CN113434837B

Movatterモバイル変換

Info

Publication number: CN113434837B
Application number: CN202110656314.7A
Authority: CN
Inventors: 王淼; 刘建国
Original assignee: Qingdao Haier Technology Co Ltd; Haier Smart Home Co Ltd
Current assignee: Qingdao Haier Technology Co Ltd; Haier Smart Home Co Ltd
Priority date: 2021-06-11
Filing date: 2021-06-11
Publication date: 2022-06-14
Anticipated expiration: 2041-06-11
Also published as: CN113434837A

Abstract

Description

Translated fromChinese

用于设备身份认证的方法、装置及智慧家庭系统Method, device and smart home system for device identity authentication

技术领域technical field

本申请涉及智慧家庭技术领域，例如涉及一种用于设备身份认证的方法、装置及智慧家庭系统。The present application relates to the field of smart home technologies, for example, to a method, an apparatus, and a smart home system for device identity authentication.

背景技术Background technique

目前，智慧家庭的边缘计算节点需要注册到智慧家庭的云平台上，而终端设备需要注册到边缘计算节点上，边缘计算节点承担了部分云平台的计算和存储的能力。现有的注册方案如下：智慧家庭云平台具有边缘计算节点的公钥，边缘计算节点内置私钥，通过密钥对完成智慧家庭云平台与边缘计算节点的双向认证；边缘计算节点具有终端设备的公钥，终端设备内置私钥，通过密钥对完成边缘计算节点与终端设备的双向认证。At present, the edge computing node of the smart home needs to be registered on the cloud platform of the smart home, and the terminal device needs to be registered on the edge computing node. The edge computing node undertakes the computing and storage capabilities of part of the cloud platform. The existing registration scheme is as follows: the smart home cloud platform has the public key of the edge computing node, the edge computing node has a built-in private key, and the two-way authentication between the smart home cloud platform and the edge computing node is completed through the key pair; The public key, the built-in private key of the terminal device, completes the two-way authentication between the edge computing node and the terminal device through the key pair.

在实现本公开实施例的过程中，发现相关技术中至少存在如下问题：In the process of implementing the embodiments of the present disclosure, it is found that at least the following problems exist in the related art:

随着智慧家庭中智能设备的发展，智能设备具备一定的存储能力和计算能力，例如智能电视、智能冰箱等，这样的智能设备不仅仅可充当终端设备，还可充当边缘计算节点。而智慧家庭中的智能设备往往属于不同厂商，充当终端设备的智能设备厂商与充当边缘计算节点的智能设备厂商往往是竞争关系，导致终端设备和边缘计算节点无法顺利的完成双向认证。With the development of smart devices in smart homes, smart devices have certain storage and computing capabilities, such as smart TVs, smart refrigerators, etc. Such smart devices can not only serve as terminal devices, but also serve as edge computing nodes. The smart devices in smart homes often belong to different manufacturers. The smart device manufacturers acting as terminal devices and the smart device manufacturers acting as edge computing nodes are often in a competitive relationship, resulting in the inability of the terminal device and the edge computing node to successfully complete the two-way authentication.

发明内容SUMMARY OF THE INVENTION

为了对披露的实施例的一些方面有基本的理解，下面给出了简单的概括。所述概括不是泛泛评述，也不是要确定关键/重要组成元素或描绘这些实施例的保护范围，而是作为后面的详细说明的序言。In order to provide a basic understanding of some aspects of the disclosed embodiments, a brief summary is given below. This summary is not intended to be an extensive review, nor to identify key/critical elements or delineate the scope of protection of these embodiments, but rather serves as a prelude to the detailed description that follows.

本公开实施例提供了一种用于身份认证的方法、装置和智慧家庭系统，以解决不同厂商提供的智能设备之间无法顺利完成双向认证的技术问题。The embodiments of the present disclosure provide a method, an apparatus, and a smart home system for identity authentication, so as to solve the technical problem that two-way authentication cannot be successfully completed between smart devices provided by different manufacturers.

在一些实施例中，用于设备身份认证的方法应用于云平台，所述方法包括：In some embodiments, a method for device identity authentication is applied to a cloud platform, the method comprising:

通过第一密钥对边缘计算节点的第二地址以及第一认证信息进行加密处理，获得第二加密地址以及第一加密认证信息；并通过第二密钥对终端设备的第一地址以及第二认证信息进行加密处理，获得第一加密地址以及第二加密认证信息；Encrypt the second address and the first authentication information of the edge computing node with the first key to obtain the second encrypted address and the first encrypted authentication information; and use the second key to encrypt the first address and the second authentication information of the terminal device The authentication information is encrypted to obtain the first encrypted address and the second encrypted authentication information;

将所述第二加密地址以及所述第二加密认证信息发送至所述终端设备，以使所述终端设备根据所述第二加密地址向所述边缘计算节点发送所述第二加密认证信息，所述边缘计算节点获得所述云平台发送的所述第二认证信息，并根据所述第二加密认证信息以及所述第二认证信息对所述终端设备进行认证；sending the second encrypted address and the second encrypted authentication information to the terminal device, so that the terminal device sends the second encrypted authentication information to the edge computing node according to the second encrypted address, The edge computing node obtains the second authentication information sent by the cloud platform, and authenticates the terminal device according to the second encrypted authentication information and the second authentication information;

将所述第一加密地址以及所述第一加密认证信息发送至所述边缘计算节点，以使所述边缘计算节点根据所述第一加密地址向所述终端设备发送的所述第一加密认证信息，所述终端设备获得所述云平台发送的所述第一认证信息，并根据所述第一加密认证信息以及所述第一认证信息对所述边缘计算节点进行认证。Send the first encrypted address and the first encrypted authentication information to the edge computing node, so that the edge computing node sends the first encrypted authentication to the terminal device according to the first encrypted address information, the terminal device obtains the first authentication information sent by the cloud platform, and authenticates the edge computing node according to the first encrypted authentication information and the first authentication information.

可选地，用于设备身份认证的方法还包括：接收所述终端设备发送的请求所述第一认证信息的第一请求信息，并根据所述云平台的第一公钥加密所述第一认证信息，获得第三加密认证信息，向所述终端设备反馈所述第三加密认证信息。Optionally, the method for device identity authentication further includes: receiving first request information sent by the terminal device for requesting the first authentication information, and encrypting the first authentication information according to the first public key of the cloud platform. authentication information, obtain third encrypted authentication information, and feed back the third encrypted authentication information to the terminal device.

可选地，用于设备身份认证的方法还包括：接收所述边缘计算节点发送的请求所述第二认证信息的第二请求信息，并根据所述云平台的第二公钥加密所述第二认证信息，获得第四加密认证信息，向所述边缘计算节点反馈所述第四加密认证信息。Optionally, the method for device identity authentication further includes: receiving second request information sent by the edge computing node for requesting the second authentication information, and encrypting the second authentication information according to the second public key of the cloud platform. Second authentication information, obtain fourth encrypted authentication information, and feed back the fourth encrypted authentication information to the edge computing node.

在一些实施例中，用于设备身份认证的方法应用于终端设备，所述方法包括：In some embodiments, a method for device identity authentication is applied to a terminal device, the method comprising:

当接收到云平台发送的第二加密地址和第二加密认证信息时，根据所述第二加密地址向边缘计算节点发送所述第二加密认证信息，以使所述边缘计算节点根据所述第二加密认证信息以及所述云平台发送的第二认证信息对所述终端设备进行认证；When receiving the second encrypted address and the second encrypted authentication information sent by the cloud platform, send the second encrypted authentication information to the edge computing node according to the second encrypted address, so that the edge computing node can 2. The encrypted authentication information and the second authentication information sent by the cloud platform authenticate the terminal device;

当接收到所述边缘计算节点发送的第一加密认证信息，以及所述云平台发送的第一认证信息时，根据所述第一加密认证信息以及所述第一认证信息对所述边缘计算节点进行认证；When receiving the first encrypted authentication information sent by the edge computing node and the first authentication information sent by the cloud platform, the edge computing node is notified according to the first encrypted authentication information and the first authentication information to authenticate;

其中，所述第二加密地址是所述云平台通过所述终端设备的第一密钥加密所述边缘计算节点的第二地址获得的，所述第二加密认证信息是所述云平台通过所述边缘计算节点的第二密钥加密第二认证信息获得的，所述第一加密认证信息是所述云平台通过所述终端设备的第一密钥加密所述第一认证信息获得的。The second encrypted address is obtained by the cloud platform by encrypting the second address of the edge computing node with the first key of the terminal device, and the second encrypted authentication information is obtained by the cloud platform through the obtained by encrypting the second authentication information with the second key of the edge computing node, and the first encrypted authentication information is obtained by the cloud platform encrypting the first authentication information with the first key of the terminal device.

可选地，根据所述第一加密认证信息以及所述第一认证信息对所述边缘计算节点进行认证，包括：根据所述第一密钥解密所述第一加密认证信息，获得第一待认证信息；如果所述第一认证信息和所述第一待认证信息匹配，则所述边缘计算节点通过认证。Optionally, authenticating the edge computing node according to the first encrypted authentication information and the first authentication information includes: decrypting the first encrypted authentication information according to the first key to obtain the first pending authentication information. Authentication information; if the first authentication information matches the first information to be authenticated, the edge computing node passes the authentication.

可选地，根据所述第二加密地址向所述边缘计算节点发送所述第二加密认证信息，包括：根据所述第一密钥解密所述第二加密地址，获得所述第二地址；根据所述第二地址向所述边缘计算节点发送所述第二加密认证信息。Optionally, sending the second encrypted authentication information to the edge computing node according to the second encrypted address includes: decrypting the second encrypted address according to the first key to obtain the second address; Send the second encrypted authentication information to the edge computing node according to the second address.

可选地，在根据所述第一加密认证信息以及所述第一认证信息对所述边缘计算节点进行认证之前，用于设备身份认证的方法还包括：向所述云平台发送请求所述第一认证信息的第一请求信息；接收所述云平台发送的与所述第一请求信息对应的第三加密认证信息；根据所述云平台的第一公钥解密所述第三加密认证信息，获得第一认证信息。Optionally, before the edge computing node is authenticated according to the first encrypted authentication information and the first authentication information, the method for device identity authentication further includes: sending a request to the cloud platform for the first authentication a first request information for authentication information; receive third encrypted authentication information corresponding to the first request information sent by the cloud platform; decrypt the third encrypted authentication information according to the first public key of the cloud platform, Obtain the first certification information.

可选地，在所述边缘计算节点通过认证，且所述终端设备通过认证之后，用于设备身份认证的方法还包括：向所述边缘计算节点发送注册请求；接收所述边缘计算节点反馈的注册成功消息。Optionally, after the edge computing node is authenticated and the terminal device is authenticated, the method for device identity authentication further includes: sending a registration request to the edge computing node; receiving feedback from the edge computing node. Registration success message.

在一些实施例中，用于设备身份认证的方法应用于边缘计算节点，所述方法包括：In some embodiments, a method for device identity authentication is applied to an edge computing node, the method comprising:

当接收到云平台发送的第一加密地址和第一加密认证信息时，根据所述第一加密地址向终端设备发送所述第一加密认证信息，以使所述终端设备根据所述第一加密认证信息以及所述云平台发送的第一认证信息对所述边缘计算节点进行认证；When receiving the first encrypted address and the first encrypted authentication information sent by the cloud platform, send the first encrypted authentication information to the terminal device according to the first encrypted address, so that the terminal device can use the first encrypted The authentication information and the first authentication information sent by the cloud platform authenticate the edge computing node;

当接收到获得所述终端设备发送的第二加密认证信息，以及所述云平台发送的第二认证信息时，根据所述第二加密认证信息以及所述第二认证信息对所述终端设备进行认证；When receiving the second encrypted authentication information sent by the terminal device and the second authentication information sent by the cloud platform, perform the second encryption authentication information on the terminal device according to the second encrypted authentication information and the second authentication information. certification;

其中，所述第一加密地址是所述云平台通过所述边缘计算节点的第二密钥加密所述终端设备的第一地址获得的，所述第一加密认证信息是所述云平台通过所述终端设备的第一密钥加密第一认证信息获得的，所述第二加密认证信息是所述云平台通过所述边缘计算节点的第二密钥加密所述第二认证信息获得的。The first encrypted address is obtained by the cloud platform by encrypting the first address of the terminal device with the second key of the edge computing node, and the first encrypted authentication information is obtained by the cloud platform through the obtained by encrypting the first authentication information with the first key of the terminal device, and the second encrypted authentication information is obtained by the cloud platform by encrypting the second authentication information with the second key of the edge computing node.

可选地，根据所述第二加密认证信息以及所述第二认证信息对所述终端设备进行认证，包括：根据所述第二密钥解密所述第二加密认证信息，获得第二待认证信息；如果所述第二认证信息和所述第二待认证信息匹配，则所述终端设备通过认证。Optionally, authenticating the terminal device according to the second encrypted authentication information and the second authentication information includes: decrypting the second encrypted authentication information according to the second key, and obtaining a second to-be-authenticated information; if the second authentication information matches the second to-be-authenticated information, the terminal device passes the authentication.

可选地，在根据所述第二加密认证信息以及所述第二认证信息对所述终端设备进行认证之前，用于设备身份认证的方法还包括：向所述云平台发送请求所述第二认证信息的第二请求信息；接收所述云平台发送的与所述第二请求信息对应的第四加密认证信息；根据所述云平台的第二公钥解密所述第四加密认证信息，获得第二认证信息。Optionally, before the terminal device is authenticated according to the second encrypted authentication information and the second authentication information, the method for device identity authentication further comprises: sending a request to the cloud platform for the second authentication second request information for authentication information; receive fourth encrypted authentication information corresponding to the second request information sent by the cloud platform; decrypt the fourth encrypted authentication information according to the second public key of the cloud platform, and obtain The second authentication information.

可选地，根据所述第一加密地址向所述终端设备发送所述第一加密认证信息，包括：根据所述第二密钥解密所述第一加密地址，获得所述第一地址；根据所述第一地址向所述终端设备发送所述第一加密认证信息。Optionally, sending the first encrypted authentication information to the terminal device according to the first encrypted address includes: decrypting the first encrypted address according to the second key to obtain the first address; The first address sends the first encrypted authentication information to the terminal device.

可选地，在确定所述终端设备通过认证，且所述边缘计算节点通过认证之后，用于设备身份认证的方法还包括：接收所述终端设备发送的注册请求；向所述终端设备反馈注册成功消息。Optionally, after it is determined that the terminal device has passed the authentication and the edge computing node has passed the authentication, the method for device identity authentication further includes: receiving a registration request sent by the terminal device; feeding back the registration request to the terminal device success message.

在一些实施例中，用于设备身份认证的装置包括处理器和存储有程序指令的存储器，所述处理器被配置为在执行所述程序指令时，执行前述实施例提供的用于设备身份认证的方法。In some embodiments, the apparatus for device identity authentication includes a processor and a memory storing program instructions, the processor is configured to, when executing the program instructions, execute the device identity authentication provided in the foregoing embodiments Methods.

在一些实施例中，智慧家庭系统包括云平台、终端设备和边缘计算节点，其中，In some embodiments, the smart home system includes a cloud platform, a terminal device, and an edge computing node, wherein,

所述云平台通过第一密钥对所述边缘计算节点的第二地址以及第一认证信息进行加密处理，获得第二加密地址以及第一加密认证信息；并通过第二密钥对所述终端设备的第一地址以及所述第二认证信息进行加密处理，获得第一加密地址以及第二加密认证信息；The cloud platform encrypts the second address and first authentication information of the edge computing node by using the first key to obtain the second encrypted address and the first encrypted authentication information; and uses the second key to encrypt the terminal The first address of the device and the second authentication information are encrypted to obtain the first encrypted address and the second encrypted authentication information;

所述云平台将所述第二加密地址以及所述第二加密认证信息发送至所述终端设备；The cloud platform sends the second encrypted address and the second encrypted authentication information to the terminal device;

所述云平台将所述第一加密地址以及所述第一加密认证信息发送至所述边缘计算节点；The cloud platform sends the first encrypted address and the first encrypted authentication information to the edge computing node;

所述终端设备根据所述第二加密地址向所述边缘计算节点发送所述第二加密认证信息；sending, by the terminal device, the second encrypted authentication information to the edge computing node according to the second encrypted address;

所述边缘计算节点根据所述第一加密地址向所述终端设备发送所述第一加密认证信息；sending, by the edge computing node, the first encrypted authentication information to the terminal device according to the first encrypted address;

所述终端设备根据所述第一加密认证信息以及所述云平台发送的第一认证信息对所述边缘计算节点进行认证；The terminal device authenticates the edge computing node according to the first encrypted authentication information and the first authentication information sent by the cloud platform;

所述边缘计算节点根据所述第二加密认证信息以及所述云平台发送的第二认证信息对所述终端设备进行认证。The edge computing node authenticates the terminal device according to the second encrypted authentication information and the second authentication information sent by the cloud platform.

本公开实施例提供的用于设备身份认证的方法、装置和智慧家庭系统，可以实现以下技术效果：The method, device, and smart home system for device identity authentication provided by the embodiments of the present disclosure can achieve the following technical effects:

云平台可在属于不同厂商的充当终端设备的智能设备和充当边缘计算节点的智能设备之间沟通认证信息，在终端设备和边缘计算节点均不向对方泄漏密钥的情况，仍可在终端设备和边缘计算节点之间的完成双向认证。The cloud platform can communicate authentication information between smart devices serving as terminal devices belonging to different manufacturers and smart devices serving as edge computing nodes. In the case that neither the terminal device nor the edge computing node leaks the key to the other party, it can still be used on the terminal device. Complete two-way authentication with edge computing nodes.

以上的总体描述和下文中的描述仅是示例性和解释性的，不用于限制本申请。The foregoing general description and the following description are exemplary and explanatory only and are not intended to limit the application.

附图说明Description of drawings

一个或一个以上实施例通过与之对应的附图进行示例性说明，这些示例性说明和附图并不构成对实施例的限定，附图中具有相同参考数字标号的元件视为类似的元件，并且其中：One or more embodiments are exemplified by the accompanying drawings, which do not constitute a limitation on the embodiments, and elements with the same reference numerals in the drawings are regarded as similar elements, and where:

图1是本公开实施例提供的一种智慧家庭系统的实施场景的示意图；FIG. 1 is a schematic diagram of an implementation scenario of a smart home system provided by an embodiment of the present disclosure;

图2是本公开实施例提供的一种用于设备身份认证的方法的示意图；2 is a schematic diagram of a method for device identity authentication provided by an embodiment of the present disclosure;

图3是本公开实施例提供的一种用于设备身份认证的方法的示意图；3 is a schematic diagram of a method for device identity authentication provided by an embodiment of the present disclosure;

图4是本公开实施例提供的一种用于设备身份认证的方法的示意图；4 is a schematic diagram of a method for device identity authentication provided by an embodiment of the present disclosure;

图5是本公开实施例提供的一种智慧家庭系统的示意图；5 is a schematic diagram of a smart home system provided by an embodiment of the present disclosure;

图6是本公开实施例提供的一种用于设备身份认证的装置的示意图。FIG. 6 is a schematic diagram of an apparatus for device identity authentication provided by an embodiment of the present disclosure.

具体实施方式Detailed ways

为了能够更加详尽地了解本公开实施例的特点与技术内容，下面结合附图对本公开实施例的实现进行详细阐述，所附附图仅供参考说明之用，并非用来限定本公开实施例。在以下的技术描述中，为方便解释起见，通过多个细节以提供对所披露实施例的充分理解。然而，在没有这些细节的情况下，一个或一个以上实施例仍然可以实施。在其它情况下，为简化附图，熟知的结构和装置可以简化展示。In order to understand the features and technical contents of the embodiments of the present disclosure in more detail, the implementation of the embodiments of the present disclosure will be described in detail below with reference to the accompanying drawings, which are for reference only and are not intended to limit the embodiments of the present disclosure. In the following technical description, for the convenience of explanation, numerous details are provided to provide a thorough understanding of the disclosed embodiments. However, one or more embodiments may be practiced without these details. In other instances, well-known structures and devices may be shown simplified in order to simplify the drawings.

本公开实施例的说明书和权利要求书及上述附图中的术语“第一”、“第二”等是用于区别类似的对象，而不必用于描述特定的顺序或先后次序。应该理解这样使用的数据在适当情况下可以互换，以便这里描述的本公开实施例的实施例。此外，术语“包括”和“具有”以及他们的任何变形，意图在于覆盖不排他的包含。The terms "first", "second" and the like in the description and claims of the embodiments of the present disclosure and the above-mentioned drawings are used to distinguish similar objects, and are not necessarily used to describe a specific order or sequence. It should be understood that the data so used may be interchanged under appropriate circumstances for the purposes of implementing the embodiments of the disclosure described herein. Furthermore, the terms "comprising" and "having", and any variations thereof, are intended to cover non-exclusive inclusion.

除非另有说明，术语“多个”表示两个或两个以上。Unless stated otherwise, the term "plurality" means two or more.

本公开实施例中，字符“/”表示前后对象是一种“或”的关系。例如，A/B表示：A或B。In this embodiment of the present disclosure, the character "/" indicates that the preceding and following objects are in an "or" relationship. For example, A/B means: A or B.

术语“和/或”是一种描述对象的关联关系，表示可以存在三种关系。例如，A和/或B，表示：A或B，或，A和B这三种关系。The term "and/or" is an associative relationship describing objects, indicating that three relationships can exist. For example, A and/or B, means: A or B, or, A and B three relationships.

图1是本公开实施例提供的一种智慧家庭系统的实施场景的示意图。如图1所示，智慧家庭系统包括家庭云平台11、终端设备13以及边缘计算节点12。FIG. 1 is a schematic diagram of an implementation scenario of a smart home system provided by an embodiment of the present disclosure. As shown in FIG. 1 , the smart home system includes ahome cloud platform 11 , aterminal device 13 and anedge computing node 12 .

其中，家庭云平台11指的是可以提供计算和存储的服务器，可以是一台服务器，也可以是多台服务器组成的服务器集群。Thehome cloud platform 11 refers to a server that can provide computing and storage, which may be one server or a server cluster composed of multiple servers.

终端设备13指的是智慧家庭应用场景中的智能设备，例如，终端设备13包括但不限于：智能冰箱、智能电视、智能洗衣机、智能空调、智能音箱、智能灯以及智能窗帘等。Theterminal device 13 refers to a smart device in a smart home application scenario. For example, theterminal device 13 includes, but is not limited to, smart refrigerators, smart TVs, smart washing machines, smart air conditioners, smart speakers, smart lights, and smart curtains.

边缘计算节点12指的是智慧家庭网络中具有较强计算能力和存储能力的设备，例如网关。随着智能设备的发展，一些智能设备也可作为这里的边缘计算节点12，例如，智能冰箱、智能电视、智能洗衣机等均可作为智慧家庭网络中的边缘计算节点12。Theedge computing node 12 refers to a device with strong computing capability and storage capability in the smart home network, such as a gateway. With the development of smart devices, some smart devices can also be used asedge computing nodes 12 here. For example, smart refrigerators, smart TVs, and smart washing machines can be used asedge computing nodes 12 in a smart home network.

图2是本公开实施例提供的一种用于设备身份认证的方法的示意图，本公开实施例以将该方法应用于云平进行示例性说明。结合图2所示，用于设备身份认证的方法包括：FIG. 2 is a schematic diagram of a method for device identity authentication provided by an embodiment of the present disclosure, and an embodiment of the present disclosure takes the method applied to Yunping for exemplary illustration. With reference to Figure 2, the method for device identity authentication includes:

S201、通过第一密钥对边缘计算节点的第二地址以及第一认证信息进行加密处理，获得第二加密地址以及第一加密认证信息；并通过第二密钥对终端设备的第一地址以及第二认证信息进行加密处理，获得第一加密地址以及第二加密认证信息。S201. Encrypt the second address and the first authentication information of the edge computing node by using the first key to obtain the second encrypted address and the first encrypted authentication information; and use the second key to encrypt the first address and the first authentication information of the terminal device. The second authentication information is encrypted to obtain the first encrypted address and the second encrypted authentication information.

其中，第一密钥可以是终端设备的密钥，第二密钥可以是边缘计算节点的密钥。The first key may be the key of the terminal device, and the second key may be the key of the edge computing node.

在一些应用场景中，当新的终端设备接入智慧家庭网络时，云平台执行上述步骤；或者，在新的边缘计算节点接入智慧家庭网络时，云平台执行上述步骤。In some application scenarios, when a new terminal device is connected to the smart home network, the cloud platform performs the above steps; or, when a new edge computing node is connected to the smart home network, the cloud platform performs the above steps.

在一些实际应用中，当云平台接收到终端设备或边缘计算节点发送的需要双向认证的认证请求时，执行上述步骤；或者，当云平台判断有新接入的终端设备或新的边缘计算节点时，执行上述步骤。In some practical applications, the above steps are performed when the cloud platform receives an authentication request sent by a terminal device or an edge computing node that requires two-way authentication; or, when the cloud platform determines that there is a newly connected terminal device or a new edge computing node , perform the above steps.

这里的第一认证信息和第二认证信息，可以是相同的，也可以是不同的；可针对不同的终端设备生成不同的第一认证信息，针对不同的边缘计算节点生成不同的第二认证信息；也可多个终端设备共用一个第一认证信息，多个边缘计算节点共用一个第二认证信息。The first authentication information and the second authentication information here may be the same or different; different first authentication information may be generated for different terminal devices, and different second authentication information may be generated for different edge computing nodes ; It is also possible that multiple terminal devices share one first authentication information, and multiple edge computing nodes share one second authentication information.

第一认证信息可以是一个字符串，第二认证信息可以是一个字符串。The first authentication information may be a character string, and the second authentication information may be a character string.

S202、将第二加密地址以及第二加密认证信息发送至终端设备，以使终端设备根据第二加密地址向边缘计算节点发送第二加密认证信息，边缘计算节点获得云平台发送的第二认证信息，并根据第二加密认证信息以及第二认证信息对终端设备进行认证。S202: Send the second encrypted address and the second encrypted authentication information to the terminal device, so that the terminal device sends the second encrypted authentication information to the edge computing node according to the second encrypted address, and the edge computing node obtains the second authentication information sent by the cloud platform , and authenticate the terminal device according to the second encrypted authentication information and the second authentication information.

在终端设备接收到第二加密地址后，可根据第一密钥解密第二加密地址，获得第二地址，再根据第二地址向边缘计算节点发送第二加密认证信息；边缘计算节点在接收到第二加密认证信息之后，根据第二密钥解密第二字符串，获得第二待验证字符串，边缘计算节点再获得云平台发送的第二认证信息，比对第二待验证字符串和第二认证信息，如果二者匹配，则终端设备通过认证。After the terminal device receives the second encrypted address, it can decrypt the second encrypted address according to the first key to obtain the second address, and then send the second encrypted authentication information to the edge computing node according to the second address; the edge computing node receives the second encrypted authentication information. After the second encrypted authentication information, decrypt the second string according to the second key to obtain the second to-be-verified string, and the edge computing node obtains the second authentication information sent by the cloud platform, and compares the second to-be-verified string with the first Two authentication information, if the two match, the terminal device passes the authentication.

可选地，在将第二加密地址以及第二加密认证信息发送至终端设备之后，用于设备身份认证的方法还包括：接收边缘计算节点发送的请求第二认证信息的第二请求信息，并根据云平台的第二公钥加密第二认证信息，获得第四加密认证信息，向边缘计算节点反馈第四加密认证信息。以使边缘计算节点根据第四加密认证信息获得第二认证信息。Optionally, after sending the second encrypted address and the second encrypted authentication information to the terminal device, the method for device identity authentication further includes: receiving second request information sent by the edge computing node for requesting the second authentication information, and The second authentication information is encrypted according to the second public key of the cloud platform, the fourth encrypted authentication information is obtained, and the fourth encrypted authentication information is fed back to the edge computing node. So that the edge computing node obtains the second authentication information according to the fourth encrypted authentication information.

S203、将第一加密地址以及第一加密认证信息发送至边缘计算节点，以使边缘计算节点根据第一加密地址向终端设备发送的第一加密认证信息，终端设备获得云平台发送的第一认证信息，并根据第一加密认证信息以及第一认证信息对边缘计算节点进行认证。S203. Send the first encrypted address and the first encrypted authentication information to the edge computing node, so that the edge computing node sends the first encrypted authentication information to the terminal device according to the first encrypted address, and the terminal device obtains the first authentication sent by the cloud platform. information, and authenticate the edge computing node according to the first encrypted authentication information and the first authentication information.

在边缘计算节点接收到第一加密地址后，可根据第二密钥解密第一加密地址，获得第一地址，再根据第一地址向终端设备发送第一加密认证信息；终端设备在接收到第一加密认证信息之后，根据第一密钥解密第一加密认证信息，获得第一待验证字符串，终端设备再获得云平台发送的第一认证信息，比对第一待验证字符串和第一认证信息，如果二者匹配，则边缘计算节点通过认证。After receiving the first encrypted address, the edge computing node can decrypt the first encrypted address according to the second key to obtain the first address, and then send the first encrypted authentication information to the terminal device according to the first address; After encrypting the authentication information, decrypt the first encrypted authentication information according to the first key to obtain the first string to be verified, and the terminal device obtains the first authentication information sent by the cloud platform, and compares the first string to be verified with the first string to be verified. Authentication information, if the two match, the edge computing node passes the authentication.

可选地，在将第一加密地址以及第一加密认证信息发送至边缘计算节点之后，用于设备身份认证的方法还包括：接收终端设备发送的请求第一认证信息的第一请求信息，并根据云平台的第一公钥加密第一认证信息，获得第三加密认证信息，向终端设备反馈第三加密认证信息。以使终端设备根据第三加密认证信息获得第一认证信息。其中，云平台的第一公钥和第二公钥可以是相同的公钥，也可以是不同的公钥。Optionally, after sending the first encrypted address and the first encrypted authentication information to the edge computing node, the method for device identity authentication further includes: receiving first request information sent by the terminal device for requesting the first authentication information, and The first authentication information is encrypted according to the first public key of the cloud platform, the third encrypted authentication information is obtained, and the third encrypted authentication information is fed back to the terminal device. So that the terminal device obtains the first authentication information according to the third encrypted authentication information. The first public key and the second public key of the cloud platform may be the same public key, or may be different public keys.

在前述步骤中，云平台可在属于不同厂商的充当终端设备的智能设备和充当边缘计算节点的智能设备之间沟通认证信息，在终端设备和边缘计算节点均不向对方泄漏密钥的情况，仍可在终端设备和边缘计算节点之间的完成双向认证。In the preceding steps, the cloud platform can communicate authentication information between the smart devices serving as terminal devices and the smart devices serving as edge computing nodes belonging to different manufacturers. Two-way authentication can still be done between end devices and edge computing nodes.

图3是本公开实施例提供的一种用于设备身份认证的方法的示意图，本公开实施例以将该方法应用于终端设备进行示例性说明。结合图3所示，用于设备身份认证的方法包括：FIG. 3 is a schematic diagram of a method for device identity authentication provided by an embodiment of the present disclosure, and an embodiment of the present disclosure takes the method applied to a terminal device for exemplary illustration. With reference to Figure 3, the method for device identity authentication includes:

S301、当接收到云平台发送的第二加密地址和第二加密认证信息时，根据第二加密地址向边缘计算节点发送第二加密认证信息，以使边缘计算节点根据第二加密认证信息以及云平台发送的第二认证信息对终端设备进行认证。S301. When receiving the second encrypted address and the second encrypted authentication information sent by the cloud platform, send the second encrypted authentication information to the edge computing node according to the second encrypted address, so that the edge computing node can use the second encrypted authentication information and the cloud The second authentication information sent by the platform authenticates the terminal device.

其中，第二加密地址是云平台通过终端设备的第一密钥加密边缘计算节点的第二地址获得的，第二加密认证信息是云平台通过边缘计算节点的第二密钥加密第二认证信息获得的。The second encrypted address is obtained by the cloud platform by encrypting the second address of the edge computing node with the first key of the terminal device, and the second encrypted authentication information is obtained by the cloud platform encrypting the second authentication information with the second key of the edge computing node acquired.

边缘计算节点接收到第二加密认证信息后，根据第二密钥解密第二加密认证信息，获得第二待验证字符串，如果第二认证信息和第二待验证字符串匹配，则终端设备通过认证。After receiving the second encrypted authentication information, the edge computing node decrypts the second encrypted authentication information according to the second key, and obtains the second character string to be verified. If the second authentication information matches the second character string to be verified, the terminal device passes the Certification.

可选地，根据第二加密地址向边缘计算节点发送第二加密认证信息，包括：根据第一密钥解密第二加密地址，获得第二地址；根据第二地址向边缘计算节点发送第二加密认证信息。Optionally, sending the second encrypted authentication information to the edge computing node according to the second encrypted address includes: decrypting the second encrypted address according to the first key to obtain the second address; sending the second encrypted authentication information to the edge computing node according to the second address Certification Information.

S302、当接收到边缘计算节点发送的第一加密认证信息，以及云平台发送的第一认证信息时，根据第一加密认证信息以及第一认证信息对边缘计算节点进行认证。S302. When receiving the first encrypted authentication information sent by the edge computing node and the first authentication information sent by the cloud platform, authenticate the edge computing node according to the first encrypted authentication information and the first authentication information.

其中，第一加密认证信息是云平台通过终端设备的第一密钥加密第一认证信息获得的。The first encrypted authentication information is obtained by the cloud platform by encrypting the first authentication information with the first key of the terminal device.

可选地，根据第一加密认证信息以及第一认证信息对边缘计算节点进行认证，包括：根据第二密钥解密第一加密认证信息，获得第一待认证信息；如果第一认证信息和第一待认证信息匹配，则边缘计算节点通过认证。Optionally, authenticating the edge computing node according to the first encrypted authentication information and the first authentication information includes: decrypting the first encrypted authentication information according to the second key to obtain the first information to be authenticated; if the first authentication information and the first authentication information are Once the authentication information matches, the edge computing node passes the authentication.

在一些实际应用中，终端设备可在获得第一加密认证信息之前，向云平台请求第一认证信息，也可在获得第一加密认证信息之后，再向云平台请求第一认证信息。In some practical applications, the terminal device may request the first authentication information from the cloud platform before obtaining the first encrypted authentication information, or may request the first authentication information from the cloud platform after obtaining the first encrypted authentication information.

其中，终端设备向云平台请求第一认证信息，可包括：向云平台发送请求第一认证信息的第一请求信息；接收云平台发送的与第一请求信息对应的第三加密认证信息；根据云平台的第一公钥解密第三加密认证信息，获得第一认证信息。云平台接收到第一请求信息后，根据云平台的第一公钥加密第一认证信息，获得第三加密认证信息，再向终端设备反馈第三加密认证信息；云平台也可预先根据云平台的第一公钥加密第一认证信息，获得第三加密认证信息，在接收到第一请求信息，再向边缘计算节点反馈第三加密认证信息。Wherein, the terminal device requesting the first authentication information from the cloud platform may include: sending first request information requesting the first authentication information to the cloud platform; receiving third encrypted authentication information corresponding to the first request information sent by the cloud platform; The first public key of the cloud platform decrypts the third encrypted authentication information to obtain the first authentication information. After the cloud platform receives the first request information, it encrypts the first authentication information according to the first public key of the cloud platform, obtains the third encrypted authentication information, and then feeds back the third encrypted authentication information to the terminal device; The first public key of the device encrypts the first authentication information to obtain the third encrypted authentication information, and after receiving the first request information, the third encrypted authentication information is fed back to the edge computing node.

通过前述步骤，边缘计算节点和终端设备可完成双向认证，在完成双向认证之后，即，在确定边缘计算节点通过认证，且终端设备通过认证后，可将终端设备注册在边缘计算节点上，注册过程可包括：向边缘计算节点发送注册请求，接收边缘计算节点反馈的注册成功消息。Through the foregoing steps, the edge computing node and the terminal device can complete the two-way authentication. After the two-way authentication is completed, that is, after it is determined that the edge computing node has passed the certification and the terminal device has passed the certification, the terminal device can be registered on the edge computing node. The process may include: sending a registration request to the edge computing node, and receiving a registration success message fed back by the edge computing node.

图4是本公开实施例提供的一种用于设备身份认证的方法的示意图，本公开实施例以将该方法应用于边缘计算节点进行示例性说明。结合图4所示，用于设备身份认证的方法包括：FIG. 4 is a schematic diagram of a method for device identity authentication provided by an embodiment of the present disclosure, and an embodiment of the present disclosure uses the method for an edge computing node for exemplary illustration. With reference to Figure 4, the method for device identity authentication includes:

S401、当接收到云平台发送的第一加密地址和第一加密认证信息时，根据第一加密地址向终端设备发送第一加密认证信息，以使终端设备根据第一加密认证信息以及云平台发送的第一认证信息对边缘计算节点进行认证。S401. When receiving the first encrypted address and the first encrypted authentication information sent by the cloud platform, send the first encrypted authentication information to the terminal device according to the first encrypted address, so that the terminal device sends the first encrypted authentication information and the first encrypted authentication information according to the first encrypted authentication information and the cloud platform. The first authentication information of the edge computing node is authenticated.

其中，第一加密地址是云平台通过边缘计算节点的第二密钥加密终端设备的第一地址获得的，第一加密认证信息是云平台通过终端设备的第一密钥加密第一认证信息获得的。The first encrypted address is obtained by the cloud platform by encrypting the first address of the terminal device with the second key of the edge computing node, and the first encrypted authentication information is obtained by the cloud platform by encrypting the first authentication information with the first key of the terminal device of.

终端设备接收到第一加密认证信息后，根据第一密钥解密第一加密认证信息，获得第一待验证字符串，如果第一认证信息和第一待解密字符串匹配，则边缘计算节点通过认证。After receiving the first encrypted authentication information, the terminal device decrypts the first encrypted authentication information according to the first key, and obtains the first character string to be verified. If the first authentication information matches the first character string to be decrypted, the edge computing node passes the Certification.

可选地，根据第一加密地址向终端设备发送第一加密认证信息，包括：根据第一密钥解密第一加密地址，获得第一地址；根据第一地址向终端设备发送第一加密认证信息。Optionally, sending the first encrypted authentication information to the terminal device according to the first encrypted address includes: decrypting the first encrypted address according to the first key to obtain the first address; sending the first encrypted authentication information to the terminal device according to the first address .

S402、当接收到终端设备发送的第二加密认证信息，以及云平台发送的第二认证信息时，根据第二加密认证信息以及第二认证信息对终端设备进行认证。S402. When receiving the second encrypted authentication information sent by the terminal device and the second authentication information sent by the cloud platform, authenticate the terminal device according to the second encrypted authentication information and the second authentication information.

其中，第二加密认证信息是云平台通过边缘计算节点的第二密钥加密第二认证信息获得的。The second encrypted authentication information is obtained by the cloud platform by encrypting the second authentication information with the second key of the edge computing node.

可选地，根据第二加密认证信息以及第二认证信息对终端设备进行认证，包括：根据第二密钥解密第二加密认证信息，获得第二待认证信息；如果第二认证信息和第二待认证信息匹配，则终端设备通过认证。Optionally, authenticating the terminal device according to the second encrypted authentication information and the second authentication information includes: decrypting the second encrypted authentication information according to the second key to obtain the second information to be authenticated; if the second authentication information and the second authentication information are If the authentication information matches, the terminal device passes the authentication.

在一些实际应用中，边缘计算节点可在获得第二加密认证信息之前，向云平台请求第二认证信息，也可在获得第二加密认证信息之后，再向云平台请求第二认证信息。In some practical applications, the edge computing node may request the second authentication information from the cloud platform before obtaining the second encrypted authentication information, or may request the second authentication information from the cloud platform after obtaining the second encrypted authentication information.

其中，边缘计算节点请求第二认证信息，可包括：向云平台发送请求第二认证信息的第二请求信息；接收云平台发送的与第二请求信息对应的第四加密认证信息；根据云平台的第二公钥解密第四加密认证信息，获得第二认证信息。云平台接收到第二请求信息后，根据云平台的第二公钥加密第二认证信息，获得第四加密认证信息，再向边缘计算节点反馈第四加密认证信息；云平台也可预先根据云平台的第二公钥加密第二认证信息，获得第四加密认证信息，在接收到第二请求信息后，向边缘计算节点反馈第四加密认证信息。Wherein, requesting the second authentication information by the edge computing node may include: sending second request information requesting the second authentication information to the cloud platform; receiving fourth encrypted authentication information corresponding to the second request information sent by the cloud platform; The second public key decrypts the fourth encrypted authentication information to obtain the second authentication information. After the cloud platform receives the second request information, it encrypts the second authentication information according to the second public key of the cloud platform, obtains the fourth encrypted authentication information, and then feeds back the fourth encrypted authentication information to the edge computing node; The second public key of the platform encrypts the second authentication information, obtains fourth encrypted authentication information, and after receiving the second request information, feeds back the fourth encrypted authentication information to the edge computing node.

通过前述步骤，边缘计算节点和终端设备可完成双向认证，在完成双向认证后，即，在确定终端设备通过认证，且边缘计算节点通过认证之后，可将终端设备注册在边缘计算节点上，注册过程可包括：接收终端设备发送的注册请求；向终端设备反馈注册成功消息。Through the foregoing steps, the edge computing node and the terminal device can complete the two-way authentication. After the two-way authentication is completed, that is, after it is determined that the terminal device has passed the certification and the edge computing node has passed the certification, the terminal device can be registered on the edge computing node. The process may include: receiving a registration request sent by the terminal device; and feeding back a registration success message to the terminal device.

图5是本公开实施例提供的一种智慧家庭系统的示意图。该智慧家庭系统包括云平台、终端设备和边缘计算节点，本公开实施例在云平台、终端设备和边缘计算节点的交互的方面对前述用于设备身份认证的方法进行示例性说明，如图5所示，FIG. 5 is a schematic diagram of a smart home system provided by an embodiment of the present disclosure. The smart home system includes a cloud platform, a terminal device, and an edge computing node. The embodiments of the present disclosure exemplarily illustrate the aforementioned method for device identity authentication in terms of interaction between the cloud platform, the terminal device, and the edge computing node, as shown in FIG. 5 . shown,

S501、云平台通过第一密钥对边缘计算节点的第二地址以及第一认证信息进行加密处理，获得第二加密地址以及第一加密认证信息；并通过第二密钥对终端设备的第一地址以及第二认证信息进行加密处理，获得第一加密地址以及第二加密认证信息。S501. The cloud platform encrypts the second address and the first authentication information of the edge computing node by using the first key to obtain the second encrypted address and the first encrypted authentication information; and uses the second key to encrypt the first address of the terminal device. The address and the second authentication information are encrypted to obtain the first encrypted address and the second encrypted authentication information.

上述步骤4个小步骤：通过第一密钥加密第二地址，通过第一密钥加密第一字符串，通过第二密钥加密第一地址，通过第二密钥加密第二字符串；该4个小步骤在顺序上的任意组合，均属于本公开实施例的保护范围。The above steps are four small steps: encrypt the second address with the first key, encrypt the first string with the first key, encrypt the first address with the second key, and encrypt the second string with the second key; the Any combination of the four small steps in order falls within the protection scope of the embodiments of the present disclosure.

S502、云平台将第二加密地址以及第二加密认证信息发送至终端设备。S502: The cloud platform sends the second encrypted address and the second encrypted authentication information to the terminal device.

S503、云平台将第一加密地址以及第一加密认证信息发送至边缘计算节点。S503: The cloud platform sends the first encrypted address and the first encrypted authentication information to the edge computing node.

其中，S502和S503没有既定的先后顺序，也可先执行S503，再执行S502。Wherein, S502 and S503 do not have a predetermined sequence, and S503 may be performed first, and then S502 may be performed.

S504、终端设备根据第二加密地址向边缘计算节点发送第二加密认证信息。S504: The terminal device sends the second encrypted authentication information to the edge computing node according to the second encrypted address.

S505、边缘计算节点根据第一加密地址向终端设备发送第一加密认证信息。S505. The edge computing node sends the first encrypted authentication information to the terminal device according to the first encrypted address.

其中，S504和S505没有既定的先后顺序，也可先执行S505，再执行S504。Wherein, S504 and S505 do not have a predetermined sequence, and S505 may also be performed first, and then S504 may be performed.

S506、终端设备根据第一加密认证信息以及云平台发送的第一认证信息对边缘计算节点进行认证。S506, the terminal device authenticates the edge computing node according to the first encrypted authentication information and the first authentication information sent by the cloud platform.

S507、边缘计算节点根据第二加密认证信息以及云平台发送的第二认证信息对终端设备进行认证。S507. The edge computing node authenticates the terminal device according to the second encrypted authentication information and the second authentication information sent by the cloud platform.

其中，S506和S507没有既定的先后顺序，也可先执行S507，再执行S506。Wherein, S506 and S507 do not have a predetermined sequence, and S507 may be performed first, and then S506 may be performed.

结合图6所示，用于设备身份认证的装置包括：With reference to Figure 6, the device for device identity authentication includes:

处理器(processor)61和存储器(memory)62，还可以包括通信接口(Communication Interface)63和总线64。其中，处理器61、通信接口63、存储器62可以通过总线64完成相互间的通信。通信接口63可以用于信息传输。处理器61可以调用存储器62中的逻辑指令，以执行前述实施例提供的用于设备身份认证的方法。A processor (processor) 61 and a memory (memory) 62 may also include a communication interface (Communication Interface) 63 and abus 64 . Theprocessor 61 , thecommunication interface 63 , and thememory 62 can communicate with each other through thebus 64 . Thecommunication interface 63 may be used for information transmission. Theprocessor 61 may invoke the logic instructions in thememory 62 to execute the method for device identity authentication provided in the foregoing embodiments.

此外，上述的存储器62中的逻辑指令可以通过软件功能单元的形式实现并作为独立的产品销售或使用时，可以存储在一个计算机可读取存储介质中。In addition, the above-mentioned logic instructions in thememory 62 can be implemented in the form of software functional units and can be stored in a computer-readable storage medium when sold or used as an independent product.

存储器62作为一种计算机可读存储介质，可用于存储软件程序、计算机可执行程序，如本公开实施例中的方法对应的程序指令/模块。处理器61通过运行存储在存储器62中的软件程序、指令以及模块，从而执行功能应用以及数据处理，即实现上述方法实施例中的方法。As a computer-readable storage medium, thememory 62 can be used to store software programs and computer-executable programs, such as program instructions/modules corresponding to the methods in the embodiments of the present disclosure. Theprocessor 61 executes functional applications and data processing by running the software programs, instructions and modules stored in thememory 62, that is, to implement the methods in the above method embodiments.

存储器62可包括存储程序区和存储数据区，其中，存储程序区可存储操作系统、至少一个功能所需的应用程序；存储数据区可存储根据终端设备的使用所创建的数据等。此外，存储器62可以包括高速随机存取存储器，还可以包括非易失性存储器。Thememory 62 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created according to the use of the terminal device, and the like. Additionally,memory 62 may include high-speed random access memory, and may also include non-volatile memory.

本公开实施例提供了一种计算机可读存储介质，存储有计算机可执行指令，计算机可执行指令设置为执行前述实施例提供的用于设备身份认证的方法。Embodiments of the present disclosure provide a computer-readable storage medium storing computer-executable instructions, where the computer-executable instructions are configured to execute the method for device identity authentication provided by the foregoing embodiments.

本公开实施例提供了一种计算机程序产品，计算机程序产品包括存储在计算机可读存储介质上的计算机程序，计算机程序包括程序指令，当程序指令被计算机执行时，使计算机执行前述实施例提供的用于设备身份认证的方法。Embodiments of the present disclosure provide a computer program product. The computer program product includes a computer program stored on a computer-readable storage medium. The computer program includes program instructions. When the program instructions are executed by a computer, the computer is made to execute the program provided by the foregoing embodiments. The method used for device authentication.

上述的计算机可读存储介质可以是暂态计算机可读存储介质，也可以是非暂态计算机可读存储介质。The above-mentioned computer-readable storage medium may be a transient computer-readable storage medium, and may also be a non-transitory computer-readable storage medium.

本公开实施例的技术方案可以以软件产品的形式体现出来，该计算机软件产品存储在一个存储介质中，包括一个或一个以上指令用以使得一台计算机设备(可以是个人计算机，服务器，或者网络设备等)执行本公开实施例中方法的全部或部分步骤。而前述的存储介质可以是非暂态存储介质，包括：U盘、移动硬盘、只读存储器(Read-Only Memory，ROM)、随机读取存储器(Random Access Memory，RAM)、磁碟或者光盘等多种可以存储程序代码的介质，也可以是暂态存储介质。The technical solutions of the embodiments of the present disclosure may be embodied in the form of software products, and the computer software products are stored in a storage medium and include one or more instructions to enable a computer device (which may be a personal computer, a server, or a network equipment, etc.) to execute all or part of the steps of the methods in the embodiments of the present disclosure. The aforementioned storage medium may be a non-transitory storage medium, including: U disk, removable hard disk, read-only memory (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic disk or optical disk, etc. A medium that can store program codes, and can also be a transient storage medium.

以上描述和附图充分地示出了本公开的实施例，以使本领域的技术人员能够实践它们。其他实施例可以包括结构的、逻辑的、电气的、过程的以及其他的改变。实施例仅代表可能的变化。除非明确要求，否则单独的部件和功能是可选的，并且操作的顺序可以变化。一些实施例的部分和特征可以被包括在或替换其他实施例的部分和特征。而且，本申请中使用的用词仅用于描述实施例并且不用于限制权利要求。如在实施例以及权利要求的描述中使用的，除非上下文清楚地表明，否则单数形式的“一个”(a)、“一个”(an)和“所述”(the)旨在同样包括复数形式。另外，当用于本申请中时，术语“包括”(comprise)及其变型“包括”(comprises)和/或包括(comprising)等指陈述的特征、整体、步骤、操作、元素，和/或组件的存在，但不排除一个或一个以上其它特征、整体、步骤、操作、元素、组件和/或这些的分组的存在或添加。在没有更多限制的情况下，由语句“包括一个……”限定的要素，并不排除在包括要素的过程、方法或者设备中还存在另外的相同要素。本文中，每个实施例重点说明的可以是与其他实施例的不同之处，各个实施例之间相同相似部分可以互相参见。对于实施例公开的方法、产品等而言，如果其与实施例公开的方法部分相对应，那么相关之处可以参见方法部分的描述。The foregoing description and drawings sufficiently illustrate the embodiments of the present disclosure to enable those skilled in the art to practice them. Other embodiments may include structural, logical, electrical, process, and other changes. The examples are only representative of possible variations. Unless expressly required, individual components and functions are optional and the order of operations may vary. Portions and features of some embodiments may be included in or substituted for those of other embodiments. Also, the terms used in this application are used to describe the embodiments only and not to limit the claims. As used in the description of the embodiments and the claims, the singular forms "a" (a), "an" (an) and "the" (the) are intended to include the plural forms as well, unless the context clearly dictates otherwise. . Additionally, when used in this application, the term "comprise" and its variations "comprises" and/or including and/or the like refer to stated features, integers, steps, operations, elements, and/or The presence of a component does not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components and/or groupings of these. Without further limitation, an element qualified by the phrase "comprising a..." does not preclude the presence of additional identical elements in the process, method, or device that includes the element. Herein, each embodiment may focus on the differences from other embodiments, and the same and similar parts between the various embodiments may refer to each other. For the methods, products, etc. disclosed in the embodiments, if they correspond to the method section disclosed in the embodiments, reference may be made to the description of the method section for relevant parts.

本领域技术人员可以意识到，结合本文中所公开的实施例描述的各示例的单元及算法步骤，能够以电子硬件、或者计算机软件和电子硬件的结合来实现。这些功能究竟以硬件还是软件方式来执行，可以取决于技术方案的特定应用和设计约束条件。技术人员可以对每个特定的应用来使用不同方法以实现所描述的功能，但是这种实现不应认为超出本公开实施例的范围。技术人员可以清楚地了解到，为描述的方便和简洁，上述描述的系统、装置和单元的具体工作过程，可以参考前述方法实施例中的对应过程，在此不再赘述。Those skilled in the art can realize that the units and algorithm steps of each example described in conjunction with the embodiments disclosed herein can be implemented by electronic hardware, or a combination of computer software and electronic hardware. Whether these functions are performed in hardware or software may depend on the specific application and design constraints of the technical solution. Skilled artisans may use different methods for implementing the described functionality for each particular application, but such implementations should not be considered beyond the scope of the disclosed embodiments. A skilled person can clearly understand that, for the convenience and brevity of description, for the specific working process of the above-described systems, devices and units, reference may be made to the corresponding processes in the foregoing method embodiments, which will not be repeated here.

本文所披露的实施例中，所揭露的方法、产品(包括但不限于装置、设备等)，可以通过其它的方式实现。例如，以上所描述的装置实施例仅仅是示意性的，例如，单元的划分，可以仅仅为一种逻辑功能划分，实际实现时可以有另外的划分方式，例如多个单元或组件可以结合或者可以集成到另一个系统，或一些特征可以忽略，或不执行。另外，所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口，装置或单元的间接耦合或通信连接，可以是电性，机械或其它的形式。作为分离部件说明的单元可以是或者也可以不是物理上分开的，作为单元显示的部件可以是或者也可以不是物理单元，即可以位于一个地方，或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例。另外，在本公开实施例中的各功能单元可以集成在一个处理单元中，也可以是各个单元单独物理存在，也可以两个或两个以上单元集成在一个单元中。In the embodiments disclosed herein, the disclosed methods and products (including but not limited to apparatuses, devices, etc.) may be implemented in other ways. For example, the apparatus embodiments described above are only illustrative. For example, the division of units may only be a logical function division. In actual implementation, there may be other division methods. For example, multiple units or components may be combined or may be Integration into another system, or some features can be ignored, or not implemented. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be through some interfaces, indirect coupling or communication connection of devices or units, and may be in electrical, mechanical or other forms. Units described as separate components may or may not be physically separated, and components shown as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. This embodiment may be implemented by selecting some or all of the units according to actual needs. In addition, each functional unit in the embodiment of the present disclosure may be integrated into one processing unit, or each unit may exist physically alone, or two or more units may be integrated into one unit.

附图中的流程图和框图显示了根据本公开实施例的系统、方法和计算机程序产品的可能实现的体系架构、功能和操作。在这点上，流程图或框图中的每个方框可以代表一个模块、程序段或代码的一部分，模块、程序段或代码的一部分包含一个或一个以上用于实现规定的逻辑功能的可执行指令。在有些作为替换的实现中，方框中所标注的功能也可以以不同于附图中所标注的顺序发生。例如，两个连续的方框实际上可以基本并行地执行，它们有时也可以按相反的顺序执行，这可以依所涉及的功能而定。框图和/或流程图中的每个方框、以及框图和/或流程图中的方框的组合，可以用执行规定的功能或动作的专用的基于硬件的系统来实现，或者可以用专用硬件与计算机指令的组合来实现。The flowchart and block diagrams in the Figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executables for implementing the specified logical function(s) instruction. In some alternative implementations, the functions noted in the blocks may occur out of the order noted in the figures. For example, two blocks in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. Each block of the block diagrams and/or flowchart illustrations, and combinations of blocks in the block diagrams and/or flowchart illustrations, can be implemented in special purpose hardware-based systems that perform the specified functions or actions, or special purpose hardware implemented in combination with computer instructions.