readable medium, random access memory (RAM) and/or non-volatile memory, such as read-only memory (ROM) or flash memory (flash RAM). Memory is an example of computer readable media.
  • RAM random access memory
  • ROM read-only memory
  • flash RAM flash memory
  • Computer-readable media include permanent and non-permanent, removable and non-removable media, and information storage can be realized by any method or technology.
  • the information can be computer-readable instructions, data structures, program modules, or other data.
  • Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technology, CD-ROM, digital versatile disc (DVD) or other optical storage, Magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices or any other non-transmission media can be used to store information that can be accessed by computing devices. According to the definition in this article, computer-readable media does not include transitory media, such as modulated data signals and carrier waves.

Abstract

A service authentication method and device and a storage medium. The method comprises: acquiring a device identification associated with data to be processed so as to respond to a service authentication triggering event (100); according to service activation records and the device identification, verifying whether service activation is performed on an autonomous mobile device corresponding to the device identification before the occurrence of the service authentication triggering event (101); and on the basis of the verification result, determining whether the data to be processed passes the service authentication (102). The method can achieve a fine management of service resources and use the service resources for processing task data produced by an autonomous mobile device on which service activation is performed, thus effectively avoiding the loss of service resources.

Description

一种服务认证方法、设备及存储介质Service authentication method, equipment and storage medium 技术领域Technical field
本申请涉及数据安全技术领域,尤其涉及一种服务认证方法、设备及存储介质。This application relates to the field of data security technology, and in particular to a service authentication method, device and storage medium.
背景技术Background technique
在无人机的应用中,越来越多地将精密定位技术应用在地图构建、任务规划及数据分析等处理阶段,以提高无人机飞行过程中定位结果的精度和可靠性。In the application of drones, more and more precision positioning technology is applied in the processing stages of map construction, mission planning, and data analysis to improve the accuracy and reliability of the positioning results during the flight of the drone.
其中,后处理差分(Post Processed Knematic,PPK)测量技术能够提供比实时动态差分(Real Time Kinematic,RTK)测量技术更高的精度和可靠性,所以PPK测量技术更加受到用户的青睐。Among them, Post Processed Knematic (PPK) measurement technology can provide higher accuracy and reliability than Real Time Kinematic (RTK) measurement technology, so PPK measurement technology is more favored by users.
目前,PPK解算服务通常采用用户账号模式进行认证,也即是,通过对用户账号进行认证,以确定用户账号是否具有使用PPK解算服务的权限。但这种认证方式下,用户账号可能被盗用或被合法用户授权给其它用户,造成服务资源的流失,并可能导致数据安全风险。At present, the PPK solution service usually adopts the user account mode for authentication, that is, the user account is authenticated to determine whether the user account has the authority to use the PPK solution service. However, in this authentication method, the user account may be stolen or authorized by a legitimate user to other users, causing the loss of service resources and may lead to data security risks.
发明内容Summary of the invention
本申请的多个方面提供一种服务认证方法、设备及存储介质,用以避免服务资源的流失。Various aspects of the present application provide a service authentication method, device, and storage medium to avoid the loss of service resources.
本申请实施例提供一种服务认证方法,包括:The embodiment of the present application provides a service authentication method, including:
获取待处理数据关联的设备标识,以响应服务认证触发事件;Obtain the device identification associated with the data to be processed to respond to the service authentication trigger event;
根据服务激活记录和所述设备标识,验证所述设备标识对应的自主移动设备是否在所述服务认证触发事件发生之前已经进行过服务激活;Verifying, according to the service activation record and the device identifier, whether the autonomous mobile device corresponding to the device identifier has performed service activation before the service authentication trigger event occurs;
基于验证结果,确定所述待处理数据是否通过服务认证。Based on the verification result, it is determined whether the to-be-processed data passes service authentication.
本申请实施例还提供一种服务认证方法,包括:The embodiment of the present application also provides a service authentication method, including:
获取设备标识;Obtain device identification;
对所述设备标识进行加密处理,以生成暗码信息;Encrypting the device identification to generate password information;
将所述设备标识,以及所述暗码信息提供给数据处理服务器,以供所述数据处理服务器进行服务认证。The device identification and the password information are provided to a data processing server for the data processing server to perform service authentication.
本申请实施例还提供一种服务认证方法,包括:The embodiment of the present application also provides a service authentication method, including:
获取自主移动设备提供的任务数据以及所述任务数据关联的设备标识;Acquiring task data provided by an autonomous mobile device and a device identifier associated with the task data;
将所述设备标识,或者所述任务数据和所述设备标识,提供给数据处理服务器,以供所述数据处理服务器基于所述设备标识对所述任务数据进行服务认证。The device identification, or the task data and the device identification are provided to a data processing server, so that the data processing server performs service authentication on the task data based on the device identification.
本申请实施例还提供一种数据处理服务器,包括存储器、处理器和通信组件;The embodiment of the present application also provides a data processing server, including a memory, a processor, and a communication component;
所述存储器用于存储一条或多条计算机指令;The memory is used to store one or more computer instructions;
所述处理器与所述存储器及所述通信组件耦合,用于执行所述一条或多条计算机指令,以用于:The processor is coupled with the memory and the communication component, and is configured to execute the one or more computer instructions for:
通过所述通信组件获取待处理数据关联的设备标识,以响应服务认证触发事件;Obtain the device identification associated with the to-be-processed data through the communication component to respond to the service authentication trigger event;
根据服务激活记录和所述设备标识,验证所述设备标识对应的自主移动设备是否在所述服务认证触发事件发生之前已经进行过服务激活;Verifying, according to the service activation record and the device identifier, whether the autonomous mobile device corresponding to the device identifier has performed service activation before the service authentication trigger event occurs;
基于验证结果,确定所述待处理数据是否通过服务认证。Based on the verification result, it is determined whether the to-be-processed data passes service authentication.
本申请实施例还提供一种自主移动设备,包括存储器、处理器和通信组件;The embodiments of the present application also provide an autonomous mobile device, including a memory, a processor, and a communication component;
所述存储器用于存储一条或多条计算机指令;The memory is used to store one or more computer instructions;
所述处理器与所述存储器及所述通信组件耦合,用于执行所述一条或多条计算机指令,以用于:The processor is coupled with the memory and the communication component, and is configured to execute the one or more computer instructions for:
获取设备标识;Obtain device identification;
对所述设备标识进行加密处理,以生成暗码信息;Encrypting the device identification to generate password information;
通过所述通信组件将所述设备标识,以及所述暗码信息提供给数据处理服务器,以供所述数据处理服务器进行服务认证。The device identifier and the password information are provided to the data processing server through the communication component, so that the data processing server can perform service authentication.
本申请实施例还提供一种数据中继设备,包括存储器、处理器和通信组件;An embodiment of the present application also provides a data relay device, including a memory, a processor, and a communication component;
所述存储器用于存储一条或多条计算机指令;The memory is used to store one or more computer instructions;
所述处理器与所述存储器及所述通信组件耦合,用于执行所述一条或多条计算机指令,以用于:The processor is coupled with the memory and the communication component, and is configured to execute the one or more computer instructions for:
获取自主移动设备提供的任务数据以及所述任务数据关联的设备标识;Acquiring task data provided by an autonomous mobile device and a device identifier associated with the task data;
通过所述通信组件将所述设备标识,或者所述任务数据和所述设备标识,提供给数据处理服务器,以供所述数据处理服务器基于所述设备标识对所述任务数据进行服务认证。The device identification, or the task data and the device identification are provided to a data processing server through the communication component, so that the data processing server performs service authentication on the task data based on the device identification.
本申请实施例还提供一种存储计算机指令的计算机可读存储介质,当所述计算机指令被一个或多个处理器执行时,致使所述一个或多个处理器执行以下操作:The embodiments of the present application also provide a computer-readable storage medium storing computer instructions, which when the computer instructions are executed by one or more processors, cause the one or more processors to perform the following operations:
获取待处理数据关联的设备标识,以响应服务认证触发事件;Obtain the device identification associated with the data to be processed to respond to the service authentication trigger event;
根据服务激活记录和所述设备标识,验证所述设备标识对应的自主移动设备是否在所述服务认证触发事件发生之前已经进行过服务激活;Verifying, according to the service activation record and the device identifier, whether the autonomous mobile device corresponding to the device identifier has performed service activation before the service authentication trigger event occurs;
基于验证结果,确定所述待处理数据是否通过服务认证。Based on the verification result, it is determined whether the to-be-processed data passes service authentication.
本申请实施例还提供一种存储计算机指令的计算机可读存储介质,当所述计算机指令被一个或多个处理器执行时,致使所述一个或多个处理器执行以下操作:The embodiments of the present application also provide a computer-readable storage medium storing computer instructions, which when the computer instructions are executed by one or more processors, cause the one or more processors to perform the following operations:
获取设备标识;Obtain device identification;
对所述设备标识进行加密处理,以生成暗码信息;Encrypting the device identification to generate password information;
将所述设备标识,以及所述暗码信息提供给数据处理服务器,以供所述数据处理服务器进行服务认证。The device identification and the password information are provided to a data processing server for the data processing server to perform service authentication.
本申请实施例还提供一种存储计算机指令的计算机可读存储介质,当所述计算机指令被一个或多个处理器执行时,致使所述一个或多个处理器执行 以下操作:The embodiments of the present application also provide a computer-readable storage medium storing computer instructions, which, when the computer instructions are executed by one or more processors, cause the one or more processors to perform the following operations:
获取自主移动设备提供的任务数据以及所述任务数据关联的设备标识;Acquiring task data provided by an autonomous mobile device and a device identifier associated with the task data;
将所述设备标识,或者所述任务数据和所述设备标识,提供给数据处理服务器,以供所述数据处理服务器基于所述设备标识对所述任务数据进行服务认证。The device identification, or the task data and the device identification are provided to a data processing server, so that the data processing server performs service authentication on the task data based on the device identification.
在本申请实施例中,以每次的待处理数据为认证对象,基于待处理数据关联的设备标识,可对待处理数据的生产者进行权限认证,并在其生产者已经进行服务激活的情况下,为待处理数据提供服务资源。据此,本申请实施例中,可实现对服务资源的精细化管理,将服务资源用于处理已经进行过服务激活的自主移动设备所生产的任务数据,从而可有效避免服务资源的流失。In the embodiment of this application, each time the data to be processed is the authentication object, and based on the device identification associated with the data to be processed, the producer of the data to be processed can be authenticated, and if the producer has already activated the service , Provide service resources for the data to be processed. Accordingly, in the embodiments of the present application, refined management of service resources can be realized, and the service resources can be used to process task data produced by autonomous mobile devices that have already activated the service, thereby effectively avoiding the loss of service resources.
附图说明Description of the drawings
此处所说明的附图用来提供对本申请的进一步理解,构成本申请的一部分,本申请的示意性实施例及其说明用于解释本申请,并不构成对本申请的不当限定。在附图中:The drawings described here are used to provide a further understanding of the application and constitute a part of the application. The exemplary embodiments and descriptions of the application are used to explain the application, and do not constitute an improper limitation of the application. In the attached picture:
图1为本申请一实施例提供的一种服务认证方法的流程示意图;FIG. 1 is a schematic flowchart of a service authentication method provided by an embodiment of this application;
图2为本申请另一实施例提供的一种服务认证方法的流程示意图;2 is a schematic flowchart of a service authentication method provided by another embodiment of this application;
图3为本申请又一实施例提供的一种服务认证方法的流程示意图;FIG. 3 is a schematic flowchart of a service authentication method provided by another embodiment of this application;
图4为本申请又一实施例提供的一种PPK解算服务认证的应用场景示意图;4 is a schematic diagram of an application scenario of PPK solution service authentication provided by another embodiment of this application;
图5为本申请又一实施例提供的一种数据处理服务器的结构示意图;FIG. 5 is a schematic structural diagram of a data processing server provided by another embodiment of this application;
图6为本申请又一实施例提供的一种自主移动设备的结构示意图;FIG. 6 is a schematic structural diagram of an autonomous mobile device provided by another embodiment of this application;
图7为本申请又一实施例提供的一种数据中继设备的结构示意图。FIG. 7 is a schematic structural diagram of a data relay device provided by another embodiment of this application.
具体实施方式Detailed ways
为使本申请的目的、技术方案和优点更加清楚,下面将结合本申请具体实施例及相应的附图对本申请技术方案进行清楚、完整地描述。显然,所描 述的实施例仅是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。In order to make the objectives, technical solutions, and advantages of the present application clearer, the technical solutions of the present application will be described clearly and completely in conjunction with specific embodiments of the present application and the corresponding drawings. Obviously, the described embodiments are only a part of the embodiments of the present application, rather than all the embodiments. Based on the embodiments in this application, all other embodiments obtained by those of ordinary skill in the art without creative work shall fall within the protection scope of this application.
目前,在自主移动设备领域,通常采用用户账号模式进行服务认证,也即是,通过对用户账号进行认证,以确定用户账号是否具有使用服务的权限。但这种认证方式下,用户账号可能被盗用或被合法用户授权给其它用户,造成服务资源的流失,并可能导致数据安全风险。为解决现有技术存在的问题,在本申请的一些实施例中:以每次的待处理数据为认证对象,基于待处理数据关联的设备标识,可对待处理数据的生产者进行权限认证,并在其生产者已经进行服务激活的情况下,为待处理数据提供服务资源。据此,可实现对服务资源的精细化管理,将服务资源用于处理已经进行过服务激活的自主移动设备所生产的任务数据,避免出现未经授权的自主移动设备使用需要授权的服务资源的情况,从而可有效避免服务资源的流失。At present, in the field of autonomous mobile devices, the user account mode is usually used for service authentication, that is, the user account is authenticated to determine whether the user account has the authority to use the service. However, in this authentication method, the user account may be stolen or authorized by a legitimate user to other users, causing the loss of service resources and may lead to data security risks. In order to solve the problems existing in the prior art, in some embodiments of this application: each time the data to be processed is the authentication object, and based on the device identification associated with the data to be processed, the producer of the data to be processed can be authenticated, and In the case where the producer has already activated the service, it provides service resources for the data to be processed. According to this, it is possible to realize refined management of service resources, use service resources to process task data produced by autonomous mobile devices that have already activated services, and avoid unauthorized use of autonomous mobile devices that require authorized service resources. Circumstances, which can effectively avoid the loss of service resources.
进一步,依据本发明的一实施方式,由于依据自主移动设备的设备标识(例如,无人机的SN号)进行验证,可以实现对于每台自主移动设备(例如,一台无人机)上传的数据进行验证,从而防止一个账户多个自主移动设备共同使用的情况。也就是说,实现了一个自主移动设备用一个激活码进行管理。Further, according to an embodiment of the present invention, since verification is performed based on the device identification of the autonomous mobile device (for example, the SN number of the drone), it is possible to realize the uploading of each autonomous mobile device (for example, a drone). Data is verified to prevent the common use of multiple autonomous mobile devices for one account. In other words, an autonomous mobile device is managed with an activation code.
以下结合附图,详细说明本申请各实施例提供的技术方案。The technical solutions provided by the embodiments of the present application will be described in detail below with reference to the accompanying drawings.
图1为本申请一实施例提供的一种服务认证方法的流程示意图。本实施例提供的服务认证方法可以由一服务认证装置来执行,该服务认证装置可以实现为软件或实现为软件和硬件的组合,该服务认证装置可集成设置在数据处理服务器中。如图1所示,该方法包括:FIG. 1 is a schematic flowchart of a service authentication method provided by an embodiment of this application. The service authentication method provided in this embodiment can be executed by a service authentication device, the service authentication device can be implemented as software or a combination of software and hardware, and the service authentication device can be integrated in the data processing server. As shown in Figure 1, the method includes:
步骤100、获取待处理数据关联的设备标识,以响应服务认证触发事件;Step 100: Obtain a device identifier associated with the data to be processed in response to a service authentication trigger event;
步骤101、根据服务激活记录和所述设备标识,验证所述设备标识对应的自主移动设备是否在所述服务认证触发事件发生之前已经进行过服务激活;Step 101: According to the service activation record and the device ID, verify whether the autonomous mobile device corresponding to the device ID has already activated the service before the service authentication trigger event occurs;
步骤102、基于验证结果,确定所述待处理数据是否通过服务认证。Step 102: Based on the verification result, determine whether the to-be-processed data passes service authentication.
本申请实施例提供的服务认证方法可应用于各种需要对服务资源进行管 理的场景中,例如,PPK解算服务场景等等。本实施例对应用场景不作限定。The service authentication method provided by the embodiments of the present application can be applied to various scenarios where service resources need to be managed, for example, PPK solution service scenarios and so on. This embodiment does not limit the application scenario.
其中,自主移动设备可以是无人机或无人驾驶汽车等,自主移动设备在执行任务的过程中将产生任务数据。我们将这些需要利用服务资源进行进一步处理的任务数据描述为待处理数据。例如,待处理数据可以是,无人机在执行测绘任务过程中采集到的大量拍照数据及卫星观测数据等,当然,本实施例中,待处理数据并不限于此。Among them, the autonomous mobile device can be a drone or an unmanned car, etc., and the autonomous mobile device will generate task data during the execution of the task. We describe these task data that need to be further processed by service resources as data to be processed. For example, the data to be processed may be a large amount of photographing data and satellite observation data collected by the drone in the process of performing surveying and mapping tasks. Of course, the data to be processed is not limited to this in this embodiment.
在步骤100中,服务认证触发事件可以是待处理数据传输事件或者是服务认证请求事件等等,本实施例对此不作限定。例如,可以在接收到待处理数据的情况下,自动启动服务认证过程。再例如,可以在接收到针对待处理数据的服务认证请求的情况下,开启服务认证过程。In step 100, the service authentication trigger event may be a to-be-processed data transmission event or a service authentication request event, etc., which is not limited in this embodiment. For example, the service authentication process can be automatically started when the data to be processed is received. For another example, when a service authentication request for the data to be processed is received, the service authentication process can be started.
对于自主移动设备来说,可将其设备标识关联至其生产的待处理数据。在实际应用中,自主移动设备可在生产待处理数据的同时,构建一签名文件,并将其设备标识配置待签名文件中。待处理数据及签名文件将关联在一起提供给本实施例中数据处理服务器。关于自主移动设备将其设备标识关联至其生产的待处理数据的具体方案将在后文实施例中进行详述。For autonomous mobile devices, the device identification can be associated with the data to be processed that it produces. In practical applications, an autonomous mobile device can construct a signature file while producing data to be processed, and configure its device identification in the file to be signed. The data to be processed and the signature file will be associated and provided to the data processing server in this embodiment. The specific scheme for the autonomous mobile device to associate its device identification with the to-be-processed data produced by it will be described in detail in the following embodiments.
基于此,步骤100中,可获取到待处理数据关联的设备标识。可知,待处理数据关联的设备标识,即是待处理数据的生产者的设备标识。待处理数据关联的设备标识可表征该待处理数据的生产者的身份。其中,设备标识可以是设备序列号(例如,无人机的SN号)等能够表征自主移动设备身份的信息。Based on this, in step 100, the device identification associated with the data to be processed can be obtained. It can be seen that the device identifier associated with the data to be processed is the device identifier of the producer of the data to be processed. The device identification associated with the data to be processed may characterize the identity of the producer of the data to be processed. Among them, the device identification may be the device serial number (for example, the SN number of the drone) and other information that can characterize the identity of the autonomous mobile device.
在步骤101中,服务激活记录是指服务激活过程中产生的激活数据。在使用服务资源之前,需针对自主移动设备进行服务激活,以为自主移动设备配置服务资源使用权限。服务激活记录中可包含不同自主移动设备的激活数据,因此,服务激活记录可用于验证自主移动设备是否已进行服务激活。In step 101, the service activation record refers to activation data generated during the service activation process. Before using service resources, service activation needs to be performed for autonomous mobile devices to configure service resource usage rights for autonomous mobile devices. The service activation record can contain the activation data of different autonomous mobile devices. Therefore, the service activation record can be used to verify whether the autonomous mobile device has activated the service.
基于此,步骤101中,可根据服务激活记录和设备标识(例如,无人机的SN号),验证设备标识对应的自主移动设备是否在服务认证触发事件发生之前已经进行过服务激活。Based on this, in step 101, according to the service activation record and the device identifier (for example, the SN number of the drone), it can be verified whether the autonomous mobile device corresponding to the device identifier has already activated the service before the service authentication trigger event occurs.
实际应用中,可通过判断服务激活记录中是否存在针对该设备标识的激活数据。另外,该设备标识对应的自主移动设备的服务激活时间(例如,无人机的激活时间)需在服务认证触发事件发生之前已经完成。In actual applications, it can be determined whether there is activation data for the device identifier in the service activation record. In addition, the service activation time of the autonomous mobile device corresponding to the device identifier (for example, the activation time of the drone) needs to be completed before the service authentication trigger event occurs.
在步骤102中,可基于对设备标识对应的自主移动设备是否在服务认证触发事件发生之前已经进行过服务激活的验证结果,确定待处理数据是否通过服务认证。In step 102, it can be determined whether the data to be processed has passed the service authentication based on the verification result of whether the autonomous mobile device corresponding to the device identification has performed service activation before the service authentication trigger event occurs.
本实施例提供的服务认证方法可与传统的服务认证方案相结合应用,也可单独应用。例如,在与传统的服务认证方案结合应用的情况下,可首先验证用户账号是否为已注册账号,若验证为已注册账号,则可基于本实施例提供的服务认证方法对使用该用户账号而提供待处理数据进行服务认证。The service authentication method provided in this embodiment can be applied in combination with a traditional service authentication scheme, or can be applied separately. For example, in the case of combined application with a traditional service authentication scheme, first verify whether the user account is a registered account. If it is verified as a registered account, the user account can be used based on the service authentication method provided in this embodiment. Provide data to be processed for service certification.
据此,本实施例中,可以每次的待处理数据为认证对象,基于待处理数据关联的设备标识,可对待处理数据的生产者进行权限认证,并在其生产者已经进行服务激活的情况下,为待处理数据提供服务资源。这样,可实现对服务资源的精细化管理,将服务资源用于处理已经进行过服务激活的自主移动设备所生产的任务数据,避免出现未经授权的自主移动设备使用需要授权的服务资源的情况,从而可有效避免服务资源的流失。Accordingly, in this embodiment, the data to be processed can be the object of authentication each time, and based on the device identification associated with the data to be processed, the producer of the data to be processed can be authenticated, and if the producer has already activated the service Next, provide service resources for the data to be processed. In this way, refined management of service resources can be realized, and service resources can be used to process task data produced by autonomous mobile devices that have been activated for services, so as to prevent unauthorized autonomous mobile devices from using authorized service resources. , Which can effectively avoid the loss of service resources.
在上述或下述实施例中,根据待处理数据关联的设备标识,可采用多种实现方式验证设备标识对应的自主移动设备是否在服务认证触发事件发生之前已经进行过服务激活。In the above or the following embodiments, according to the device identification associated with the data to be processed, multiple implementations can be used to verify whether the autonomous mobile device corresponding to the device identification has performed service activation before the service authentication trigger event occurs.
在一种实现方式中,可在服务激活记录中记录已进行过服务激活的自主设备的设备标识。基于此,可在服务激活记录中查找是否存在待处理数据所关联的设备标识,以验证设备标识对应的自主移动设备是否在服务认证触发事件发生之前已经进行过服务激活。In an implementation manner, the device identification of the autonomous device that has performed the service activation may be recorded in the service activation record. Based on this, it is possible to look up whether there is a device identification associated with the data to be processed in the service activation record to verify whether the autonomous mobile device corresponding to the device identification has already activated the service before the service authentication trigger event occurs.
若服务激活记录中存在待处理数据所关联的设备标识,且服务激活时间位于服务认证触发事件的发生时间之前,则可确定设备标识对应的自主移动设备在服务认证触发事件发生之前已经进行过服务激活。If there is a device ID associated with the data to be processed in the service activation record, and the service activation time is before the occurrence time of the service authentication trigger event, it can be determined that the autonomous mobile device corresponding to the device ID has already performed the service before the service authentication trigger event occurs. activation.
在该实现方式中,可在对设备标识对应的自主移动设备进行服务激活的 过程中,将该设备标识记录在服务激活记录中。实际应用中,可采用加密算法对该设备标识进行加密并保存在服务激活记录中,以避免对服务激活记录中的设备标识的篡改。相应地,在执行前述的在服务激活记录中查找是否存在待处理数据所关联的设备标识的操作时,可采用同样的加密算法对待处理数据关联的设备标识进行加密,进而在服务激活记录中查找是否存在待处理数据所管理的设备标识的加密结果。In this implementation manner, the device identification can be recorded in the service activation record during the service activation process of the autonomous mobile device corresponding to the device identification. In practical applications, an encryption algorithm can be used to encrypt the device identification and save it in the service activation record to avoid tampering with the device identification in the service activation record. Correspondingly, when performing the aforementioned operation of finding whether there is a device identifier associated with the data to be processed in the service activation record, the same encryption algorithm can be used to encrypt the device identifier associated with the data to be processed, and then search in the service activation record Whether there is an encryption result of the device ID managed by the data to be processed.
在另一种实现方式中,可对已激活的激活码和设备标识一起进行加密,得到第一认证信息;判断服务激活记录中是否存在与第一认证信息匹配的目标激活数据;若存在目标激活数据,确定设备标识对应的自主移动设备在发出服务认证请求之前已经进行过服务激活;其中,目标激活数据是根据在对设备标识对应的自主移动设备进行服务激活的过程中获取到的激活码和设备标识进行加密得到的加密信息。In another implementation manner, the activated activation code and the device identification can be encrypted together to obtain the first authentication information; determine whether there is target activation data matching the first authentication information in the service activation record; if there is target activation Data to determine that the autonomous mobile device corresponding to the device ID has already activated the service before issuing the service authentication request; where the target activation data is based on the activation code and activation code obtained during the service activation process for the autonomous mobile device corresponding to the device ID Encrypted information obtained by encrypting the device identifier.
在该实现方式中,引入了激活码,激活码用于进行服务激活。激活码只能用一次,在激活码已被用于完成服务激活后,激活码将变为已激活状态,以避免激活码的重复使用。其中,在服务激活过程中,可记录已激活的激活码对应的设备标识。另外,已激活的激活码可明码保存,而且,可不明示各已激活的激活码对应的设备标识,这样可避免攻击者发现已经进行过服务激活的设备标识而进行盗用。当然,已激活的激活码也可以暗码保存,这种情况下,在需要使用已激活的激活码时,可采用先解密再使用的方式以调用已激活的激活码,暗码保存的方式可更好地保证已激活的激活码的安全性。In this implementation, an activation code is introduced, and the activation code is used for service activation. The activation code can only be used once. After the activation code has been used to complete the service activation, the activation code will become activated to avoid repeated use of the activation code. Among them, in the service activation process, the device identification corresponding to the activated activation code can be recorded. In addition, the activated activation code can be stored in the clear, and the device identification corresponding to each activated activation code may not be clearly indicated, so as to prevent the attacker from discovering the device identification that has been activated for service and embezzling it. Of course, the activated activation code can also be saved in a secret code. In this case, when the activated activation code needs to be used, the activated activation code can be called by decrypting and then using it. The secret code saving method can be better To ensure the security of the activated activation code.
基于此,可将待处理数据关联的设备标识以及该设备标识对应的已激活的激活码一起进行加密,得到第一认证信息,判断服务激活记录中是否存在与第一认证信息匹配的目标激活数据。在待处理数据关联的设备标识对应的自主移动设备已经进行服务激活的情况下,可在服务激活记录中找到与第一认证信息匹配的目标激活数据。Based on this, the device identification associated with the data to be processed and the activated activation code corresponding to the device identification can be encrypted together to obtain the first authentication information, and determine whether there is target activation data matching the first authentication information in the service activation record . In the case where the autonomous mobile device corresponding to the device identification associated with the data to be processed has already performed service activation, the target activation data that matches the first authentication information can be found in the service activation record.
据此,若服务激活记录中存在目标激活数据,且目标激活数据对应的服务激活时间位于服务认证触发事件的发生时间之前,则可确定设备标识对应 的自主移动设备在服务认证触发事件发生之前已经进行过服务激活。Accordingly, if there is target activation data in the service activation record, and the service activation time corresponding to the target activation data is before the occurrence time of the service authentication triggering event, it can be determined that the autonomous mobile device corresponding to the device identifier has already occurred before the service authentication triggering event occurs. Service activation has been performed.
在该实现方式中,对待处理数据关联的设备标识对应的自主移动设备的服务激活过程可以是:接收服务激活请求,服务激活请求中包含激活码和自主移动设备的设备标识;若确定激活码为可用激活码,则对激活码和设备标识进行加密,以获得目标激活数据;将目标激活数据保存至服务激活记录中。In this implementation, the service activation process of the autonomous mobile device corresponding to the device identification associated with the data to be processed may be: receiving a service activation request, the service activation request includes the activation code and the device identification of the autonomous mobile device; if the activation code is determined to be If the activation code is available, the activation code and device identification are encrypted to obtain the target activation data; the target activation data is saved in the service activation record.
这样,在该实现方式中,服务激活记录中的激活数据均以加密的形式进行保存,这可避免服务激活记录中的激活数据被篡改,从而保证验证结果的准确性。In this way, in this implementation manner, the activation data in the service activation record is stored in an encrypted form, which can prevent the activation data in the service activation record from being tampered with, thereby ensuring the accuracy of the verification result.
在上述两种示例性的实现方式中,服务激活记录可保持在本实施例中的数据处理服务器中,当然,也可保持在其它存储位置,本实施例对此不作限定。另外,服务激活过程可在本实施例中的数据处理服务器中执行,当然,也可在其它处理设备中执行而将服务激活记录共享至本实施中的数据处理服务器,本实施例对此均不作限定。In the above two exemplary implementation manners, the service activation record can be kept in the data processing server in this embodiment, of course, can also be kept in other storage locations, which is not limited in this embodiment. In addition, the service activation process can be executed in the data processing server in this embodiment. Of course, it can also be executed in other processing devices to share the service activation record with the data processing server in this embodiment. This embodiment does not do anything about this. limited.
值得说明的是,上述两种实现方式仅是示例性的,本实施例中,验证设备标识对应的自主移动设备是否在服务认证触发事件发生之前已经进行过服务激活并不限于此。It is worth noting that the above two implementation manners are only exemplary. In this embodiment, the verification of whether the autonomous mobile device corresponding to the device identifier has already activated the service before the service authentication trigger event occurs is not limited to this.
在上述或下述实施例中,可获取待处理数据关联的签名文件,并从签名文件中解签出设备标识,作为待处理数据关联的设备标识。In the foregoing or following embodiments, the signature file associated with the data to be processed can be obtained, and the device identification can be unchecked from the signature file as the device identification associated with the data to be processed.
正如上文提及的,自主移动设备在生产任务数据的同时,可构建签名文件,并将其设备标识配置在签名文件中,自主移动设备生产的任务数据将与其构建的签名文件同步传输。As mentioned above, the autonomous mobile device can construct a signature file while producing task data, and configure its device identification in the signature file, and the task data produced by the autonomous mobile device will be transmitted synchronously with the signature file constructed by the autonomous mobile device.
在实际应用中,签名文件中可包含明码信息和暗码信息,其中,明码信息中至少包含设备标识,而暗码信息中至少包含对设备标识的加密结果。In practical applications, the signature file may contain clear code information and password information, where the clear code information contains at least the device identification, and the password information contains at least the encryption result of the device identification.
本实施例中,可在验证设备标识对应的自主移动设备是否在服务认证触发事件发生之前已经进行过服务激活之前,根据明码信息中包含的设备标识和暗码信息中包含的对设备标识的加密结果,判断从签名文件中解签出的设备标识是否未被篡改;若判断结果为是,则执行验证设备标识对应的自主移 动设备是否在服务认证触发事件发生之前已经进行过服务激活的操作。In this embodiment, it is possible to verify whether the autonomous mobile device corresponding to the device ID has activated the service before the service authentication trigger event occurs, according to the device ID contained in the clear code information and the encryption result of the device ID contained in the password information. , To determine whether the device ID unchecked out from the signature file has not been tampered with; if the result of the judgment is yes, perform the operation of verifying whether the autonomous mobile device corresponding to the device ID has performed service activation before the service authentication trigger event occurs.
具体地,可以是从暗码信息中解密出设备标识,并判断明码信息中包含的设备标识与从暗码信息中解密出的设备标识是否一致,若一致,则确定签名文件中解签出的设备标识未被篡改。Specifically, the device identification can be decrypted from the secret code information, and it is determined whether the device identification contained in the clear code information is consistent with the device identification decrypted from the secret code information, and if they are the same, the device identification that is unsigned in the signature file is determined Has not been tampered with.
通过以上对待处理数据关联的设备标识进行的未篡改验证,可防止发生通过篡改待处理数据关联的设备标识而进行服务资源占用的情况。例如,若待处理数据真实关联的设备标识为一未进行服务激活的自主移动设备的设备标识,即使将待处理数据关联的设备标识篡改为一已经进行服务激活的自主移动设备的设备标识,本实施例中,通过未篡改验证处理,可确定该待处理数据对应的验证结果为:设备标识对应的自主移动设备在服务认证触发事件发生之前未进行过服务激活。Through the above non-tampering verification of the device identification associated with the data to be processed, it is possible to prevent the occurrence of service resource occupation by tampering with the device identification associated with the data to be processed. For example, if the device ID that is actually associated with the data to be processed is the device ID of an autonomous mobile device that has not activated the service, even if the device ID associated with the data to be processed is tampered with the device ID of an autonomous mobile device that has already activated the service, this In the embodiment, through the non-tampering verification processing, it can be determined that the verification result corresponding to the to-be-processed data is: the autonomous mobile device corresponding to the device identification has not performed service activation before the service authentication trigger event occurs.
在上述或下述实施例中,若根据服务激活记录和设备标识,验证设备标识对应的自主移动设备是否在服务认证事件发生之前已经进行过服务激活,对应的验证结果为:设备标识对应的自主移动设备在服务认证事件发生之前已经进行过服务激活。则可获取待处理数据关联的任务开始时间。In the above or following embodiments, if it is verified whether the autonomous mobile device corresponding to the device ID has already activated the service before the service authentication event occurs according to the service activation record and the device ID, the corresponding verification result is: the autonomous mobile device corresponding to the device ID The mobile device has already activated the service before the service authentication event occurs. Then, the start time of the task associated with the data to be processed can be obtained.
正如前文提及的,待处理数据可能是自主移动设备执行任务而生成的任务数据,因此,可在任务数据的生产过程中关联任务开始时间。As mentioned above, the data to be processed may be task data generated by autonomous mobile devices to perform tasks. Therefore, the task start time can be associated in the production process of task data.
实际应用中,任务开始时间可配置在前述实施例中提及的签名文件中。签名文件的明码信息中可包括任务开始时间,暗码信息中可包括对任务开始时间的暗加密结果。据此,可在使用任务开始时间之前,判断明码信息中包含的任务开始时间和从暗码信息中解密出的任务开始时间是否一致;若判断结果为是,则将解签出的任务开始时间作为待处理数据关联的任务开始时间。In practical applications, the task start time can be configured in the signature file mentioned in the foregoing embodiment. The clear code information of the signature file may include the mission start time, and the secret code information may include the secret encryption result of the mission start time. Based on this, before using the task start time, it can be judged whether the task start time contained in the clear code information and the task start time decrypted from the password information are consistent; if the result of the judgment is yes, then the unchecked out task start time is used as The start time of the task associated with the pending data.
本实施例中,还可获取设备标识对应的自主移动设备的服务激活时间。实际应用中,可在前述实施例中提及的服务激活过程中,将服务激活时间保存在服务激活记录中。另外,服务激活时间也可采用加密的方式进行保存,以避免服务激活时间被篡改。In this embodiment, the service activation time of the autonomous mobile device corresponding to the device identifier can also be obtained. In practical applications, the service activation time can be stored in the service activation record during the service activation process mentioned in the foregoing embodiment. In addition, the service activation time can also be stored in an encrypted manner to prevent the service activation time from being tampered with.
在此基础上,可判断待处理数据的任务开始时间是否晚于其关联的设备 标识对应的自主移动设备的服务激活时间。若判断结果为是,则可确定待处理数据通过服务认证。On this basis, it can be determined whether the task start time of the data to be processed is later than the service activation time of the autonomous mobile device corresponding to its associated device ID. If the judgment result is yes, it can be determined that the data to be processed has passed the service authentication.
其中,本实施例中的服务激活时间为初次激活时间,且为根据实际发生的服务激活过程而记录的,另外,以加密的形式进行保存,这些措施可保证服务激活时间的准确性,从而更加准确地判断任务开始时间和服务激活时间的先后。Among them, the service activation time in this embodiment is the initial activation time, and is recorded according to the actual service activation process. In addition, it is stored in an encrypted form. These measures can ensure the accuracy of the service activation time, thereby improving the accuracy of the service activation time. Accurately judge the sequence of the task start time and the service activation time.
通过以上对待处理数据关联的任务开始时间进行的未篡改验证以及对服务激活时间的防篡改措施,可防止发生通过篡改待处理数据关联的任务开始时间和/或服务激活时间而进行服务资源占用的情况。例如,若待处理数据真实关联的任务开始时间早于其关联的设备标识对应的自主移动设备的服务激活时间,即使将待处理数据关联的任务开始时间篡改为晚于其关联的设备标识对应的自主移动设备的服务激活时间,本实施例中,通过未篡改验证处理,可确定该待处理数据未通过服务认证。Through the above non-tampering verification of the task start time associated with the data to be processed and the anti-tampering measures on the service activation time, it is possible to prevent the occurrence of service resource occupation by tampering with the task start time and/or service activation time associated with the data to be processed Happening. For example, if the task start time associated with the data to be processed is earlier than the service activation time of the autonomous mobile device corresponding to its associated device ID, even if the task start time associated with the data to be processed is tampered with to be later than the corresponding device ID. For the service activation time of the autonomous mobile device, in this embodiment, through the non-tampering verification process, it can be determined that the data to be processed has not passed the service authentication.
本实施例中。通过比较任务开始时间和服务激活时间,可确保待处理数据为自主移动设备在其进行服务激活后而产生的,从而避免将服务资源用于处理自主移动设备进行服务激活之前而产生的任务数据。In this embodiment. By comparing the task start time and the service activation time, it can be ensured that the data to be processed is generated by the autonomous mobile device after the service is activated, thereby avoiding the use of service resources for processing task data generated by the autonomous mobile device before the service activation.
在上述或下述实施例中,还可对待处理数据进行未篡改验证,在确定待处理数据未被篡改的情况下,若确定待处理数据通过服务认证,为待处理数据提供数据处理服务。In the above or the following embodiments, the data to be processed can also be verified without tampering. In the case where it is determined that the data to be processed has not been tampered with, if it is determined that the data to be processed has passed the service authentication, data processing services are provided for the data to be processed.
其中,本实施例中不限定对待处理数据进行未篡改验证和对待处理数据进行服务认证的处理顺序,两个处理过程可先后执行,也可同步执行。Among them, this embodiment does not limit the processing sequence of performing non-tampering verification on the data to be processed and performing service authentication on the data to be processed. The two processing procedures can be executed sequentially or simultaneously.
对待处理数据进行未篡改验证的实现方式有多种,以下将以其中一种进行详细说明。There are many ways to implement non-tampering verification on the data to be processed, and one of them will be described in detail below.
在该实现方式中,可获取待处理数据关联的校验码;采用与校验码一致的校验算法,对待处理数据进行校验计算,获得实际校验码;若实际校验码与获取到的待处理数据关联的校验码一致,则可确定待处理数据未被篡改。校验码可以是MD5码等,本实施例对此不作限定。In this implementation, the check code associated with the data to be processed can be obtained; the check algorithm consistent with the check code is used to perform the check calculation on the data to be processed to obtain the actual check code; if the actual check code is the same as that obtained If the check codes associated with the data to be processed are consistent, it can be determined that the data to be processed has not been tampered with. The check code may be an MD5 code, etc., which is not limited in this embodiment.
其中,在实际应用中,待处理数据关联的校验码可配置在前述实施例提及的签名文件中,且可配置在签名文件中的暗码信息中,以保证校验码的安全性。Among them, in practical applications, the verification code associated with the data to be processed may be configured in the signature file mentioned in the foregoing embodiment, and may be configured in the password information in the signature file to ensure the security of the verification code.
通过对待处理数据进行未篡改验证,可保证待处理数据的安全性,从而保证数据处理结果的准确性。By performing non-tampering verification on the data to be processed, the security of the data to be processed can be guaranteed, thereby ensuring the accuracy of the data processing result.
另外,对任务开始时间的未篡改验证、对设备标识的未篡改验证以及对待处理数据的未篡改验证,可作为验证设备标识对应的自主移动设备是否在服务认证事件发生之前已经进行过服务激活操作的先决条件,也即这几个方面的未篡改验证都通过的情况下,再执行验证设备标识对应的自主移动设备是否在服务认证事件发生之前已经进行过服务激活的操作。这可保证为服务认证提供准确的认证基础信息,从而可杜绝通过篡改认证基础信息而占用服务资源的情况发生。In addition, the non-tampering verification of the task start time, the non-tampering verification of the device ID, and the non-tampering verification of the data to be processed can be used to verify whether the autonomous mobile device corresponding to the device ID has performed the service activation operation before the service authentication event occurs. The prerequisite for this, that is, under the condition that all the tamper-free verifications in these aspects are passed, the autonomous mobile device corresponding to the device identification is then executed to verify whether the service activation operation has been performed before the service authentication event occurs. This can ensure that accurate basic authentication information is provided for service authentication, thereby preventing the occupation of service resources by tampering with the basic authentication information.
在实际应用中,待处理数据关联的签名文件中的明码信息中可包含设备标识及任务开始时间,暗码信息中可包含对设备标识、待处理数据的校验值以及任务开始时间的加密结果。基于此,可基于签名文件同步进行以上几个方面的未篡改验证。In practical applications, the clear code information in the signature file associated with the data to be processed may include the device identification and task start time, and the password information may include the encryption result of the device identification, the check value of the data to be processed, and the task start time. Based on this, the above-mentioned non-tampering verification can be performed based on the synchronization of the signature file.
图2为本申请另一实施例提供的一种服务认证方法的流程示意图。如图2所示,该方法包括:FIG. 2 is a schematic flowchart of a service authentication method provided by another embodiment of this application. As shown in Figure 2, the method includes:
步骤200、获取设备标识;Step 200: Obtain a device identification;
步骤201、对设备标识进行加密处理,以生成暗码信息;Step 201: Perform encryption processing on the device identification to generate password information;
步骤202、将设备标识,以及暗码信息提供给数据处理服务器,以供数据处理服务器进行服务认证。Step 202: Provide the device identification and password information to the data processing server for the data processing server to perform service authentication.
然而并非限于此,根据本发明的另一实施方式,获取设备标识和任务数据;对设备标识进行加密处理,以生成暗码信息;将任务数据、设备标识,以及暗码信息提供给数据处理服务器,以供数据处理服务器进行服务认证。However, it is not limited to this. According to another embodiment of the present invention, the device identification and task data are obtained; the device identification is encrypted to generate password information; the task data, device identification, and password information are provided to the data processing server to For the data processing server to perform service authentication.
本实施例中,主要从自主移动设备侧对服务认证方法进行阐述。其中,自主移动设备中的相机、加密组件及飞行控制器(例如,无人机的飞行控制 器)将参与本实施例中的方案实现过程In this embodiment, the service authentication method is mainly explained from the side of the autonomous mobile device. Among them, the camera, encryption component and flight controller (for example, the flight controller of a drone) in the autonomous mobile device will participate in the implementation process of the solution in this embodiment
本实施例中,可由相机向加密组件发送加密请求,加密组件可向飞行控制器请求自主移动设备的设备标识,以获取到自主移动设备的设备标识。另外,对加密组件来说,还可对请求到的设备标识进行加密,以产生暗码信息,并将暗码信息返回给相机。In this embodiment, the camera can send an encryption request to the encryption component, and the encryption component can request the flight controller for the device identification of the autonomous mobile device to obtain the device identification of the autonomous mobile device. In addition, for the encryption component, the requested device identification can also be encrypted to generate secret code information and return the secret code information to the camera.
基于此,可由相机在任务完成后,建立任务数据与设备标识之间的关联关系。Based on this, the camera can establish an association relationship between the task data and the device identification after the task is completed.
实际应用中,相机可在执行任务的过程中,在自主移动设备的存储装置中生产任务数据,并关联构建一签名文件。基于签名文件,相机可将加密组件返回的设备标识和暗码信息配置在签名文件中。In practical applications, the camera can produce task data in the storage device of the autonomous mobile device during the execution of the task, and build a signature file in association with it. Based on the signature file, the camera can configure the device identification and password information returned by the encryption component in the signature file.
据此,相机还可将任务数据和签名文件进行关联,以保证两者同步传输。值得说明的是,此处的关联可以标识、索引等形式表征关联关系,也可以是以同步传输的机制表征关联关系,本实施例对此不作限定。Accordingly, the camera can also associate the task data with the signature file to ensure synchronous transmission of the two. It is worth noting that the association here may represent the association relationship in the form of an identification, index, etc., or may be a mechanism of synchronous transmission to represent the association relationship, which is not limited in this embodiment.
这样,可实现任务数据将与设备标识的关联,从而为任务数据标注其生产者的身份。In this way, it can be realized that the task data will be associated with the device identification, thereby marking the identity of the producer of the task data.
在步骤202中,任务数据将与设备标识以及暗码信息同步提供给数据处理服务器,数据处理服务器可在服务认证触发事件发生的情况下,对任务数据进行服务认证。其中,关于数据处理服务器中的服务认证过程可参考前述实施例中的相关描述,在此不再赘述。In step 202, the task data will be provided to the data processing server in synchronization with the device identification and password information, and the data processing server can perform service authentication on the task data when a service authentication trigger event occurs. For the service authentication process in the data processing server, reference may be made to the relevant description in the foregoing embodiment, which will not be repeated here.
在一种实现方式中,自主移动设备可将任务数据、设备标识以及暗码信息自主提供给数据处理服务器。或者,自主移动设备可将设备标识以及暗码信息自主提供给数据处理服务器。该实现方式中,需要建立自主移动设备与数据处理服务器之间的通信链路。In one implementation, the autonomous mobile device can autonomously provide task data, device identification, and password information to the data processing server. Alternatively, the autonomous mobile device can autonomously provide the device identification and password information to the data processing server. In this implementation, a communication link between the autonomous mobile device and the data processing server needs to be established.
在另一种实现方式中,自主移动设备可将任务数据、设备标识以及暗码信息发送至数据中继设备,以利用数据中继设备将任务数据、设备标识以及暗码信息提供给数据处理服务器。或者,自主移动设备可将设备标识以及暗码信息发送至数据中继设备,以利用数据中继设备将设备标识以及暗码信息 提供给数据处理服务器。In another implementation manner, the autonomous mobile device can send task data, device identification, and password information to the data relay device, so as to use the data relay device to provide the task data, device identification, and password information to the data processing server. Alternatively, the autonomous mobile device can send the device identification and password information to the data relay device, so as to provide the device identification and password information to the data processing server using the data relay device.
实际应用中,无需建立自主移动设备与数据处理服务器之间的通信链路,自主移动设备的存储装置可插装于数据中继设备上,以供数据中继设备从该存储装置中读取任务数据及其关联的签名文件。从而,数据中继设备可获取到任务数据设备标识及暗码信息,并提供给数据处理服务器。In practical applications, there is no need to establish a communication link between the autonomous mobile device and the data processing server. The storage device of the autonomous mobile device can be plugged into the data relay device for the data relay device to read tasks from the storage device. Data and its associated signature file. Thus, the data relay device can obtain the task data device identification and password information, and provide them to the data processing server.
其中,数据中继设备可以是自主移动设备的遥控器,还可以是任意的计算设备或移动设备等,本实施例对此不作限定。The data relay device may be a remote control of an autonomous mobile device, or any computing device or mobile device, etc., which is not limited in this embodiment.
本实施例中,在任务完成后,可建立任务数据与设备标识之间的关联关系,从而为任务数据标注其生产者的身份,而且,通过以暗码信息的形式传输设备标识,可防止设备标识被篡改,为数据处理服务器的服务认证提供准确地认证基础信息,保证服务资源的成功使用。In this embodiment, after the task is completed, the association relationship between the task data and the device identification can be established to mark the identity of the producer of the task data. Moreover, the device identification can be prevented by transmitting the device identification in the form of password information. It is tampered with to provide accurate basic information for the service authentication of the data processing server to ensure the successful use of service resources.
在上述或下述实施例中,相机还可根据任务数据进行校验计算,以产生任务数据的校验码,并将校验码发送至加密组件。加密组件可对校验码进行加密,并配置到暗码信息中。In the foregoing or following embodiments, the camera may also perform verification calculations based on the task data to generate a verification code of the task data, and send the verification code to the encryption component. The encryption component can encrypt the check code and configure it in the secret code information.
相机还可记录任务数据的任务开始时间,并将任务开始时间发送至加密组件,加密组件可对任务开始时间进行加密,并配置到暗码信息。The camera can also record the task start time of the task data and send the task start time to the encryption component. The encryption component can encrypt the task start time and configure the password information.
这样,暗码信息中可包含对设备标识、任务开始时间和任务数据对应的校验值的加密结果。加密组件可将这样的暗码信息提供给相机。In this way, the password information may include the encryption result of the device identification, the task start time, and the check value corresponding to the task data. The encryption component can provide such secret code information to the camera.
在此基础上,相机可根据其从加密组件获取到的设备标识及暗码信息,以及记录的任务开始时间,构建签名文件。这样,产生的签名文件中可包含明码信息和暗码信息,明码信息中可包含设备标识和任务开始时间,暗码信息中可包含设备标识、任务开始时间以及任务数据对应的校验值的加密结果。On this basis, the camera can construct a signature file based on the device identification and password information it obtains from the encryption component, as well as the recorded task start time. In this way, the generated signature file can contain clear code information and password information, the clear code information can contain the device identification and task start time, and the password information can contain the device identification, task start time, and the encryption result of the check value corresponding to the task data.
本实施例中,通过将任务数据的任务开始时间及校验码等信息配置到签名文件中,可建立任务数据与任务开始时间及校验码之间的关联关系,从而在自主移动设备侧实现对任务数据的属性标注,以供数据处理服务器对任务数据进行服务认证。In this embodiment, by configuring information such as the task start time and check code of the task data into the signature file, the association relationship between the task data and the task start time and check code can be established, thereby implementing on the autonomous mobile device side Mark the attributes of the task data for the data processing server to perform service authentication on the task data.
图3为本申请又一实施例提供的一种服务认证方法的流程示意图。如图3 所示,该方法包括:FIG. 3 is a schematic flowchart of a service authentication method provided by another embodiment of this application. As shown in Figure 3, the method includes:
步骤300、获取自主移动设备提供的任务数据以及任务数据关联的设备标识;Step 300: Obtain the task data provided by the autonomous mobile device and the device identification associated with the task data;
步骤301、将所述设备标识,或者任务数据和设备标识,提供给数据处理服务器,以供数据处理服务器基于设备标识对任务数据进行服务认证。Step 301: Provide the device identification, or the task data and the device identification, to the data processing server, so that the data processing server can perform service authentication on the task data based on the device identification.
本实施例中,主要从数据中继设备侧对服务认证方法进行阐述。In this embodiment, the service authentication method is mainly explained from the side of the data relay device.
正如前文中的实施例中提及到的,数据中继设备可参与到数据处理服务器对自主移动设备生产的任务数据的服务认证过程中。其中,关于自主移动设备及数据处理服务器中的相关处理细节,可参考前述实施例中的描述,在此不再赘述。As mentioned in the previous embodiment, the data relay device can participate in the service authentication process of the task data produced by the autonomous mobile device by the data processing server. For details of related processing in the autonomous mobile device and the data processing server, reference may be made to the description in the foregoing embodiment, which will not be repeated here.
在步骤300中,可在检测到自主移动设备的存储装置插装于所述数据中继设备的情况下,从该存储装置中获取自主移动设备的任务数据以及任务数据关联的设备标识。In step 300, when it is detected that the storage device of the autonomous mobile device is inserted into the data relay device, the task data of the autonomous mobile device and the device identification associated with the task data can be obtained from the storage device.
本实施例中,通过数据中继设备可将任务数据和设备标识提供给数据处理服务器,这使得自主移动设备无需建立与数据处理服务器之间的通信链路,简化了操作环节,从而可提高数据处理效率。In this embodiment, the task data and device identification can be provided to the data processing server through the data relay device, which eliminates the need for the autonomous mobile device to establish a communication link with the data processing server, simplifies the operation link, and can improve the data Processing efficiency.
另外,本实施例中,数据中继设备还可承载服务激活的功能。In addition, in this embodiment, the data relay device can also carry the service activation function.
本实施例中,可响应于针对自主移动设备的服务激活操作,获取激活码;获取自主移动设备的设备标识;根据激活码和设备标识,生成服务激活请求;将服务激活请求发送至数据处理服务器,以供数据处理服务器对自主移动设备进行服务激活。In this embodiment, the activation code can be obtained in response to the service activation operation for the autonomous mobile device; the device ID of the autonomous mobile device can be obtained; the service activation request can be generated according to the activation code and the device ID; the service activation request can be sent to the data processing server , For the data processing server to activate the service on the autonomous mobile device.
其中,数据处理服务器中与服务激活相关的技术细节可参考前述实施例中的描述,在此不再赘述。For the technical details related to service activation in the data processing server, reference may be made to the description in the foregoing embodiment, which will not be repeated here.
另外,值得说明的是,上述将设备标识,或者将任务数据和设备标识提供给数据处理服务器的处理环节和对自主移动设备进行服务激活的环节,可在同一数据中继设备中进行,当然,也可在不同的数据中继设备中进行,本实施例对此不作限定。In addition, it is worth noting that the above processing link of providing device identification, or task data and device identification to the data processing server and the link of service activation for autonomous mobile devices can be performed in the same data relay device. Of course, It can also be performed in different data relay devices, which is not limited in this embodiment.
图4为本申请又一实施例提供的一种PPK解算服务认证的应用场景示意图。以下将结合图4,以PPK解算服务为例,进行服务认证过程的详细描述。FIG. 4 is a schematic diagram of an application scenario of PPK solution service authentication provided by another embodiment of this application. In the following, a detailed description of the service authentication process will be carried out with reference to Figure 4, taking the PPK solution service as an example.
如图4所示,PPK解算服务的系统架构中包括自主移动设备1、数据中继设备2和数据处理服务器3。其中,数据中继设备2用于将自主移动设备1产生的任务数据及自主移动设备1的设备标识发送至数据处理服务器3,这可免去自主移动设备1与数据处理服务器3之间多次建立通信链路的麻烦。在某些情况下,系统架构中也可无数据中继设备2的参与,而由自主移动设备1直接将任务数据和设备标识提供给数据处理服务器3,图4中暂不讨论这种情况。As shown in Figure 4, the system architecture of the PPK solution service includes an autonomous mobile device 1, a data relay device 2, and a data processing server 3. Among them, the data relay device 2 is used to send the task data generated by the autonomous mobile device 1 and the device identification of the autonomous mobile device 1 to the data processing server 3, which can avoid multiple communication between the autonomous mobile device 1 and the data processing server 3 The trouble of establishing a communication link. In some cases, the data relay device 2 may not be involved in the system architecture, and the autonomous mobile device 1 directly provides the task data and device identification to the data processing server 3. This situation is not discussed in FIG. 4 for the time being.
在对自主移动设备1进行服务激活的过程中,数据中继设备2可与自主移动设备1建立无线通信,并获取自主移动设备(例如,无人机)1的SN号(作为设备标识)。另外,数据中继设备2还可响应于激活码输入操作,获取针对自主移动设备1而输入的激活码。数据中继设备2可将激活码及获取到的设备标识提供给数据处理服务器3,数据处理服务器3可在该激活码可用的情况下,将激活码、SN号及服务激活时间进行加密,作为自主移动设备1的激活数据存储至服务激活记录中。In the process of service activation for the autonomous mobile device 1, the data relay device 2 can establish wireless communication with the autonomous mobile device 1, and obtain the SN number (as a device identification) of the autonomous mobile device (for example, a drone) 1. In addition, the data relay device 2 can also obtain the activation code input for the autonomous mobile device 1 in response to the activation code input operation. The data relay device 2 can provide the activation code and the acquired device identification to the data processing server 3, and the data processing server 3 can encrypt the activation code, SN number, and service activation time when the activation code is available, as The activation data of the autonomous mobile device 1 is stored in the service activation record.
自主移动设备1在执行任务时,其上的处理器(具体可为相机)会在SD卡内创建一个任务文件夹,用于存储相机拍照数据(例如,无人机飞行过程中所拍摄的照片文件、以及拍照记录文件)以及从RTK板卡中获取到的GNSS原始观测值数据(用于后续的PPK解算处理),这些作为本实施例中的任务数据。其中,拍照记录文件包括拍照时间,以及其他拍照属性等。When the autonomous mobile device 1 performs a task, the processor (specifically a camera) on it will create a task folder in the SD card for storing camera photo data (for example, photos taken during a drone flight) Files, and photo recording files) and the original GNSS observation data obtained from the RTK board (used in the subsequent PPK calculation processing), which are used as task data in this embodiment. Among them, the photographing record file includes photographing time and other photographing attributes.
在开始执行任务作业时,处理器还会记录任务开始时间。When starting to execute a task job, the processor also records the task start time.
在完成任务后,处理器发送命令给1860AP(即,一种处理器,该处理器可作为加密组件),请求加密数据,同时根据任务数据计算MD5校验码,并将任务开始时间和校验码发送给1860AP。After completing the task, the processor sends a command to 1860AP (that is, a processor that can be used as an encryption component) to request encrypted data, and at the same time calculates the MD5 check code based on the task data, and adds the task start time to the checksum The code is sent to 1860AP.
1860AP接到处理器的请求后,向飞行控制器请求设备SN号(例如,无人机的AN号),飞行控制器将SN号传输给自主移动设备1的1860AP,1860AP 结合SN号、校验码及任务开始时间通过加密算法进行加密,生成暗码信息。After receiving the request from the processor, the 1860AP requests the device SN number (for example, the AN number of the drone) from the flight controller, and the flight controller transmits the SN number to the 1860AP of the autonomous mobile device 1. The 1860AP combines the SN number and verification The code and task start time are encrypted by an encryption algorithm to generate secret code information.
1860AP将暗码信息传输到处理器,处理器将SN号以及任务开始时间作为明码信息,结合前述的暗码信息,在任务文件夹下生成.sig签名文件。The 1860AP transmits the secret code information to the processor, and the processor uses the SN number and the task start time as the clear code information, and combines the aforementioned secret code information to generate a .sig signature file in the task folder.
在此基础上,当需要对自主移动设备1的本次任务数据进行PPK解算时,可将自主移动设备1的SD卡取下,并插装至数据中继设备2上。On this basis, when it is necessary to perform PPK calculation on the task data of the autonomous mobile device 1, the SD card of the autonomous mobile device 1 can be removed and inserted into the data relay device 2.
数据中继设备2可从SD卡中获取任务数据和签名文件并上传至数据处理服务器3。The data relay device 2 can obtain task data and signature files from the SD card and upload them to the data processing server 3.
上传事件作为服务认证触发事件,数据处理服务器3将在接收到任务数据和签名文件的情况下,启动对任务数据的服务认证。The upload event is used as a service authentication trigger event, and the data processing server 3 will start the service authentication of the task data upon receiving the task data and the signature file.
首先,数据处理服务器3可对签名文件进行解签,获得以下信息:First, the data processing server 3 can unsign the signature file and obtain the following information:
1.写入.sig签名文件的明码信息中的SN号1. Write the SN number in the clear code information of the .sig signature file
2.写入.sig签名文件的明码信息中的任务开始时间2. The start time of the task written in the clear information of the .sig signature file
3.从暗码信息中解密出的SN号3. The SN number decrypted from the secret code information
4.从暗码信息中解密出的任务开始时间4. The task start time decrypted from the secret code information
5.从暗码信息中解密出的MD55. MD5 decrypted from the secret code information
基于这些信息,分别比对:Based on this information, compare:
1.明码信息中的SN号与从暗码信息中解密出的SN号1. The SN number in the clear code information and the SN number decrypted from the secret code information
2.明码信息中的任务开始时间与从暗码信息中解密出的任务开始时间2. The start time of the task in the clear code information and the start time of the task decrypted from the secret code information
3.从暗码信息中解密出的MD5与根据任务数据计算出的MD53. The MD5 decrypted from the password information and the MD5 calculated based on the task data
如果几组比对都一致,则说明任务数据及签名文件中的SN号和任务开始时间均未被篡改。If several sets of comparisons are consistent, it means that the task data and the SN number and the task start time in the signature file have not been tampered with.
在此基础上,可将从签名文件中解签出的SN号与已激活的激活码进行加密而产生认证信息,并在服务激活记录中查找是否存在与该认证信息匹配的目标激活数据,其中,此处的加密算法应与前述的服务激活过程中的加密算法一致。若服务激活记录中存在自主移动设备1的激活数据,则此处可匹配出目标激活数据,同时也表征着生产该任务数据的自主移动设备1在本次服务认证触发事件之前已经进行过服务激活。On this basis, the SN number unsigned from the signature file and the activated activation code can be encrypted to generate authentication information, and the service activation record can be used to find out whether there is target activation data that matches the authentication information. , The encryption algorithm here should be consistent with the encryption algorithm in the aforementioned service activation process. If the activation data of the autonomous mobile device 1 exists in the service activation record, the target activation data can be matched here, and it also indicates that the autonomous mobile device 1 that produced the task data has already activated the service before this service authentication trigger event .
此时,可继续判断从签名文件中解签出的任务开始时间是否晚于从签名文件中解签出的设备标识对应的自主移动设备1的服务激活时间。如果是,则确定本次任务数据通过服务认证,可为该任务数据提供PPK解算服务。At this time, it can continue to determine whether the start time of the task unchecked out from the signature file is later than the service activation time of the autonomous mobile device 1 corresponding to the device ID unchecked out from the signature file. If it is, it is determined that the mission data passed the service certification, and the PPK solution service can be provided for the mission data.
图5为本申请又一实施例提供的一种数据处理服务器的结构示意图。如图5所示,该数据处理服务器包括:存储器50、处理器51以及通信组件52。FIG. 5 is a schematic structural diagram of a data processing server provided by another embodiment of this application. As shown in FIG. 5, the data processing server includes: a memory 50, a processor 51, and a communication component 52.
处理器51,与存储器50及通信组件52耦合,用于执行存储器中的计算机程序,以用于:The processor 51 is coupled with the memory 50 and the communication component 52, and is configured to execute computer programs in the memory for:
通过通信组件52获取待处理数据关联的设备标识,以响应服务认证触发事件;Obtain the device identification associated with the to-be-processed data through the communication component 52 to respond to the service authentication trigger event;
根据服务激活记录和设备标识,验证设备标识对应的自主移动设备是否在服务认证触发事件发生之前已经进行过服务激活;According to the service activation record and device ID, verify whether the autonomous mobile device corresponding to the device ID has already activated the service before the service authentication trigger event occurs;
基于验证结果,确定待处理数据是否通过服务认证。Based on the verification result, it is determined whether the data to be processed passes the service authentication.
在一可选实施例中,处理器51在根据服务激活记录和设备标识,验证设备标识对应的自主移动设备是否在服务认证触发事件发生之前已经进行过服务激活时,用于:In an optional embodiment, the processor 51 is configured to: when verifying whether the autonomous mobile device corresponding to the device ID has already activated the service before the service authentication trigger event occurs, according to the service activation record and the device ID, the processor 51 is used to:
对已激活的激活码和设备标识一起进行加密,得到第一认证信息;Encrypt the activated activation code and device identification together to obtain the first authentication information;
判断服务激活记录中是否存在与第一认证信息匹配的目标激活数据,目标激活数据是根据在对设备标识对应的自主移动设备进行服务激活的过程中获取到的激活码和设备标识进行加密得到的加密信息;Determine whether there is target activation data matching the first authentication information in the service activation record. The target activation data is obtained by encrypting the activation code and the device ID obtained during service activation of the autonomous mobile device corresponding to the device ID Encrypted information;
若存在目标激活数据,确定设备标识对应的自主移动设备在发出服务认证请求之前已经进行过服务激活。If there is target activation data, it is determined that the autonomous mobile device corresponding to the device identifier has performed service activation before issuing the service authentication request.
在一可选实施例中,处理器51在对设备标识对应的自主移动设备进行服务激活的过程时,用于:In an optional embodiment, the processor 51 is configured to: when performing a service activation process on the autonomous mobile device corresponding to the device identifier:
接收服务激活请求,服务激活请求中包含激活码和自主移动设备的设备标识;Receive a service activation request, the service activation request contains the activation code and the device identification of the autonomous mobile device;
若确定激活码为可用激活码,则对激活码和设备标识进行加密,以获得目标激活数据;If it is determined that the activation code is a usable activation code, encrypt the activation code and device identification to obtain the target activation data;
将目标激活数据保存至服务激活记录中。Save the target activation data to the service activation record.
在一可选实施例中,处理器51在获取待处理数据关联的设备标识时,用于:In an optional embodiment, the processor 51 is configured to: when acquiring the device identification associated with the to-be-processed data:
获取待处理数据关联的签名文件;Obtain the signature file associated with the data to be processed;
从签名文件中解签出设备标识。Uncheck out the device identification from the signature file.
在一可选实施例中,签名文件中包括明码信息和暗码信息,明码信息中至少包含设备标识,暗码信息中至少包含对设备标识的加密结果,处理器51在验证设备标识对应的自主移动设备是否在服务认证触发事件发生之前已经进行过服务激活之前,还用于:In an optional embodiment, the signature file includes clear code information and secret code information, the clear code information includes at least the device identification, and the secret code information includes at least the encryption result of the device identification. The processor 51 verifies the autonomous mobile device corresponding to the device identification. Whether the service has been activated before the service authentication trigger event occurs, and it is also used to:
判断明码信息中包含的设备标识与从暗码信息中解密出的设备标识是否一致;Determine whether the device identification contained in the clear code information is consistent with the device identification decrypted from the secret code information;
若判断结果为是,则执行验证设备标识对应的自主移动设备是否在服务认证触发事件发生之前已经进行过服务激活的操作。If the result of the judgment is yes, the operation of verifying whether the autonomous mobile device corresponding to the device identification has already performed service activation before the occurrence of the service authentication trigger event is performed.
在一可选实施例中,处理器51在基于验证结果,确定待处理数据是否通过服务认证时,用于:In an optional embodiment, when the processor 51 determines whether the data to be processed passes the service authentication based on the verification result, the processor 51 is configured to:
若验证结果为设备标识对应的自主移动设备在服务认证触发事件发生之前已经进行过服务激活,获取待处理数据关联的任务开始时间;If the verification result is that the autonomous mobile device corresponding to the device identifier has already activated the service before the service authentication trigger event occurs, obtain the start time of the task associated with the to-be-processed data;
获取自主移动设备对应的服务激活时间;Obtain the service activation time corresponding to the autonomous mobile device;
判断任务开始时间是否晚于服务激活时间;Determine whether the task start time is later than the service activation time;
若是,确定待处理数据通过服务认证。If yes, confirm that the data to be processed passes the service authentication.
在一可选实施例中,处理器51在判断任务开始时间是否晚于服务激活时间之前,还用于:In an optional embodiment, before determining whether the task start time is later than the service activation time, the processor 51 is further configured to:
对多数任务开始时间进行未篡改验证;以及Verify that the start time of most tasks has not been tampered with; and
在确定任务开始时间未被篡改的情况下,执行判断任务开始时间是否晚于服务激活时间的操作。When it is determined that the task start time has not been tampered with, an operation of determining whether the task start time is later than the service activation time is performed.
在一可选实施例中,处理器51还用于:In an optional embodiment, the processor 51 is further configured to:
获取待处理数据关联的签名文件,签名文件包括明码信息和暗码信息, 明码信息包括设备标识或任务开始时间中的至少一种;Acquire a signature file associated with the data to be processed, the signature file includes clear code information and password information, and the clear code information includes at least one of a device identification or a task start time;
将暗码信息进行解密,以得到已解密的暗码信息;Decrypt the secret code information to obtain the decrypted secret code information;
将已解密的暗码信息和明码信息进行比较,以判断已解密的暗码信息和明码信息是否一致;Compare the decrypted code information with the clear code information to determine whether the decrypted code information is consistent with the clear code information;
若已解密的暗码信息和明码信息一致,则验证设备标识对应的自主移动设备是否在服务认证触发事件发生之前已经进行过服务激活。If the decrypted code information is consistent with the clear code information, it is verified whether the autonomous mobile device corresponding to the device identifier has already activated the service before the service authentication trigger event occurs.
在一可选实施例中,暗码信息中还包括待处理数据对应的校验码,处理器51还用于:In an optional embodiment, the password information further includes a check code corresponding to the data to be processed, and the processor 51 is further configured to:
对待处理数据进行校验计算,获得实际校验码;Perform verification calculation on the data to be processed to obtain the actual verification code;
若实际校验码与暗码信息中的校验码一致,则验证设备标识对应的自主移动设备是否在服务认证触发事件发生之前已经进行过服务激活。If the actual check code is consistent with the check code in the secret code information, it is verified whether the autonomous mobile device corresponding to the device identifier has already activated the service before the service authentication trigger event occurs.
在一可选实施例中,自主移动设备为无人机或无人驾驶车辆。In an optional embodiment, the autonomous mobile device is a drone or an unmanned vehicle.
进一步,如图5所示,该数据处理服务器还包括:电源组件53等其它组件。图5中仅示意性给出部分组件,并不意味着数据处理服务器只包括图5所示组件。Further, as shown in FIG. 5, the data processing server further includes: a power supply component 53 and other components. Only some components are schematically shown in FIG. 5, which does not mean that the data processing server only includes the components shown in FIG. 5.
值得说明的是,上述针对数据处理服务器的各实施例中的技术细节,可参考前述服务认证方法的相关实施例中的描述,为节省篇幅,在此不再赘述,但这不应造成对本申请保护范围的损失。It is worth noting that, for the technical details in the above embodiments of the data processing server, please refer to the descriptions in the related embodiments of the aforementioned service authentication method. To save space, we will not repeat them here, but this should not cause damage to this application. Loss of protection range.
相应地,本申请实施例还提供一种存储有计算机程序的计算机可读存储介质,计算机程序被执行时能够实现上述方法实施例中可由数据处理服务器执行的各步骤。Correspondingly, an embodiment of the present application also provides a computer-readable storage medium storing a computer program, and when the computer program is executed, the steps that can be executed by the data processing server in the foregoing method embodiments can be implemented.
图6为本申请又一实施例提供的一种自主移动设备的结构示意图。如图6所示,该自主移动设备可包括:存储器60、处理器61以及通信组件62。FIG. 6 is a schematic structural diagram of an autonomous mobile device provided by another embodiment of this application. As shown in FIG. 6, the autonomous mobile device may include: a memory 60, a processor 61, and a communication component 62.
处理器61,与存储器60及通信组件62耦合,用于执行存储器中的计算机程序,以用于:The processor 61 is coupled with the memory 60 and the communication component 62, and is configured to execute computer programs in the memory for:
获取设备标识;Obtain device identification;
对设备标识进行加密处理,以生成暗码信息;Encrypt the device identification to generate secret code information;
通过通信组件62将设备标识,以及暗码信息提供给数据处理服务器,以供数据处理服务器进行服务认证。The device identification and password information are provided to the data processing server through the communication component 62 for the data processing server to perform service authentication.
或者,or,
处理器61,与存储器60及通信组件62耦合,用于执行存储器中的计算机程序,以用于:The processor 61 is coupled with the memory 60 and the communication component 62, and is configured to execute computer programs in the memory for:
获取设备标识和任务数据;Obtain device identification and task data;
对设备标识进行加密处理,以生成暗码信息;Encrypt the device identification to generate secret code information;
通过通信组件62将任务数据、设备标识,以及暗码信息提供给数据处理服务器,以供数据处理服务器进行服务认证。The task data, device identification, and password information are provided to the data processing server through the communication component 62 for the data processing server to perform service authentication.
在一可选实施例中,处理器61在将设备标识提供给数据处理服务器时,用于:In an optional embodiment, when the processor 61 provides the device identification to the data processing server, it is used to:
通过通信组件62将设备标识以及暗码信息发送至数据处理服务器;或者Send the device identification and password information to the data processing server through the communication component 62; or
通过通信组件62将设备标识以及暗码信息发送至数据中继设备,以利用数据中继设备将设备标识以及暗码信息提供给数据处理服务器。The device identification and password information are sent to the data relay device through the communication component 62, so that the data relay device is used to provide the device identification and password information to the data processing server.
或者,or,
在一可选实施例中,处理器61在将设备标识提供给数据处理服务器时,用于:In an optional embodiment, when the processor 61 provides the device identification to the data processing server, it is used to:
通过通信组件62将任务数据和设备标识以及暗码信息发送至数据处理服务器;或者Send the task data, device identification and password information to the data processing server through the communication component 62; or
通过通信组件62将任务数据和设备标识以及暗码信息发送至数据中继设备,以利用数据中继设备将任务数据和设备标识以及暗码信息提供给数据处理服务器。The task data, the device identification and the password information are sent to the data relay device through the communication component 62, so that the data relay device provides the task data, the device identification and the password information to the data processing server.
在一可选实施例中,处理器61用于:In an optional embodiment, the processor 61 is configured to:
向加密组件63发送加密请求,以利用加密组件63对包括设备标识的明码信息进行加密而获得暗码信息;Send an encryption request to the encryption component 63 to use the encryption component 63 to encrypt the clear code information including the device identification to obtain the secret code information;
根据明码信息以及暗码信息,生成签名文件;Generate a signature file based on the clear code information and the secret code information;
将签名文件发送至数据处理服务器。Send the signature file to the data processing server.
在一可选实施例中,处理器61还用于:In an optional embodiment, the processor 61 is further configured to:
获取任务数据的任务开始时间;Task start time for obtaining task data;
将任务开始时间配置到明码信息中,以利用加密组件63对包含设备标识和任务开始时间的明码信息进行加密而获得暗码信息。The task start time is configured into the clear code information, so that the encryption component 63 is used to encrypt the clear code information including the device identification and the task start time to obtain the password information.
在一可选实施例中,处理器61还用于:In an optional embodiment, the processor 61 is further configured to:
计算任务数据对应的校验码;Calculate the check code corresponding to the task data;
将校验码配置到暗码信息中。Configure the check code into the password information.
进一步,如图6所示,该自主移动设备还包括:电源组件64、飞行控制器65、相机66等其它组件。例如,当自主移动设备是无人机时,该自主移动设备包括,无人机的供电电源,无人机的飞行控制器,以及安装于无人机上的相机。图6中仅示意性给出部分组件,并不意味着自主移动设备只包括图6所示组件。Further, as shown in FIG. 6, the autonomous mobile device further includes: a power supply component 64, a flight controller 65, a camera 66 and other components. For example, when the autonomous mobile device is a drone, the autonomous mobile device includes the power supply of the drone, the flight controller of the drone, and the camera installed on the drone. Only some of the components are schematically shown in FIG. 6, which does not mean that the autonomous mobile device only includes the components shown in FIG. 6.
值得说明的是,上述针对自主移动设备的各实施例中的技术细节,可参考前述服务认证方法的相关实施例中的描述,为节省篇幅,在此不再赘述,但这不应造成对本申请保护范围的损失。It is worth noting that the technical details in the above embodiments for autonomous mobile devices can be referred to the descriptions in the related embodiments of the aforementioned service authentication method. To save space, we will not repeat them here, but this should not cause any damage to this application. Loss of protection range.
相应地,本申请实施例还提供一种存储有计算机程序的计算机可读存储介质,计算机程序被执行时能够实现上述方法实施例中可由自主移动设备执行的各步骤。Correspondingly, an embodiment of the present application also provides a computer-readable storage medium storing a computer program, and when the computer program is executed, each step that can be executed by an autonomous mobile device in the foregoing method embodiment can be implemented.
图7为本申请又一实施例提供的一种数据中继设备的结构示意图。如图7所示,该数据中继设备包括:存储器70、处理器71以及通信组件72。FIG. 7 is a schematic structural diagram of a data relay device provided by another embodiment of this application. As shown in FIG. 7, the data relay device includes: a memory 70, a processor 71, and a communication component 72.
处理器71,与存储器70及通信组件72耦合,用于执行存储器中的计算机程序,以用于:The processor 71 is coupled with the memory 70 and the communication component 72, and is configured to execute a computer program in the memory for:
通过通信组件72获取自主移动设备提供的任务数据以及任务数据关联的设备标识;Obtain the task data provided by the autonomous mobile device and the device identification associated with the task data through the communication component 72;
通过通信组件72将设备标识,或者任务数据和设备标识,提供给数据处理服务器,以供数据处理服务器基于设备标识对任务数据进行服务认证。The device identification, or the task data and the device identification, are provided to the data processing server through the communication component 72, so that the data processing server can perform service authentication on the task data based on the device identification.
在一可选实施例中,处理器72还用于:In an optional embodiment, the processor 72 is further configured to:
响应于针对自主移动设备的服务激活操作,获取激活码;Acquire the activation code in response to the service activation operation for the autonomous mobile device;
获取自主移动设备的设备标识;Obtain the device identification of the autonomous mobile device;
根据激活码和设备标识,生成服务激活请求;Generate a service activation request based on the activation code and device identification;
通过通信组件72将服务激活请求发送至数据处理服务器,以供数据处理服务器对自主移动设备进行服务激活。The service activation request is sent to the data processing server through the communication component 72 for the data processing server to perform service activation on the autonomous mobile device.
进一步,如图7所示,该数据中继设备还包括:电源组件73等其它组件。图7中仅示意性给出部分组件,并不意味着数据中继设备只包括图7所示组件。Furthermore, as shown in FIG. 7, the data relay device further includes: a power supply component 73 and other components. Only some components are schematically shown in FIG. 7, which does not mean that the data relay device only includes the components shown in FIG. 7.
值得说明的是,上述针对数据中继设备的各实施例中的技术细节,可参考前述服务认证方法的相关实施例的描述,为节省篇幅,在此不再赘述,但这不应造成对本申请保护范围的损失。It is worth noting that, for the technical details in the foregoing embodiments of the data relay device, reference may be made to the description of the related embodiments of the foregoing service authentication method. In order to save space, the details are not repeated here, but this should not cause any damage to the application. Loss of protection range.
相应地,本申请实施例还提供一种存储有计算机程序的计算机可读存储介质,计算机程序被执行时能够实现上述方法实施例中可由数据中继设备执行的各步骤。Correspondingly, an embodiment of the present application also provides a computer-readable storage medium storing a computer program, and when the computer program is executed, the steps that can be executed by the data relay device in the foregoing method embodiment can be implemented.
其中,图5、6和7中的存储器,用于存储计算机程序,并可被配置为存储其它各种数据以支持在其所属设备上的操作。这些数据的示例包括用于在其所属设备上操作的任何应用程序或方法的指令,联系人数据,电话簿数据,消息,图片,视频等。存储器可以由任何类型的易失性或非易失性存储设备或者它们的组合实现,如静态随机存取存储器(SRAM),电可擦除可编程只读存储器(EEPROM),可擦除可编程只读存储器(EPROM),可编程只读存储器(PROM),只读存储器(ROM),磁存储器,快闪存储器,磁盘或光盘。Among them, the memories in FIGS. 5, 6 and 7 are used to store computer programs, and can be configured to store various other data to support operations on the device to which they belong. Examples of such data include instructions for any application or method operated on the device to which it belongs, contact data, phone book data, messages, pictures, videos, etc. The memory can be implemented by any type of volatile or non-volatile storage devices or their combination, such as static random access memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable and programmable Read only memory (EPROM), programmable read only memory (PROM), read only memory (ROM), magnetic memory, flash memory, magnetic disk or optical disk.
其中,图5、6和7中的通信组件被配置为便于通信组件所在设备和其他设备之间有线或无线方式的通信。通信组件所在设备可以接入基于通信标准的无线网络,如WiFi,2G或3G,或它们的组合。在一个示例性实施例中,通信组件经由广播信道接收来自外部广播管理系统的广播信号或广播相关信息。在一个示例性实施例中,所述通信组件可基于近场通信(NFC)技术、射频识别(RFID)技术、红外数据协会(IrDA)技术、超宽带(UWB)技术、 蓝牙(BT)技术或其它技术来实现,以促进短程通信。Wherein, the communication components in Figures 5, 6 and 7 are configured to facilitate wired or wireless communication between the device where the communication component is located and other devices. The device where the communication component is located can access a wireless network based on a communication standard, such as WiFi, 2G or 3G, or a combination of them. In an exemplary embodiment, the communication component receives a broadcast signal or broadcast related information from an external broadcast management system via a broadcast channel. In an exemplary embodiment, the communication component may be based on near field communication (NFC) technology, radio frequency identification (RFID) technology, infrared data association (IrDA) technology, ultra-wideband (UWB) technology, Bluetooth (BT) technology, or Other technologies are implemented to facilitate short-range communication.
其中,图5、6和7中的电源组件,为电源组件所在设备的各种组件提供电力。电源组件可以包括电源管理系统,一个或多个电源,及其他与为电源组件所在设备生成、管理和分配电力相关联的组件。Among them, the power supply components in Figures 5, 6 and 7 provide power for various components of the equipment where the power supply component is located. The power supply component may include a power management system, one or more power supplies, and other components associated with generating, managing, and distributing power for the device where the power supply component is located.
本领域内的技术人员应明白,本发明的实施例可提供为方法、系统、或计算机程序产品。因此,本发明可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本发明可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art should understand that the embodiments of the present invention can be provided as a method, a system, or a computer program product. Therefore, the present invention may adopt the form of a complete hardware embodiment, a complete software embodiment, or an embodiment combining software and hardware. Moreover, the present invention may adopt the form of a computer program product implemented on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program codes.
本发明是参照根据本发明实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理服务器的处理器以产生一个机器,使得通过计算机或其他可编程数据处理服务器的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present invention is described with reference to flowcharts and/or block diagrams of methods, devices (systems), and computer program products according to embodiments of the present invention. It should be understood that each process and/or block in the flowchart and/or block diagram, and the combination of processes and/or blocks in the flowchart and/or block diagram can be implemented by computer program instructions. These computer program instructions can be provided to the processor of a general-purpose computer, a special-purpose computer, an embedded processor, or other programmable data processing server to generate a machine, so that the instructions executed by the processor of the computer or other programmable data processing server are generated for use. It is a device that realizes the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理服务器以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions can also be stored in a computer-readable memory that can guide a computer or other programmable data processing server to work in a specific manner, so that the instructions stored in the computer-readable memory produce an article of manufacture including the instruction device. The device implements the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
这些计算机程序指令也可装载到计算机或其他可编程数据处理服务器上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded on a computer or other programmable data processing server, so that a series of operation steps are executed on the computer or other programmable equipment to produce computer-implemented processing, so as to execute on the computer or other programmable equipment. The instructions provide steps for implementing the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
在一个典型的配置中,计算设备包括一个或多个处理器(CPU)、输入/输出接口、网络接口和内存。In a typical configuration, the computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
内存可能包括计算机可读介质中的非永久性存储器,随机存取存储器(RAM)和/或非易失性内存等形式,如只读存储器(ROM)或闪存(flash RAM)。内存是计算机可读介质的示例。The memory may include non-permanent memory in a computer readable medium, random access memory (RAM) and/or non-volatile memory, such as read-only memory (ROM) or flash memory (flash RAM). Memory is an example of computer readable media.
计算机可读介质包括永久性和非永久性、可移动和非可移动媒体可以由任何方法或技术来实现信息存储。信息可以是计算机可读指令、数据结构、程序的模块或其他数据。计算机的存储介质的例子包括,但不限于相变内存(PRAM)、静态随机存取存储器(SRAM)、动态随机存取存储器(DRAM)、其他类型的随机存取存储器(RAM)、只读存储器(ROM)、电可擦除可编程只读存储器(EEPROM)、快闪记忆体或其他内存技术、只读光盘只读存储器(CD-ROM)、数字多功能光盘(DVD)或其他光学存储、磁盒式磁带,磁带磁磁盘存储或其他磁性存储设备或任何其他非传输介质,可用于存储可以被计算设备访问的信息。按照本文中的界定,计算机可读介质不包括暂存电脑可读媒体(transitory media),如调制的数据信号和载波。Computer-readable media include permanent and non-permanent, removable and non-removable media, and information storage can be realized by any method or technology. The information can be computer-readable instructions, data structures, program modules, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technology, CD-ROM, digital versatile disc (DVD) or other optical storage, Magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices or any other non-transmission media can be used to store information that can be accessed by computing devices. According to the definition in this article, computer-readable media does not include transitory media, such as modulated data signals and carrier waves.
还需要说明的是,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、商品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、商品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括所述要素的过程、方法、商品或者设备中还存在另外的相同要素。It should also be noted that the terms "include", "include" or any other variants thereof are intended to cover non-exclusive inclusion, so that a process, method, commodity or equipment including a series of elements not only includes those elements, but also includes Other elements that are not explicitly listed, or they also include elements inherent to such processes, methods, commodities, or equipment. If there are no more restrictions, the element defined by the sentence "including a..." does not exclude the existence of other identical elements in the process, method, commodity, or equipment that includes the element.
以上所述仅为本申请的实施例而已,并不用于限制本申请。对于本领域技术人员来说,本申请可以有各种更改和变化。凡在本申请的精神和原理之内所作的任何修改、等同替换、改进等,均应包含在本申请的权利要求范围之内。The foregoing descriptions are only examples of the present application, and are not used to limit the present application. For those skilled in the art, this application can have various modifications and changes. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of this application shall be included in the scope of the claims of this application.

Claims (24)

  1. 一种服务认证方法,其特征在于,包括:A service authentication method, characterized in that it includes:
    获取待处理数据关联的设备标识,以响应服务认证触发事件;Obtain the device identification associated with the data to be processed to respond to the service authentication trigger event;
    根据服务激活记录和所述设备标识,验证所述设备标识对应的自主移动设备是否在所述服务认证触发事件发生之前已经进行过服务激活;Verifying, according to the service activation record and the device identifier, whether the autonomous mobile device corresponding to the device identifier has performed service activation before the service authentication trigger event occurs;
    基于验证结果,确定所述待处理数据是否通过服务认证。Based on the verification result, it is determined whether the to-be-processed data passes service authentication.
  2. 根据权利要求1所述的方法,其特征在于,所述根据服务激活记录和所述设备标识,验证所述设备标识对应的自主移动设备是否在所述服务认证触发事件发生之前已经进行过服务激活,包括:The method according to claim 1, characterized in that, according to the service activation record and the device ID, verify whether the autonomous mobile device corresponding to the device ID has already activated the service before the service authentication trigger event occurs ,include:
    对已激活的激活码和所述设备标识一起进行加密,得到第一认证信息;Encrypting the activated activation code and the device identifier together to obtain the first authentication information;
    判断所述服务激活记录中是否存在与所述第一认证信息匹配的目标激活数据,所述目标激活数据是根据在对所述设备标识对应的自主移动设备进行服务激活的过程中获取到的激活码和设备标识进行加密得到的加密信息;Determine whether there is target activation data matching the first authentication information in the service activation record, and the target activation data is based on the activation obtained during service activation of the autonomous mobile device corresponding to the device identifier Encrypted information obtained by encrypting code and device ID;
    若存在所述目标激活数据,确定所述设备标识对应的自主移动设备在发出所述服务认证请求之前已经进行过服务激活。If the target activation data exists, it is determined that the autonomous mobile device corresponding to the device identifier has already activated the service before issuing the service authentication request.
  3. 根据权利要求2所述的方法,其特征在于,所述对所述设备标识对应的自主移动设备进行服务激活的过程,包括:The method according to claim 2, wherein the process of performing service activation on the autonomous mobile device corresponding to the device identifier comprises:
    接收服务激活请求,所述服务激活请求中包含激活码和所述自主移动设备的设备标识;Receiving a service activation request, where the service activation request includes an activation code and the device identification of the autonomous mobile device;
    若确定所述激活码为可用激活码,则对所述激活码和所述设备标识进行加密,以获得所述目标激活数据;If it is determined that the activation code is a usable activation code, encrypt the activation code and the device identification to obtain the target activation data;
    将所述目标激活数据保存至所述服务激活记录中。The target activation data is saved in the service activation record.
  4. 根据权利要求1所述的方法,其特征在于,所述获取待处理数据关联的设备标识,包括:The method according to claim 1, wherein said obtaining the device identification associated with the to-be-processed data comprises:
    获取待处理数据关联的签名文件;Obtain the signature file associated with the data to be processed;
    从所述签名文件中解签出所述设备标识。Uncheck out the device identification from the signature file.
  5. 根据权利要求4所述的方法,其特征在于,所述签名文件中包括所述明码信息和暗码信息,所述明码信息至少包含设备标识,所述暗码信息中至少包含对设备标识的加密结果,在验证所述设备标识对应的自主移动设备是否在所述服务认证触发事件发生之前已经进行过服务激活之前,还包括:The method according to claim 4, wherein the signature file includes the clear code information and the secret code information, the clear code information includes at least a device identifier, and the secret code information includes at least an encryption result of the device identifier, Before verifying whether the autonomous mobile device corresponding to the device identifier has performed service activation before the service authentication trigger event occurs, the method further includes:
    判断所述明码信息中包含的设备标识与从所述暗码信息中解密出的设备标识是否一致;Judging whether the device identification included in the clear code information is consistent with the device identification decrypted from the secret code information;
    若判断结果为是,则执行所述验证所述设备标识对应的自主移动设备是否在所述服务认证触发事件发生之前已经进行过服务激活的操作。If the result of the judgment is yes, the operation of verifying whether the autonomous mobile device corresponding to the device identification has already performed service activation before the occurrence of the service authentication trigger event is performed.
  6. 根据权利要求1所述的方法,其特征在于,所述基于验证结果,确定所述待处理数据是否通过服务认证,包括:The method according to claim 1, wherein the determining whether the to-be-processed data passes service authentication based on the verification result comprises:
    若所述验证结果为所述设备标识对应的自主移动设备在所述服务认证触发事件发生之前已经进行过服务激活,获取所述待处理数据关联的任务开始时间;If the verification result is that the autonomous mobile device corresponding to the device identifier has already activated the service before the service authentication trigger event occurs, acquiring the task start time associated with the to-be-processed data;
    获取所述自主移动设备对应的服务激活时间;Acquiring the service activation time corresponding to the autonomous mobile device;
    判断所述任务开始时间是否晚于所述服务激活时间;Determine whether the task start time is later than the service activation time;
    若是,确定所述待处理数据通过服务认证。If yes, it is determined that the to-be-processed data passes service authentication.
  7. 根据权利要求6所述的方法,其特征在于,所述判断所述任务开始时间是否晚于所述服务激活时间之前,还包括:The method according to claim 6, wherein the judging whether the task start time is later than the service activation time, further comprises:
    对所述任务开始时间进行未篡改验证;以及Verify that the task start time has not been tampered with; and
    在确定所述任务开始时间未被篡改的情况下,执行所述判断所述任务开始时间是否晚于所述服务激活时间的操作。In the case where it is determined that the task start time has not been tampered with, the operation of determining whether the task start time is later than the service activation time is performed.
  8. 根据权利要求1所述的方法,其特征在于,进一步包括:The method according to claim 1, further comprising:
    获取待处理数据关联的签名文件,所述签名文件包括明码信息和暗码信息,所述明码信息包括设备标识或任务开始时间中的至少一种;Acquiring a signature file associated with the to-be-processed data, where the signature file includes clear code information and password information, and the clear code information includes at least one of a device identification or a task start time;
    将所述暗码信息进行解密,以得到已解密的暗码信息;Decrypt the secret code information to obtain decrypted secret code information;
    将已解密的暗码信息和所述明码信息进行比较,以判断所述已解密的暗码信息和所述明码信息是否一致;Comparing the decrypted code information with the clear code information to determine whether the decrypted code information is consistent with the clear code information;
    若所述已解密的暗码信息和所述明码信息一致,则验证所述设备标识对应的自主移动设备是否在所述服务认证触发事件发生之前已经进行过服务激活。If the decrypted code information is consistent with the clear code information, it is verified whether the autonomous mobile device corresponding to the device identifier has performed service activation before the service authentication trigger event occurs.
  9. 根据权利要求8所述的方法,其特征在于,所述暗码信息中还包括所述待处理数据对应的校验码;所述方法还包括:The method according to claim 8, wherein the password information further includes a check code corresponding to the data to be processed; the method further comprises:
    对所述待处理数据进行校验计算,获得实际校验码;Perform verification calculations on the to-be-processed data to obtain an actual verification code;
    若所述实际校验码与所述暗码信息中的校验码一致,则验证所述设备标识对应的自主移动设备是否在所述服务认证触发事件发生之前已经进行过服务激活。If the actual check code is consistent with the check code in the secret code information, it is verified whether the autonomous mobile device corresponding to the device identifier has already activated the service before the service authentication trigger event occurs.
  10. 根据权利要求1所述的方法,其特征在于,所述自主移动设备为无人机或无人驾驶车辆。The method according to claim 1, wherein the autonomous mobile device is a drone or an unmanned vehicle.
  11. 一种服务认证方法,其特征在于,包括:A service authentication method, characterized in that it includes:
    获取设备标识;Obtain device identification;
    对所述设备标识进行加密处理,以生成暗码信息;Encrypting the device identification to generate password information;
    将所述设备标识,以及所述暗码信息提供给数据处理服务器,以供所述数据处理服务器进行服务认证。The device identification and the password information are provided to a data processing server for the data processing server to perform service authentication.
  12. 根据权利要求11所述的方法,其特征在于,所述将所述设备标识以及所述暗码信息提供给数据处理服务器,包括:The method according to claim 11, wherein said providing said device identification and said secret code information to a data processing server comprises:
    将所述设备标识以及所述暗码信息发送至所述数据处理服务器;或者Sending the device identification and the secret code information to the data processing server; or
    将所述设备标识以及所述暗码信息发送至数据中继设备,以利用所述数据中继设备将所述设备标识以及所述暗码信息提供给所述数据处理服务器。The device identification and the password information are sent to a data relay device, so as to use the data relay device to provide the device identification and the password information to the data processing server.
  13. 根据权利要求11所述的方法,其特征在于,包括:The method according to claim 11, characterized by comprising:
    向加密组件发送加密请求,以利用所述加密组件对包括所述设备标识的明码信息进行加密而获得暗码信息;Sending an encryption request to the encryption component, so as to use the encryption component to encrypt the clear code information including the device identification to obtain encrypted code information;
    根据所述明码信息以及所述暗码信息,生成所述签名文件;Generating the signature file according to the clear code information and the secret code information;
    将所述签名文件发送至所述数据处理服务器。Sending the signature file to the data processing server.
  14. 根据权利要求13所述的方法,其特征在于,还包括:The method according to claim 13, further comprising:
    获取任务数据的任务开始时间;Task start time for obtaining task data;
    将所述任务开始时间配置到所述明码信息中,以利用所述加密组件对包含所述设备标识和所述任务开始时间的明码信息进行加密而获得所述暗码信息。The task start time is configured into the clear code information, so as to use the encryption component to encrypt the clear code information including the device identification and the task start time to obtain the secret code information.
  15. 根据权利要求13或14所述的方法,其特征在于,还包括:The method according to claim 13 or 14, further comprising:
    计算所述任务数据对应的校验码;Calculating the check code corresponding to the task data;
    将所述校验码配置到所述暗码信息中。The check code is configured into the secret code information.
  16. 一种服务认证方法,其特征在于,包括:A service authentication method, characterized in that it includes:
    获取自主移动设备提供的任务数据以及所述任务数据关联的设备标识;Acquiring task data provided by an autonomous mobile device and a device identifier associated with the task data;
    将所述设备标识,或者所述任务数据和所述设备标识,提供给数据处理服务器,以供所述数据处理服务器基于所述设备标识对所述任务数据进行服务认证。The device identification, or the task data and the device identification are provided to a data processing server, so that the data processing server performs service authentication on the task data based on the device identification.
  17. 根据权利要求16所述的方法,其特征在于,还包括:The method according to claim 16, further comprising:
    响应于针对所述自主移动设备的服务激活操作,获取激活码;In response to the service activation operation for the autonomous mobile device, obtaining an activation code;
    获取所述自主移动设备的设备标识;Acquiring the device identification of the autonomous mobile device;
    根据所述激活码和所述设备标识,生成服务激活请求;Generate a service activation request according to the activation code and the device identifier;
    将所述服务激活请求发送至所述数据处理服务器,以供所述数据处理服务器对所述自主移动设备进行服务激活。The service activation request is sent to the data processing server for the data processing server to perform service activation on the autonomous mobile device.
  18. 一种数据处理服务器,其特征在于,包括存储器、处理器和通信组件;A data processing server, which is characterized by comprising a memory, a processor, and a communication component;
    所述存储器用于存储一条或多条计算机指令;The memory is used to store one or more computer instructions;
    所述处理器与所述存储器及所述通信组件耦合,用于执行所述一条或多条计算机指令,以用于:The processor is coupled with the memory and the communication component, and is configured to execute the one or more computer instructions for:
    通过所述通信组件获取待处理数据关联的设备标识,以响应服务认证触发事件;Obtain the device identification associated with the to-be-processed data through the communication component to respond to the service authentication trigger event;
    根据服务激活记录和所述设备标识,验证所述设备标识对应的自主移动设备是否在所述服务认证触发事件发生之前已经进行过服务激活;Verifying, according to the service activation record and the device identifier, whether the autonomous mobile device corresponding to the device identifier has performed service activation before the service authentication trigger event occurs;
    基于验证结果,确定所述待处理数据是否通过服务认证。Based on the verification result, it is determined whether the to-be-processed data passes service authentication.
  19. 一种自主移动设备,其特征在于,包括存储器、处理器和通信组件;An autonomous mobile device, which is characterized by comprising a memory, a processor and a communication component;
    所述存储器用于存储一条或多条计算机指令;The memory is used to store one or more computer instructions;
    所述处理器与所述存储器及所述通信组件耦合,用于执行所述一条或多条计算机指令,以用于:The processor is coupled with the memory and the communication component, and is configured to execute the one or more computer instructions for:
    获取设备标识;Obtain device identification;
    对所述设备标识进行加密处理,以生成暗码信息;Encrypting the device identification to generate password information;
    通过所述通信组件将所述设备标识,以及所述暗码信息提供给数据处理 服务器,以供所述数据处理服务器进行服务认证。The device identifier and the password information are provided to the data processing server through the communication component, so that the data processing server can perform service authentication.
  20. 一种数据中继设备,其特征在于,包括存储器、处理器和通信组件;A data relay device, which is characterized by comprising a memory, a processor, and a communication component;
    所述存储器用于存储一条或多条计算机指令;The memory is used to store one or more computer instructions;
    所述处理器与所述存储器及所述通信组件耦合,用于执行所述一条或多条计算机指令,以用于:The processor is coupled with the memory and the communication component, and is configured to execute the one or more computer instructions for:
    获取自主移动设备提供的任务数据以及所述任务数据关联的设备标识;Acquiring task data provided by an autonomous mobile device and a device identifier associated with the task data;
    通过所述通信组件将所述设备标识,或者所述任务数据和所述设备标识,提供给数据处理服务器,以供所述数据处理服务器基于所述设备标识对所述任务数据进行服务认证。The device identification, or the task data and the device identification are provided to a data processing server through the communication component, so that the data processing server performs service authentication on the task data based on the device identification.
  21. 根据权利要求20所述的数据中继设备,其特征在于,所述数据中继设备为所述自主移动设备的遥控器。The data relay device according to claim 20, wherein the data relay device is a remote control of the autonomous mobile device.
  22. 一种存储计算机指令的计算机可读存储介质,其特征在于,当所述计算机指令被一个或多个处理器执行时,致使所述一个或多个处理器执行以下操作:A computer-readable storage medium storing computer instructions, wherein when the computer instructions are executed by one or more processors, the one or more processors are caused to perform the following operations:
    获取待处理数据关联的设备标识,以响应服务认证触发事件;Obtain the device identification associated with the data to be processed to respond to the service authentication trigger event;
    根据服务激活记录和所述设备标识,验证所述设备标识对应的自主移动设备是否在所述服务认证触发事件发生之前已经进行过服务激活;Verifying, according to the service activation record and the device identifier, whether the autonomous mobile device corresponding to the device identifier has performed service activation before the service authentication trigger event occurs;
    基于验证结果,确定所述待处理数据是否通过服务认证。Based on the verification result, it is determined whether the to-be-processed data passes service authentication.
  23. 一种存储计算机指令的计算机可读存储介质,其特征在于,当所述计算机指令被一个或多个处理器执行时,致使所述一个或多个处理器执行以下操作:A computer-readable storage medium storing computer instructions, wherein when the computer instructions are executed by one or more processors, the one or more processors are caused to perform the following operations:
    获取设备标识;Obtain device identification;
    对所述设备标识进行加密处理,以生成暗码信息;Encrypting the device identification to generate password information;
    将所述设备标识,以及所述暗码信息提供给数据处理服务器,以供所述数据处理服务器进行服务认证。The device identification and the password information are provided to a data processing server for the data processing server to perform service authentication.
  24. 一种存储计算机指令的计算机可读存储介质,其特征在于,当所述计算机指令被一个或多个处理器执行时,致使所述一个或多个处理器执行以下操作:A computer-readable storage medium storing computer instructions, wherein when the computer instructions are executed by one or more processors, the one or more processors are caused to perform the following operations:
    获取自主移动设备提供的任务数据以及所述任务数据关联的设备标识;Acquiring task data provided by an autonomous mobile device and a device identifier associated with the task data;
    将所述设备标识,或者所述任务数据和所述设备标识,提供给数据处理服务器,以供所述数据处理服务器基于所述设备标识对所述任务数据进行服务认证。The device identification, or the task data and the device identification are provided to a data processing server, so that the data processing server performs service authentication on the task data based on the device identification.
PCT/CN2019/114811 2019-10-31 2019-10-31 Service authentication method and device and storage medium WO2021081921A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/CN2019/114811 WO2021081921A1 (en) 2019-10-31 2019-10-31 Service authentication method and device and storage medium
CN201980033161.1A CN112166587A (en) 2019-10-31 2019-10-31 Service authentication method, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2019/114811 WO2021081921A1 (en) 2019-10-31 2019-10-31 Service authentication method and device and storage medium

Publications (1)

Publication Number Publication Date
WO2021081921A1 true WO2021081921A1 (en) 2021-05-06

Family

ID=73860380

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/114811 WO2021081921A1 (en) 2019-10-31 2019-10-31 Service authentication method and device and storage medium

Country Status (2)

Country Link
CN (1) CN112166587A (en)
WO (1) WO2021081921A1 (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170006072A1 (en) * 2015-06-30 2017-01-05 Siemens Aktiengesellschaft Controller and Method for Setting Up Communication Links to Redundantly Operated Controllers in an Industrial Automation System
CN107171809A (en) * 2017-06-23 2017-09-15 北京奇虎科技有限公司 The method and device of unmanned plane broadcasting multisignatures, electronic equipment, storage medium
CN107331213A (en) * 2017-05-27 2017-11-07 空网科技(北京)有限公司 A kind of unmanned plane monitoring and managing method, system
CN108496379A (en) * 2017-05-23 2018-09-04 深圳市大疆创新科技有限公司 Unmanned plane Activiation method, terminal, unmanned plane and machine readable storage medium
CN109155051A (en) * 2017-12-18 2019-01-04 深圳市大疆创新科技有限公司 Management method, server, the control equipment and system of unmanned plane
CN109302428A (en) * 2016-12-27 2019-02-01 深圳市大疆创新科技有限公司 The control method and equipment of unmanned plane

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102135256B1 (en) * 2019-08-08 2020-07-17 엘지전자 주식회사 Method for user authentication of vehicle in autonomous driving system and apparatus thereof

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170006072A1 (en) * 2015-06-30 2017-01-05 Siemens Aktiengesellschaft Controller and Method for Setting Up Communication Links to Redundantly Operated Controllers in an Industrial Automation System
CN109302428A (en) * 2016-12-27 2019-02-01 深圳市大疆创新科技有限公司 The control method and equipment of unmanned plane
CN108496379A (en) * 2017-05-23 2018-09-04 深圳市大疆创新科技有限公司 Unmanned plane Activiation method, terminal, unmanned plane and machine readable storage medium
CN107331213A (en) * 2017-05-27 2017-11-07 空网科技(北京)有限公司 A kind of unmanned plane monitoring and managing method, system
CN107171809A (en) * 2017-06-23 2017-09-15 北京奇虎科技有限公司 The method and device of unmanned plane broadcasting multisignatures, electronic equipment, storage medium
CN109155051A (en) * 2017-12-18 2019-01-04 深圳市大疆创新科技有限公司 Management method, server, the control equipment and system of unmanned plane

Also Published As

Publication number Publication date
CN112166587A (en) 2021-01-01

Similar Documents

Publication Publication Date Title
US10462128B2 (en) Verification of both identification and presence of objects over a network
KR102540090B1 (en) Electronic device and method for managing electronic key thereof
US10362483B2 (en) System, methods and devices for secure data storage with wireless authentication
CA3045670A1 (en) Controlling access to a locked space using cryptographic keys stored on a blockchain
US11330432B2 (en) Maintenance system and maintenance method
US8438384B2 (en) System and method for performing mutual authentication
CN110033259B (en) Block chain-based data evidence storing method and device and electronic equipment
KR102024339B1 (en) Memory system and binding method between the same and host
KR102159874B1 (en) Authorization method and device for joint account, and authentication method and device for joint account
CN112131298B (en) Data conversion method and device based on block chain
WO2016045189A1 (en) Data reading/writing method of dual-system terminal and dual-system terminal
WO2018111930A1 (en) Energy efficient communication for data asset transfers
KR102553145B1 (en) A secure element for processing and authenticating a digital key and operation metho thereof
KR20210134798A (en) Security Monitoring Using Blockchain
US9449193B2 (en) Information processing apparatus
CN111897621A (en) Virtual machine migration method, device, equipment, system and storage medium
CN115296794A (en) Key management method and device based on block chain
WO2019127151A1 (en) Detection method, detection device, and server
WO2021081921A1 (en) Service authentication method and device and storage medium
US20130326591A1 (en) Wireless communication device and wireless communication method
JP6201122B2 (en) Management server, monitoring system, and control method and program therefor
KR20200089562A (en) Method and apparatus for managing a shared digital key
CN113541965B (en) Communication authorization method, device, equipment and storage medium based on blockchain
KR20190108888A (en) Electronic device and certification method in electronic device
US11321323B2 (en) Method and system for searching for at least a specific datum in a user unit

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19950970

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19950970

Country of ref document: EP

Kind code of ref document: A1