A method and system for cloud-edge secure communication

By establishing information exchange and secure connections in the cloud-edge communication system, the problems of low efficiency and poor accuracy in existing technologies are solved, realizing intelligent and convenient cloud-edge secure communication, improving communication efficiency and accuracy, and enhancing security and reliability.

CN115834583BActive Publication Date: 2026-06-09SHENZHEN COMTOP INFORMATION TECH

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
SHENZHEN COMTOP INFORMATION TECH
Filing Date
2022-11-23
Publication Date
2026-06-09

AI Technical Summary

Technical Problem

Existing cloud-edge communication methods suffer from low efficiency and poor accuracy, especially since human intervention is required during the authentication and authorization process at edge nodes, resulting in insufficient scalability and flexibility.

Method used

By exchanging information between the first and second operating terminals, a secure connection is established based on the interaction results, including identifier verification, transmission attribute configuration, and real-time monitoring, to achieve intelligent and convenient cloud-edge secure communication.

Benefits of technology

It improves the efficiency and accuracy of cloud-edge communication, enhances the security and reliability of message transmission, and thus improves the scalability and flexibility of cloud-edge communication.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN115834583B_ABST
    Figure CN115834583B_ABST
Patent Text Reader

Abstract

The application discloses a cloud-edge secure communication method and system, the method is applied to a cloud-edge secure communication system, the system comprises a first running end and a second running end, and the method comprises the following steps: the first running end receives first cloud-edge communication demand information sent by the second running end; the first running end performs information interaction operation with the second running end according to the first running communication demand information, and obtains an information interaction result; and the second running end establishes a secure connection with the first running end according to the information interaction result, so as to realize cloud-edge secure communication. It can be seen that the information interaction result can be obtained according to the information interaction operation of the first running end and the second running end, the secure connection of the first running end and the second running end is established according to the information interaction result, the cloud-edge secure communication is realized intelligently and conveniently, the cloud-edge communication efficiency and accuracy are improved, and then the transmission security, reliability and efficiency of the cloud-edge message are improved, so that the expansibility and flexibility of the cloud-edge communication are improved.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of Internet communication technology, and in particular to a method and system for secure cloud-edge communication. Background Technology

[0002] With the rapid development of internet technology and enterprises' pursuit of high R&D efficiency and low operation and maintenance costs, cloud-edge communication has emerged. Currently, the main methods for cloud-edge communication are SSL / TLS encrypted transmission and client certificates configured through edge nodes. However, the authentication and authorization of cloud services by edge nodes requires subjective analysis and manual certificate copying by staff. This necessitates constant monitoring and verification of certificate copying needs, resulting in significant manpower and resource consumption, poor scalability and flexibility. Clearly, existing cloud-edge communication methods suffer from low efficiency and accuracy. Therefore, providing a new cloud-edge communication method to improve efficiency and accuracy is of paramount importance. Summary of the Invention

[0003] The technical problem to be solved by the present invention is to provide a method and system for secure cloud-edge communication, which can improve the efficiency and accuracy of cloud-edge communication.

[0004] To address the aforementioned technical problems, the first aspect of this invention discloses a method for secure cloud-edge communication, the method being applied to a secure cloud-edge communication system, the secure cloud-edge communication system comprising a first operating terminal and a second operating terminal, the method comprising:

[0005] The first operating terminal receives the first cloud-edge communication request information sent by the second operating terminal;

[0006] The first operating terminal performs an information interaction operation with the second operating terminal based on the first operating communication requirement information, and obtains the information interaction result;

[0007] The second operating terminal establishes a secure connection with the first operating terminal based on the information interaction results to achieve secure cloud-edge communication.

[0008] As an optional implementation, in the first aspect of the present invention, the first operating terminal performs an information interaction operation with the second operating terminal based on the first operating communication requirement information to obtain an information interaction result, including:

[0009] The first operating terminal determines the first cloud-edge communication identifier corresponding to the first operating communication requirement information and sends the first cloud-edge communication identifier to the second operating terminal to trigger the second operating terminal to determine whether the first cloud-edge communication identifier meets the preset first cloud-edge secure communication conditions and send the second cloud-edge communication requirement information to the first operating terminal when the determination result is yes.

[0010] The first operating terminal determines whether the second operating terminal meets the preset second cloud-edge secure communication conditions based on the received second cloud-edge communication requirement information;

[0011] When it is determined that the second operating terminal meets the second cloud-edge secure communication conditions, the first operating terminal determines the second cloud-edge communication identifier corresponding to the second cloud-edge communication requirement information, determines the information interaction result based on the second cloud-edge communication identifier and the first cloud-edge communication identifier, and sends the second cloud-edge communication identifier to the second operating terminal to trigger the second operating terminal to determine the information interaction result based on the received second cloud-edge communication identifier and the first cloud-edge communication identifier.

[0012] As an optional implementation, in the first aspect of the present invention, the second operating terminal determines whether the first cloud-edge communication identifier meets the preset first cloud-edge secure communication conditions, including:

[0013] The second operating terminal determines the verification matching degree between the first cloud-edge communication identifier and the set identifier generation parameter conditions, and determines whether the verification matching degree is greater than or equal to the preset verification matching degree threshold.

[0014] When it is determined that the verification matching degree is greater than or equal to the verification matching degree threshold, the second running terminal determines that the first cloud-edge communication identifier meets the preset first cloud-edge secure communication condition.

[0015] When it is determined that the verification matching degree is less than the verification matching degree threshold, the second running terminal determines that the first cloud-edge communication identifier does not meet the preset first cloud-edge secure communication conditions.

[0016] As an optional implementation, in the first aspect of the present invention, the first operating terminal determines whether the second operating terminal meets the preset second cloud-edge secure communication conditions based on the received second cloud-edge communication requirement information, including:

[0017] The first operating terminal determines the first transmission attribute configuration information corresponding to the received second cloud-edge communication requirement information and the set configuration parsing conditions, and determines the correlation matching degree between the first transmission attribute configuration information and the set attribute configuration conditions.

[0018] The first running terminal determines whether the association matching degree is greater than or equal to a preset association matching degree threshold;

[0019] When it is determined that the association matching degree is greater than or equal to the association matching degree threshold, the first running terminal determines that the second running terminal meets the preset second cloud-edge secure communication conditions.

[0020] When it is determined that the association matching degree is less than the association matching degree threshold, the first running terminal determines that the second running terminal does not meet the preset second cloud-edge secure communication conditions.

[0021] As an optional implementation, in a first aspect of the present invention, the first operating terminal determines the first cloud-edge communication identifier corresponding to the first operating communication requirement information, including:

[0022] The first operating terminal determines the operating communication requirement conditions corresponding to the first operating communication requirement information, and determines whether there is a first target certificate identifier in the pre-built identifier repository that meets the operating communication requirement conditions;

[0023] When it is determined that the first target certificate identifier exists in the identifier repository, the first running terminal filters out the first target certificate identifier from the identifier repository and determines the first target certificate identifier as the first cloud-edge communication identifier corresponding to the first running communication requirement information;

[0024] When it is determined that the first target certificate identifier does not exist in the identifier repository, the first running terminal determines the target identifier configuration information based on the first running communication requirement information and the set identifier configuration generation conditions; obtains the running communication basic attribute information, and generates the second target certificate identifier based on the running communication basic attribute information, the target identifier configuration information and the set communication identifier generation conditions; and determines the second target certificate identifier as the first cloud-edge communication identifier corresponding to the first running communication requirement information.

[0025] As an optional implementation, in the first aspect of the present invention, before the first operating terminal sends the second cloud-edge communication identifier to the second operating terminal, the method further includes:

[0026] The first operating terminal determines the transmission configuration identifier corresponding to the second transmission attribute configuration information based on the second transmission attribute configuration information that matches the second cloud-edge communication identifier, and monitors the real-time operating status corresponding to the transmission configuration identifier;

[0027] The first operating terminal determines whether the transmission configuration identifier meets the preset valid operating conditions based on the real-time operating status and the second transmission attribute configuration information;

[0028] When it is determined that the transmission configuration identifier meets the valid operating conditions, the first operating terminal performs the operation of sending the second cloud-edge communication identifier to the second operating terminal;

[0029] When it is determined that the transmission configuration identifier does not meet the valid operating conditions, the first operating terminal updates the second transmission attribute configuration information according to the valid operating conditions and the real-time operating status, and sends the second cloud-edge communication identifier to the second operating terminal based on the updated second transmission attribute configuration information.

[0030] As an optional implementation, in the first aspect of the present invention, before the first operating terminal monitors the real-time operating status corresponding to the transmission configuration identifier, the method further includes:

[0031] The first running terminal obtains special configuration requirement information and determines special configuration attribute information based on the special configuration requirement information and the set special configuration generation conditions;

[0032] The first running terminal performs a function binding authentication operation on the transmission configuration identifier based on the special configuration attribute information and the second transmission attribute configuration information, and obtains the transmission configuration identifier after function binding authentication;

[0033] The first operating terminal monitors the real-time operating status corresponding to the transmission configuration identifier, including:

[0034] The first operating terminal monitors the real-time operating status corresponding to the transmission configuration identifier based on the transmission configuration identifier after function binding authentication.

[0035] A second aspect of this invention discloses a cloud-edge secure communication system, comprising a first operating terminal and a second operating terminal, wherein the first operating terminal includes a receiving module and an information interaction module, and the second operating terminal includes a connection establishment module, wherein:

[0036] The receiving module is used to receive the first cloud-edge communication requirement information sent by the second operating terminal;

[0037] The information interaction module is used to perform information interaction operations with the second running terminal according to the first running communication requirement information, and obtain information interaction results;

[0038] The connection establishment module is used to establish a secure connection with the first operating terminal based on the information interaction result, so as to realize secure cloud-edge communication.

[0039] As an optional implementation, in a second aspect of the present invention, the information interaction module performs an information interaction operation with the second operating terminal based on the first operational communication requirement information, and obtains the information interaction result in the following specific ways:

[0040] The first cloud-edge communication identifier corresponding to the first operation communication requirement information is determined, and the first cloud-edge communication identifier is sent to the second operation terminal to trigger the second operation terminal to determine whether the first cloud-edge communication identifier meets the preset first cloud-edge secure communication conditions, and when the determination result is yes, the second cloud-edge communication requirement information is sent to the first operation terminal.

[0041] Based on the received second cloud-edge communication requirement information, determine whether the second operating terminal meets the preset second cloud-edge secure communication conditions;

[0042] When it is determined that the second running terminal meets the second cloud-edge secure communication conditions, the second cloud-edge communication identifier corresponding to the second cloud-edge communication requirement information is determined, and the information interaction result is determined according to the second cloud-edge communication identifier and the first cloud-edge communication identifier. The second cloud-edge communication identifier is sent to the second running terminal to trigger the second running terminal to determine the information interaction result according to the received second cloud-edge communication identifier and the first cloud-edge communication identifier.

[0043] The second operating terminal further includes a communication module, a judgment module, and a determination module, wherein:

[0044] The communication module is used to receive the first cloud-edge communication identifier sent by the first operating terminal;

[0045] The judgment module is used to determine whether the first cloud-edge communication identifier meets the preset first cloud-edge secure communication conditions;

[0046] The communication module is further configured to send second cloud-edge communication requirement information to the first operating terminal when the judgment module determines that the first cloud-edge communication identifier meets the first cloud-edge secure communication conditions;

[0047] The communication module is also used to receive the second cloud-edge communication identifier sent by the first operating terminal;

[0048] The determining module is used to determine the information interaction result based on the received second cloud-edge communication identifier and the first cloud-edge communication identifier.

[0049] As an optional implementation, in the second aspect of the present invention, the method by which the determining module determines whether the first cloud-edge communication identifier meets the preset first cloud-edge secure communication conditions specifically includes:

[0050] Determine the verification matching degree between the first cloud-edge communication identifier and the set identifier generation parameter conditions, and determine whether the verification matching degree is greater than or equal to the preset verification matching degree threshold.

[0051] When it is determined that the verification matching degree is greater than or equal to the verification matching degree threshold, it is determined that the first cloud-edge communication identifier meets the preset first cloud-edge secure communication condition;

[0052] When it is determined that the verification matching degree is less than the verification matching degree threshold, it is determined that the first cloud-edge communication identifier does not meet the preset first cloud-edge secure communication conditions.

[0053] As an optional implementation, in the second aspect of the present invention, the method by which the information interaction module determines whether the second operating terminal meets the preset second cloud-edge secure communication conditions based on the received second cloud-edge communication requirement information specifically includes:

[0054] Determine the first transmission attribute configuration information corresponding to the received second cloud-edge communication requirement information and the set configuration parsing conditions, and determine the correlation matching degree between the first transmission attribute configuration information and the set attribute configuration conditions.

[0055] Determine whether the association matching degree is greater than or equal to a preset association matching degree threshold;

[0056] When it is determined that the association matching degree is greater than or equal to the association matching degree threshold, it is determined that the second running terminal meets the preset second cloud-edge secure communication conditions;

[0057] When it is determined that the association matching degree is less than the association matching degree threshold, it is determined that the second running terminal does not meet the preset second cloud-edge secure communication conditions.

[0058] As an optional implementation, in the second aspect of the present invention, the method by which the information interaction module determines the first cloud-edge communication identifier corresponding to the first operational communication requirement information specifically includes:

[0059] Determine the operational communication requirement conditions corresponding to the first operational communication requirement information, and determine whether there is a first target certificate identifier in the pre-built identifier repository that satisfies the operational communication requirement conditions;

[0060] When it is determined that the first target certificate identifier exists in the identifier repository, the first target certificate identifier is filtered out from the identifier repository and the first target certificate identifier is determined as the first cloud-edge communication identifier corresponding to the first running communication requirement information;

[0061] When it is determined that the first target certificate identifier does not exist in the identifier repository, the target identifier configuration information is determined according to the first operational communication requirement information and the set identifier configuration generation conditions; the operational communication basic attribute information is obtained, and the second target certificate identifier is generated according to the operational communication basic attribute information, the target identifier configuration information and the set communication identifier generation conditions; the second target certificate identifier is determined as the first cloud-edge communication identifier corresponding to the first operational communication requirement information.

[0062] As an optional implementation, in a second aspect of the invention, the information interaction module is further configured to:

[0063] Before sending the second cloud-edge communication identifier to the second operating terminal, the transmission configuration identifier corresponding to the second transmission attribute configuration information is determined according to the second transmission attribute configuration information that matches the second cloud-edge communication identifier, and the real-time operating status corresponding to the transmission configuration identifier is monitored.

[0064] Based on the real-time operating status and the second transmission attribute configuration information, it is determined whether the transmission configuration identifier meets the preset valid operating conditions;

[0065] When it is determined that the transmission configuration identifier meets the valid operating conditions, the operation of sending the second cloud-edge communication identifier to the second operating terminal is executed;

[0066] When it is determined that the transmission configuration identifier does not meet the valid operating conditions, the second transmission attribute configuration information is updated according to the valid operating conditions and the real-time operating status, and the second cloud-edge communication identifier is sent to the second operating terminal based on the updated second transmission attribute configuration information.

[0067] As an optional implementation, in a second aspect of the invention, the information interaction module is further configured to:

[0068] Before monitoring the real-time operation status corresponding to the transmission configuration identifier, special configuration requirement information is obtained, and special configuration attribute information is determined based on the special configuration requirement information and the set special configuration generation conditions.

[0069] Based on the special configuration attribute information and the second transmission attribute configuration information, a function binding authentication operation is performed on the transmission configuration identifier to obtain the transmission configuration identifier after function binding authentication.

[0070] Specifically, the information interaction module monitors the real-time operation status corresponding to the transmission configuration identifier in the following ways:

[0071] Based on the transmission configuration identifier after function binding authentication, monitor the real-time operation status corresponding to the transmission configuration identifier.

[0072] A third aspect of the present invention discloses another cloud-edge secure communication system, the cloud-edge secure communication system comprising:

[0073] Memory containing executable program code;

[0074] A processor coupled to the memory;

[0075] The processor calls the executable program code stored in the memory to execute a cloud-edge secure communication method disclosed in the first aspect of the present invention.

[0076] The fourth aspect of the present invention discloses a computer storage medium storing computer instructions, which, when invoked, are used to execute a cloud-edge secure communication method disclosed in the first aspect of the present invention.

[0077] Compared with the prior art, the embodiments of the present invention have the following beneficial effects:

[0078] In this embodiment of the invention, the invention is applied to a cloud-edge secure communication system, which includes a first operating terminal and a second operating terminal. The first operating terminal receives first cloud-edge communication request information sent by the second operating terminal. Based on the first communication request information, the first operating terminal performs an information interaction operation with the second operating terminal to obtain an information interaction result. Based on the information interaction result, the second operating terminal establishes a secure connection with the first operating terminal to achieve cloud-edge secure communication. Therefore, this invention can obtain an information interaction result based on the information interaction operation between the first and second operating terminals, and establish a secure connection between them based on the information interaction result. This intelligently and conveniently achieves cloud-edge secure communication, which is beneficial for improving cloud-edge communication efficiency and accuracy, and thus for improving the security, reliability, and transmission efficiency of cloud-edge message transmission, thereby enhancing the scalability and flexibility of cloud-edge communication. Attached Figure Description

[0079] To more clearly illustrate the technical solutions in the embodiments of the present invention, the accompanying drawings used in the description of the embodiments will be briefly introduced below. Obviously, the accompanying drawings described below are only some embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

[0080] Figure 1 This is a flowchart illustrating a cloud-edge secure communication method disclosed in an embodiment of the present invention;

[0081] Figure 2 This is a flowchart illustrating another cloud-edge secure communication method disclosed in an embodiment of the present invention;

[0082] Figure 3 This is a schematic diagram of the structure of a cloud-edge secure communication system disclosed in an embodiment of the present invention;

[0083] Figure 4 This is a schematic diagram of another cloud-edge secure communication system disclosed in an embodiment of the present invention;

[0084] Figure 5 This is a schematic diagram of the structure of a first operating terminal disclosed in an embodiment of the present invention;

[0085] Figure 6 This is a schematic diagram of the structure of a second operating terminal disclosed in an embodiment of the present invention;

[0086] Figure 7 This is a schematic diagram of the structure of another cloud-edge secure communication system disclosed in an embodiment of the present invention;

[0087] Figure 8 This is a schematic diagram of the token structure of a cloud-edge secure communication method disclosed in an embodiment of the present invention;

[0088] Figure 9 This is a schematic diagram of the cloud-edge interaction process of a cloud-edge secure communication method disclosed in an embodiment of the present invention;

[0089] Figure 10 This is a schematic diagram of the secure connection establishment process of a cloud-edge secure communication method disclosed in an embodiment of the present invention. Detailed Implementation

[0090] To enable those skilled in the art to better understand the present invention, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings of the embodiments of the present invention. Obviously, the described embodiments are only some embodiments of the present invention, and not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.

[0091] The terms "first," "second," etc., used in the specification, claims, and accompanying drawings of this invention are used to distinguish different objects, not to describe a specific order. Furthermore, the terms "comprising" and "having," and any variations thereof, are intended to cover non-exclusive inclusion. For example, a process, method, apparatus, product, or end that includes a series of steps or units is not limited to the listed steps or units, but may optionally include steps or units not listed, or may optionally include other steps or units inherent to these processes, methods, products, or ends.

[0092] In this document, the term "embodiment" means that a particular feature, structure, or characteristic described in connection with an embodiment may be included in at least one embodiment of the invention. The appearance of this phrase in various places throughout the specification does not necessarily refer to the same embodiment, nor is it a separate or alternative embodiment mutually exclusive with other embodiments. It will be explicitly and implicitly understood by those skilled in the art that the embodiments described herein can be combined with other embodiments.

[0093] This invention discloses a method and system for secure cloud-edge communication. It can obtain information interaction results based on information interaction operations between a first operating terminal and a second operating terminal, and establish a secure connection between the two terminals based on these results. This intelligently and conveniently realizes secure cloud-edge communication, which is beneficial for improving the efficiency and accuracy of cloud-edge communication, thereby enhancing the security, reliability, and transmission efficiency of cloud-edge message transmission, and ultimately improving the scalability and flexibility of cloud-edge communication. Detailed descriptions follow.

[0094] Example 1

[0095] Please see Figure 1 , Figure 1 This is a flowchart illustrating a cloud-edge secure communication method disclosed in an embodiment of the present invention. Figure 1 The described method can be applied to a cloud-edge secure communication system, which includes a first operating terminal and a second operating terminal; however, this embodiment of the invention is not limited to these. Figure 1 As shown, this cloud-edge secure communication method includes the following operations:

[0096] 101. The first operating terminal receives the first cloud-edge communication request information sent by the second operating terminal.

[0097] Optionally, the first cloud-edge communication requirement information can be attached to the request instruction or sent directly as information; this embodiment of the invention does not impose any limitations.

[0098] Optionally, the first cloud-edge communication requirement information can be used by the second runtime to request the first runtime to issue secure communication requirement content (such as CA certificates, etc.), and this embodiment of the invention does not limit this.

[0099] Further optionally, before the first operating terminal receives the first cloud-edge communication request information sent by the second operating terminal, the method may further include the following operations:

[0100] Initialize the first running end.

[0101] Optionally, the specific operations corresponding to the above initialization of the first running end can be illustrated as follows: Edit the configuration file corresponding to the first running end and enable secure channel authentication (such as HTTPS authentication). The configuration file is stored in a distributed storage system for storage. Use the command for managing containerized open-source applications (such as Kubernetes) on multiple hosts in the cloud platform to edit the configuration file and determine the configuration information. Furthermore, the configuration file needs to specify the address information, port information, and whether to enable the secure channel (such as HTTPS) for listening. Furthermore, after the configuration file is edited, restart the first running end service to reload the configuration file. The first running end loads the secure channel service according to the configuration file and listens on the address information corresponding to the address information and the port information corresponding to the port information. This embodiment of the invention does not limit the scope of the invention.

[0102] 102. The first operating terminal performs information interaction operations with the second operating terminal based on the first operating communication requirement information, and obtains the information interaction results.

[0103] Optionally, the specific cloud-edge security communication interaction process between the first and second operating terminals can be referred to Figure 9 As shown, the first running terminal can correspond to Figure 9 The cloud components in the middle, the second running end can correspond to Figure 9 The edge components in the present invention are not limited in this embodiment.

[0104] 103. The second operating terminal establishes a secure connection with the first operating terminal based on the information exchange results to achieve secure cloud-edge communication.

[0105] Optionally, the procedure for establishing a bidirectional secure connection between the first and second operating terminals can be referred to Figure 10 As shown, the first running terminal can correspond to Figure 10 The server in the middle, the second running end can correspond to Figure 10 The client in this embodiment of the invention is not limited.

[0106] As can be seen, the cloud-edge secure communication method described in the embodiments of the present invention can obtain information interaction results based on the information interaction operation between the first operating terminal and the second operating terminal, and establish a secure connection between the first operating terminal and the second operating terminal based on the information interaction results. This intelligently and conveniently realizes cloud-edge secure communication, which is conducive to improving the efficiency and accuracy of cloud-edge communication, and thus conducive to improving the security, reliability and transmission efficiency of cloud-edge message transmission, thereby improving the scalability and flexibility of cloud-edge communication.

[0107] Example 2

[0108] Please see Figure 2 , Figure 2This is a flowchart illustrating another cloud-edge secure communication method disclosed in an embodiment of the present invention. Figure 1 The described method can be applied to a cloud-edge secure communication system, which includes a first operating terminal and a second operating terminal, and the embodiments of the present invention are not limited thereto.

[0109] like Figure 2 As shown, this cloud-edge secure communication method includes the following operations:

[0110] 201. The first operating terminal receives the first cloud-edge communication request information sent by the second operating terminal.

[0111] Optionally, the second running terminal can send the first cloud-edge communication requirement information to the first running terminal through a secure channel (such as HTTPS), and this embodiment of the invention does not impose any limitations.

[0112] 202. The first operating terminal determines the first cloud-edge communication identifier corresponding to the first operating communication requirement information and sends the first cloud-edge communication identifier to the second operating terminal to trigger the second operating terminal to determine whether the first cloud-edge communication identifier meets the preset first cloud-edge secure communication conditions and, if the determination result is yes, sends the second cloud-edge communication requirement information to the first operating terminal.

[0113] Optionally, the first running terminal can send the first cloud-edge communication identifier to the second running terminal through a secure channel (such as HTTPS), and this embodiment of the invention does not impose any limitations.

[0114] Optionally, the specific operation corresponding to the second running terminal sending the second cloud-edge communication requirement information to the first running terminal can be illustrated as follows: the second running terminal generates a pair of second key information and stores it in a local repository, and sends the second cloud-edge communication requirement information (such as CSR) to the first running terminal using a transport configuration identifier that matches the port of the secure channel (such as HTTPS). This embodiment of the invention does not limit the scope of the invention.

[0115] 203. The first operating terminal determines whether the second operating terminal meets the preset second cloud-edge secure communication conditions based on the received second cloud-edge communication requirement information.

[0116] Optionally, when it is determined that the second operating terminal does not meet the second cloud-edge secure communication conditions, the first operating terminal determines that it cannot send the second cloud-edge communication identifier corresponding to the second cloud-edge communication requirement information to the second operating terminal, and terminates the information interaction operation.

[0117] 204. When it is determined that the second operating terminal meets the second cloud-edge secure communication conditions, the first operating terminal determines the second cloud-edge communication identifier corresponding to the second cloud-edge communication requirement information, and determines the information interaction result based on the second cloud-edge communication identifier and the first cloud-edge communication identifier, and sends the second cloud-edge communication identifier to the second operating terminal to trigger the second operating terminal to determine the information interaction result based on the received second cloud-edge communication identifier and the first cloud-edge communication identifier.

[0118] Optionally, the information interaction result can be used to prompt the first running end and the second running end that the conditions for establishing a secure connection have been met, thereby reducing the possibility of insecure connection establishment between the first running end and the second running end. This embodiment of the invention does not limit this.

[0119] Optionally, the first operating terminal can send the second cloud-edge communication identifier to the second operating terminal through a secure channel (such as HTTPS), and this embodiment of the invention does not impose any limitations.

[0120] Optionally, the specific operation of the first running terminal sending the second cloud-edge communication identifier to the second running terminal can be illustrated as follows: The first running terminal uses the first cloud-edge communication identifier (such as a CA certificate) to sign a certificate signing application (such as a CSR) corresponding to the second cloud-edge communication requirement information to obtain the second cloud-edge communication identifier (such as an SSL certificate), and sends the second cloud-edge communication identifier to the second running terminal. This embodiment of the invention does not limit the scope of the invention.

[0121] 205. Based on the information exchange results, the second operating terminal establishes a secure connection with the first operating terminal to achieve secure cloud-edge communication.

[0122] In this embodiment of the invention, for other descriptions of steps 201-205, please refer to the detailed description of steps 101-103 in Embodiment 1. These descriptions will not be repeated in this embodiment of the invention.

[0123] As can be seen, the embodiments of the present invention can obtain information interaction results based on the information interaction operations between the first operating terminal and the second operating terminal, and establish a secure connection between the first operating terminal and the second operating terminal based on the information interaction results. This intelligently and conveniently realizes secure cloud-edge communication, which is beneficial to improving the efficiency and accuracy of cloud-edge communication, and thus beneficial to improving the security, reliability, and transmission efficiency of cloud-edge message transmission, thereby improving the scalability and flexibility of cloud-edge communication. Furthermore, it can also provide detailed information interaction methods between the first operating terminal and the second operating terminal to obtain information interaction results, enriching the comprehensiveness, rationality, and logic of the information interaction methods, thereby improving the reliability, rationality, and stability of information interaction between the first operating terminal and the second operating terminal, and thus improving the accuracy and reliability of the determined information interaction results. In addition, it can also simplify the operation steps of the information interaction methods, thereby improving the simplicity and convenience of information interaction between the first operating terminal and the second operating terminal, and thus improving the efficiency and convenience of determining the information interaction results.

[0124] In an optional embodiment, the second operating terminal's determination of whether the first cloud-edge communication identifier meets the preset first cloud-edge secure communication conditions may include:

[0125] The second operating terminal determines the verification matching degree between the first cloud-edge communication identifier and the set identifier generation parameter conditions, and determines whether the verification matching degree is greater than or equal to the preset verification matching degree threshold.

[0126] When it is determined that the verification matching degree is greater than or equal to the verification matching degree threshold, the second running terminal determines that the first cloud-edge communication identifier meets the preset first cloud-edge secure communication conditions.

[0127] When it is determined that the verification matching degree is less than the verification matching degree threshold, the second running terminal determines that the first cloud-edge communication identifier does not meet the preset first cloud-edge secure communication conditions.

[0128] Optionally, the above-mentioned first cloud-edge communication identifier satisfies the first cloud-edge secure communication condition judgment method. For example, it can be to compare the validity of the CA certificate with the hash value in the token (i.e., the value obtained by hashing the CA certificate using a hash function). This embodiment of the invention does not limit this.

[0129] As can be seen, this optional embodiment can determine the verification matching degree corresponding to the first cloud-edge communication identifier and the identifier generation parameter conditions, and determine the result of satisfying the first cloud-edge secure communication conditions based on the comparison relationship between the verification matching degrees. This is beneficial to improving the comprehensiveness, rationality and logic of the method of determining the first cloud-edge secure communication conditions, thereby improving the accuracy and reliability of the determined result of satisfying the first cloud-edge secure communication conditions, as well as improving the efficiency and convenience of determining the result of satisfying the first cloud-edge secure communication conditions. This, in turn, is beneficial to improving the accuracy and efficiency of the subsequent information interaction results determined based on the result of satisfying the first cloud-edge secure communication conditions.

[0130] In another optional embodiment, the first operating terminal, based on the received second cloud-edge communication requirement information, determines whether the second operating terminal meets the preset second cloud-edge secure communication conditions, which may include:

[0131] The first operating terminal determines the first transmission attribute configuration information corresponding to the received second cloud-edge communication requirement information and the set configuration parsing conditions, and determines the correlation matching degree between the first transmission attribute configuration information and the set attribute configuration conditions.

[0132] The first running end determines whether the association matching degree is greater than or equal to the preset association matching degree threshold;

[0133] When it is determined that the association matching degree is greater than or equal to the association matching degree threshold, the first running end determines that the second running end meets the preset second cloud-edge secure communication conditions.

[0134] When it is determined that the association matching degree is less than the association matching degree threshold, the first running end determines that the second running end does not meet the preset second cloud-edge secure communication conditions.

[0135] Optionally, the second running end meets the second cloud-edge secure communication condition judgment method. For example, it can be parsing and verifying the token (i.e., transmitting the configuration identifier). This embodiment of the invention does not limit this method.

[0136] As can be seen, this optional embodiment can determine the correlation matching degree between the first transmission attribute configuration information and the attribute configuration conditions, and determine the result of satisfying the second cloud-edge secure communication conditions based on the comparison between the correlation matching degree and the correlation matching degree threshold. This is beneficial to improving the comprehensiveness, rationality and logic of the method for determining the second cloud-edge secure communication conditions, thereby improving the accuracy and reliability of the determined result of satisfying the second cloud-edge secure communication conditions, and also beneficial to improving the efficiency and convenience of determining the result of satisfying the second cloud-edge secure communication conditions. This, in turn, is beneficial to improving the accuracy and efficiency of the subsequent information interaction results determined based on the result of satisfying the second cloud-edge secure communication conditions.

[0137] In yet another optional embodiment, the determination of the first cloud-edge communication identifier corresponding to the first operational communication requirement information by the first operating terminal may include:

[0138] The first running end determines the running communication requirement conditions corresponding to the first running communication requirement information, and determines whether there is a first target certificate identifier in the pre-built identifier repository that meets the running communication requirement conditions;

[0139] When it is determined that the first target certificate identifier exists in the identifier repository, the first running end filters out the first target certificate identifier from the identifier repository and determines the first target certificate identifier as the first cloud-edge communication identifier corresponding to the first running communication requirement information;

[0140] When it is determined that the first target certificate identifier does not exist in the identifier repository, the first running terminal determines the target identifier configuration information based on the first running communication requirement information and the set identifier configuration generation conditions; obtains the running communication basic attribute information, and generates the second target certificate identifier based on the running communication basic attribute information, the target identifier configuration information and the set communication identifier generation conditions; and determines the second target certificate identifier as the first cloud-edge communication identifier corresponding to the first running communication requirement information.

[0141] Optionally, when multiple first target certificate identifiers that meet the operational communication requirements are determined, the first target certificate identifier with the highest degree of satisfaction with the operational communication requirements and / or greater than or equal to the satisfaction threshold is selected as the first cloud-edge communication identifier. Alternatively, multiple first target certificate identifiers that meet the operational communication requirements can be directly determined as the first cloud-edge communication identifier. This embodiment of the invention does not impose any limitations.

[0142] As a further option, the method for determining the second cloud-edge communication identifier can refer to, but is not limited to, the specific operations corresponding to the method for determining the first cloud-edge communication identifier mentioned above, which will not be elaborated here.

[0143] Optionally, the first cloud-edge communication identifier may be a CA certificate and / or the first key corresponding to the CA certificate, which is not limited in this embodiment of the invention.

[0144] Optionally, the identifier repository may be a local identifier storage directory and / or a distributed storage system (such as configmap) for storage, which is not limited in this embodiment of the invention.

[0145] Optionally, the basic communication attribute information may include, but is not limited to, one or more of the following: project name, cloud service DNS domain name, IP information, etc., and this embodiment of the invention does not impose any limitations.

[0146] Optionally, the above-mentioned method for generating the second target certificate identifier can be illustrated as follows: The first running end automatically generates digital certificate information (such as cacert) for issuing the first cloud-edge communication identifier and key information (such as key) for issuing the first cloud-edge communication identifier, and stores the digital certificate information and the key information in the first distributed storage system. The namespace of the first distributed storage system is set as a namespace for logical isolation (such as topedge). Further, the digital certificate information and the key information are written into a configuration set (such as hubconfig). Further, the first running end uses basic information such as project name, cloud service DNS domain name, IP address, etc., and calls the function library in conjunction with the cloud-edge communication identifier to generate the second target certificate identifier. This embodiment of the invention is not limited.

[0147] As can be seen, this optional embodiment can provide an identifier repository filtering method and an identifier generation method to determine the first cloud-edge communication identifier, which is conducive to improving the comprehensiveness and rationality of the cloud-edge communication identifier determination method, enriching the diversity, flexibility and selectivity of the cloud-edge communication identifier determination method, thereby improving the accuracy and reliability of the determined cloud-edge communication identifier, as well as improving the efficiency and convenience of determining the cloud-edge communication identifier. In addition, it is also conducive to enriching the intelligent and diversified functions of a cloud-edge secure communication method, thereby improving the reliability and rationality of cloud-edge secure communication.

[0148] In yet another optional embodiment, before the first operating terminal sends the second cloud-edge communication identifier to the second operating terminal, the method may further include the following operations:

[0149] The first operating terminal determines the transmission configuration identifier corresponding to the second transmission attribute configuration information based on the second transmission attribute configuration information that matches the second cloud-edge communication identifier, and monitors the real-time operating status corresponding to the transmission configuration identifier.

[0150] The first operating terminal determines whether the transmission configuration identifier meets the preset valid operating conditions based on the real-time operating status and the second transmission attribute configuration information.

[0151] When it is determined that the transmission configuration identifier meets the valid operating conditions, the first operating terminal performs the above-mentioned operation of sending the second cloud-edge communication identifier to the second operating terminal;

[0152] When it is determined that the transmission configuration identifier does not meet the valid operating conditions, the first operating terminal updates the second transmission attribute configuration information according to the valid operating conditions and real-time operating status, and sends the second cloud-edge communication identifier to the second operating terminal based on the updated second transmission attribute configuration information.

[0153] Optionally, the above-mentioned determination of whether the transmission configuration identifier meets the preset valid operating conditions can be illustrated by, for example, determining whether the transmission configuration identifier is about to expire. If it is detected that the transmission configuration identifier is about to expire, the transmission attribute configuration information of the transmission configuration identifier is automatically updated in the corresponding time period (such as before the expiration, when the expiration occurs, after the expiration, etc.) to extend the online operating time of the transmission configuration identifier. This embodiment of the invention does not limit this.

[0154] Optionally, the second transmission attribute configuration information matching the second cloud-edge communication identifier and the aforementioned first transportation attribute configuration information may both correspond to the same subject (i.e., the same transmission configuration identifier) ​​or to different subjects; this embodiment of the invention does not impose any limitations on this. Furthermore, the information content corresponding to the second transmission attribute configuration information and the information content corresponding to the first transportation attribute configuration information may match or differ; this embodiment of the invention does not impose any limitations on this.

[0155] As a further optional step, the method for updating the third transportation attribute configuration information that matches the first cloud-edge communication identifier can refer to, but is not limited to, the specific operation corresponding to the second transportation attribute configuration information update method mentioned above, which will not be elaborated here.

[0156] Alternatively, the method may further include the following operations:

[0157] Generate a transport configuration identifier and determine the transport attribute configuration information corresponding to the transport configuration identifier.

[0158] Optionally, the above method of generating and configuring the transmission configuration identifier can be illustrated as follows: Set runtime configuration information corresponding to the transmission configuration identifier, and encrypt the transmission configuration identifier using key information (such as cakey) used to issue the second cloud-edge communication identifier. Further, based on information encoded as a JSON object (such as JWT) for secure transmission between the first and second running ends, and the value obtained by hashing the certificate using a hash function (such as a hash function) (such as caHash), separated by dots; furthermore, the transmission configuration identifier will be automatically refreshed before expiration, and the transmission configuration identifier and the corresponding transmission attribute configuration information will be stored in the corresponding distributed storage system. This embodiment of the invention does not impose limitations.

[0159] Optionally, the transmission attribute configuration information corresponding to the transmission configuration identifier includes the runtime configuration information corresponding to the transmission configuration identifier, which is not limited in this embodiment of the invention; further optionally, the runtime configuration information may include the set expiration time corresponding to the transmission configuration identifier (such as a token).

[0160] Optional, transport configuration identifier (i.e. Figure 8 The transport configuration identifier structure corresponding to the token shown in the document can be found in [reference]. Figure 8 As shown, the embodiments of the present invention are not limited.

[0161] As can be seen, this optional embodiment can provide a transmission configuration identifier update method. When the transmission configuration identifier does not meet the valid operating conditions, the transmission attribute configuration information of the transmission configuration identifier is updated, which improves the comprehensiveness, integrity and feasibility of the information interaction method, enriches the intelligent function of a cloud-edge secure communication method, and is conducive to realizing real-time monitoring and timely updating of the transmission configuration identifier. This is conducive to improving the stability, efficiency and effectiveness of the transmission configuration identifier's function operation, thereby improving the reliability and accuracy of information interaction based on the transmission configuration identifier, and further improving the security and stability of cloud-edge communication.

[0162] In yet another optional embodiment, before the first operating end monitors the real-time operating status corresponding to the transmission configuration identifier, the method may further include the following operations:

[0163] The first running end obtains special configuration requirement information and determines special configuration attribute information based on the special configuration requirement information and the set special configuration generation conditions;

[0164] The first running end performs a function binding authentication operation on the transmission configuration identifier based on the special configuration attribute information and the second transmission attribute configuration information, and obtains the transmission configuration identifier after function binding authentication.

[0165] The first operating terminal monitors the real-time operating status corresponding to the transmission configuration identifier, including:

[0166] The first operating end monitors the real-time operation status corresponding to the transmission configuration identifier based on the transmission configuration identifier after function binding authentication.

[0167] Optionally, performing a function binding authentication operation on the transmission configuration identifier can be understood as starting security authentication (HTTPS authentication), exposing a new secure channel port (HTTPS port) from the message processing center (such as CloudHub) for encrypted communication and protection of the transmission configuration identifier and transmission attribute configuration information transmission. This embodiment of the invention does not limit this.

[0168] As can be seen, this optional embodiment can provide a transmission configuration identifier binding authentication method, improve the comprehensiveness, integrity and feasibility of information interaction methods, enrich the intelligent functions of a cloud-edge secure communication method, provide strong support for realizing cloud-edge secure communication, and help improve the operational rationality and effectiveness of cloud-edge secure communication, thereby improving the reliability and stability of cloud-edge secure communication; in addition, it can also provide an application method for the transmission configuration identifier after function binding authentication, which helps improve the comprehensiveness and rationality of the transmission configuration identifier binding authentication method, and also helps improve the practicality and effectiveness of the transmission configuration identifier after function binding authentication.

[0169] Example 3

[0170] Please see Figure 3 , Figure 3 This is a schematic diagram of the structure of a cloud-edge secure communication system disclosed in an embodiment of the present invention. Figure 3 The described cloud-edge secure communication system includes a first operating terminal and a second operating terminal. The first operating terminal includes a receiving module 301 and an information interaction module 302, and the second operating terminal includes a connection establishment module 303.

[0171] The receiving module 301 is used to receive the first cloud-edge communication request information sent by the second operating terminal.

[0172] The information interaction module 302 is used to perform information interaction operations with the second operating terminal based on the first operating communication requirement information, and obtain the information interaction result.

[0173] The connection establishment module 303 is used to establish a secure connection with the first operating terminal based on the information exchange results, so as to realize secure cloud-edge communication.

[0174] It is evident that implementation Figure 3The described cloud-edge secure communication system can obtain information interaction results based on the information interaction operation between the first operating terminal and the second operating terminal, and establish a secure connection between the first operating terminal and the second operating terminal based on the information interaction results. It realizes cloud-edge secure communication in an intelligent and convenient way, which is conducive to improving the efficiency and accuracy of cloud-edge communication, and thus conducive to improving the security, reliability and transmission efficiency of cloud-edge message transmission, thereby improving the scalability and flexibility of cloud-edge communication.

[0175] In an optional embodiment, the information interaction module 302 performs an information interaction operation with the second operating terminal based on the first operational communication requirement information, and the specific methods for obtaining the information interaction result include:

[0176] The first cloud-edge communication identifier corresponding to the first operational communication requirement information is determined, and the first cloud-edge communication identifier is sent to the second operational terminal to trigger the second operational terminal to determine whether the first cloud-edge communication identifier meets the preset first cloud-edge secure communication conditions, and if the determination result is yes, the second cloud-edge communication requirement information is sent to the first operational terminal.

[0177] Based on the received second cloud-edge communication request information, determine whether the second operating terminal meets the preset second cloud-edge secure communication conditions;

[0178] When it is determined that the second operating terminal meets the second cloud-edge secure communication conditions, the second cloud-edge communication identifier corresponding to the second cloud-edge communication requirement information is determined, and the information interaction result is determined based on the second cloud-edge communication identifier and the first cloud-edge communication identifier. The second cloud-edge communication identifier is then sent to the second operating terminal to trigger the second operating terminal to determine the information interaction result based on the received second cloud-edge communication identifier and the first cloud-edge communication identifier.

[0179] Among them, such as Figure 4 As shown, the second operating terminal also includes a communication module 304, a judgment module 305, and a determination module 306, wherein:

[0180] The communication module 304 is used to receive the first cloud-edge communication identifier sent by the first operating terminal.

[0181] The judgment module 305 is used to determine whether the first cloud-edge communication identifier meets the preset first cloud-edge secure communication conditions.

[0182] The communication module 304 is also used to send the second cloud-edge communication requirement information to the first operating terminal when the judgment module 305 determines that the first cloud-edge communication identifier meets the first cloud-edge secure communication conditions.

[0183] The communication module 304 is also used to receive the second cloud-edge communication identifier sent by the first operating terminal.

[0184] The determination module 306 is used to determine the information interaction result based on the received second cloud-edge communication identifier and first cloud-edge communication identifier.

[0185] It is evident that implementation Figure 4 The described cloud-edge secure communication system can provide detailed information interaction methods between the first and second operating terminals to obtain information interaction results, enriching the comprehensiveness, rationality, and logic of the information interaction methods. This is conducive to improving the reliability, rationality, and stability of information interaction between the first and second operating terminals, thereby improving the accuracy and reliability of the determined information interaction results. In addition, it is conducive to simplifying the operation steps of the information interaction methods, thereby improving the simplicity and convenience of information interaction between the first and second operating terminals, and thus improving the efficiency and convenience of determining the information interaction results.

[0186] In another optional embodiment, the method by which the determining module 305 determines whether the first cloud-edge communication identifier meets the preset first cloud-edge secure communication conditions specifically includes:

[0187] Determine the verification matching degree between the first cloud-edge communication identifier and the set identifier generation parameter conditions, and determine whether the verification matching degree is greater than or equal to the preset verification matching degree threshold.

[0188] When it is determined that the verification matching degree is greater than or equal to the verification matching degree threshold, it is determined that the first cloud-edge communication identifier meets the preset first cloud-edge secure communication conditions.

[0189] When it is determined that the verification matching degree is less than the verification matching degree threshold, it is determined that the first cloud-edge communication identifier does not meet the preset first cloud-edge secure communication conditions.

[0190] It is evident that implementation Figure 4 The described cloud-edge secure communication system can also determine the verification matching degree corresponding to the first cloud-edge communication identifier and the identifier generation parameter conditions, and determine the result of satisfying the first cloud-edge secure communication conditions based on the comparison relationship between the verification matching degrees. This is beneficial to improving the comprehensiveness, rationality and logic of the method of determining the first cloud-edge secure communication conditions, thereby improving the accuracy and reliability of the determined result of satisfying the first cloud-edge secure communication conditions, as well as improving the efficiency and convenience of determining the result of satisfying the first cloud-edge secure communication conditions. This, in turn, is beneficial to improving the accuracy and efficiency of subsequent information interaction results determined based on the result of satisfying the first cloud-edge secure communication conditions.

[0191] In another optional embodiment, the information interaction module 302 determines whether the second operating terminal meets the preset second cloud-edge secure communication conditions based on the received second cloud-edge communication requirement information, specifically including:

[0192] Determine the first transmission attribute configuration information corresponding to the received second cloud-edge communication requirement information and the set configuration parsing conditions, and determine the correlation matching degree between the first transmission attribute configuration information and the set attribute configuration conditions.

[0193] Determine whether the association matching degree is greater than or equal to the preset association matching degree threshold;

[0194] When it is determined that the association matching degree is greater than or equal to the association matching degree threshold, it is determined that the second running end meets the preset second cloud-edge secure communication conditions.

[0195] When it is determined that the association matching degree is less than the association matching degree threshold, it is determined that the second running end does not meet the preset second cloud-edge secure communication conditions.

[0196] It is evident that implementation Figure 4 The described cloud-edge secure communication system can also determine the correlation matching degree between the first transmission attribute configuration information and the attribute configuration conditions, and determine the result of satisfying the second cloud-edge secure communication conditions based on the comparison between the correlation matching degree and the correlation matching degree threshold. This is beneficial to improving the comprehensiveness, rationality, and logic of the method for determining the second cloud-edge secure communication conditions, thereby improving the accuracy and reliability of the determined result of satisfying the second cloud-edge secure communication conditions, as well as improving the efficiency and convenience of determining the result of satisfying the second cloud-edge secure communication conditions. This, in turn, is beneficial to improving the accuracy and efficiency of the subsequent information interaction results determined based on the result of satisfying the second cloud-edge secure communication conditions.

[0197] In yet another optional embodiment, the method by which the information interaction module 302 determines the first cloud-edge communication identifier corresponding to the first operational communication requirement information specifically includes:

[0198] Determine the runtime communication requirement conditions corresponding to the first runtime communication requirement information, and determine whether there is a first target certificate identifier in the pre-built identifier repository that meets the runtime communication requirement conditions;

[0199] When it is determined that the first target certificate identifier exists in the identifier repository, the first target certificate identifier is filtered out from the identifier repository and identified as the first cloud-edge communication identifier corresponding to the first running communication requirement information;

[0200] When it is determined that the first target certificate identifier does not exist in the identifier repository, the target identifier configuration information is determined according to the first operational communication requirement information and the set identifier configuration generation conditions; the operational communication basic attribute information is obtained, and the second target certificate identifier is generated according to the operational communication basic attribute information, the target identifier configuration information and the set communication identifier generation conditions; the second target certificate identifier is determined as the first cloud-edge communication identifier corresponding to the first operational communication requirement information.

[0201] It is evident that implementation Figure 4 The described cloud-edge secure communication system can also provide an identifier repository for filtering identifiers and an identifier generation method to determine the first cloud-edge communication identifier. This is beneficial for improving the comprehensiveness and rationality of the cloud-edge communication identifier determination method, enriching the diversity, flexibility, and selectivity of the cloud-edge communication identifier determination method, thereby improving the accuracy and reliability of the determined cloud-edge communication identifier, as well as improving the efficiency and convenience of determining the cloud-edge communication identifier. In addition, it is beneficial for enriching the intelligent and diversified functions of a cloud-edge secure communication method, thereby improving the reliability and rationality of cloud-edge secure communication.

[0202] In yet another optional embodiment, the information interaction module 302 is further configured to:

[0203] Before sending the second cloud-edge communication identifier to the second operating terminal, the transmission configuration identifier corresponding to the second transmission attribute configuration information is determined according to the second transmission attribute configuration information that matches the second cloud-edge communication identifier, and the real-time operating status corresponding to the transmission configuration identifier is monitored.

[0204] Based on the real-time operating status and the second transmission attribute configuration information, determine whether the transmission configuration identifier meets the preset valid operating conditions;

[0205] When it is determined that the transmission configuration identifier meets the valid operating conditions, the above-mentioned operation of sending the second cloud-edge communication identifier to the second operating terminal is performed;

[0206] When it is determined that the transmission configuration identifier does not meet the valid operating conditions, the second transmission attribute configuration information is updated according to the valid operating conditions and real-time operating status, and the second cloud-edge communication identifier is sent to the second operating terminal based on the updated second transmission attribute configuration information.

[0207] It is evident that implementation Figure 4The described cloud-edge secure communication system also provides a transmission configuration identifier update method. When the transmission configuration identifier does not meet the valid operating conditions, the transmission attribute configuration information of the transmission configuration identifier is updated, improving the comprehensiveness, integrity, and feasibility of the information interaction method. This enriches the intelligent function of a cloud-edge secure communication method, which is conducive to realizing real-time monitoring and timely updating of the transmission configuration identifier. In turn, it is conducive to improving the stability, efficiency, and effectiveness of the transmission configuration identifier's operation, thereby improving the reliability and accuracy of information interaction based on the transmission configuration identifier, and further enhancing the security and stability of cloud-edge communication.

[0208] In yet another optional embodiment, the information interaction module 302 is further configured to:

[0209] Before monitoring the real-time operation status corresponding to the transmission configuration identifier, special configuration requirement information is obtained, and special configuration attribute information is determined based on the special configuration requirement information and the set special configuration generation conditions.

[0210] Based on the special configuration attribute information and the second transmission attribute configuration information, perform a function binding authentication operation on the transmission configuration identifier to obtain the function-bound authenticated transmission configuration identifier.

[0211] The specific methods by which the information interaction module monitors the real-time operation of the transmission configuration identifier include:

[0212] Based on the transmission configuration identifier after function binding authentication, monitor the real-time operation status corresponding to the transmission configuration identifier.

[0213] It is evident that implementation Figure 4 The described cloud-edge secure communication system can also provide a transmission configuration identifier binding authentication method, which improves the comprehensiveness, integrity, and feasibility of information interaction methods, enriches the intelligent functions of a cloud-edge secure communication method, provides strong support for realizing cloud-edge secure communication, and helps improve the operational rationality and effectiveness of cloud-edge secure communication, thereby improving the reliability and stability of cloud-edge secure communication; in addition, it can also provide an application method for transmission configuration identifiers after function binding authentication, which helps improve the comprehensiveness and rationality of transmission configuration identifier binding authentication methods, and also helps improve the practicality and effectiveness of transmission configuration identifiers after function binding authentication.

[0214] Example 4

[0215] Please see Figure 5 , Figure 5 This is a schematic diagram of the structure of a first operating terminal disclosed in an embodiment of the present invention. Figure 5 As shown, the first operating terminal may include:

[0216] Memory 401 storing executable program code;

[0217] Processor 402 coupled to memory 401;

[0218] The processor 402 calls the executable program code stored in the memory 401 to execute the steps in the cloud-edge secure communication method described in Embodiment 1 or Embodiment 2.

[0219] Example 5

[0220] Please see Figure 6 , Figure 6 This is a schematic diagram of the structure of a second operating terminal disclosed in an embodiment of the present invention. Figure 6 As shown, the second operating terminal may include:

[0221] Memory 501 storing executable program code;

[0222] Processor 502 coupled to memory 501;

[0223] The processor 502 calls the executable program code stored in the memory 501 to execute the steps in the cloud-edge secure communication method described in Embodiment 1 or Embodiment 2.

[0224] Example 6

[0225] Please see Figure 7 , Figure 7 This is a schematic diagram of the structure of another cloud-edge secure communication system disclosed in an embodiment of the present invention. For example... Figure 7 As shown, the cloud-edge secure communication system may include:

[0226] Memory 601 storing executable program code;

[0227] Processor 602 coupled to memory 601;

[0228] Furthermore, it may also include an input interface 603 coupled to the processor 602 and an output interface 604;

[0229] The processor 602 calls the executable program code stored in the memory 601 to execute the steps in the cloud-edge secure communication method described in Embodiment 1 or Embodiment 2.

[0230] Example 7

[0231] This invention discloses a computer read storage medium that stores a computer program for electronic data interchange, wherein the computer program causes a computer to perform the steps of a cloud-edge secure communication method described in Embodiment 1 or Embodiment 2.

[0232] Example 8

[0233] This invention discloses a computer program product, which includes a non-transitory computer-readable storage medium storing a computer program, and the computer program is operable to cause a computer to perform the steps of a cloud-edge secure communication method described in Embodiment 1 or Embodiment 2.

[0234] The device embodiments described above are merely illustrative. The modules described as separate components may or may not be physically separate. The components shown as modules may or may not be physical modules; that is, they may be located in one place or distributed across multiple network modules. Some or all of the modules can be selected to achieve the purpose of this embodiment according to actual needs. Those skilled in the art can understand and implement this without any creative effort.

[0235] Through the detailed description of the above embodiments, those skilled in the art can clearly understand that each implementation method can be implemented by means of software plus necessary general-purpose hardware platforms, and of course, it can also be implemented by hardware. Based on this understanding, the above technical solutions, in essence or the part that contributes to the prior art, can be embodied in the form of a software product. This computer software product can be stored in a computer-readable storage medium, including read-only memory (ROM), random access memory (RAM), programmable read-only memory (PROM), erasable programmable read-only memory (EPROM), one-time programmable read-only memory (OTPROM), electrically-Erasable Programmable Read-Only Memory (EEPROM), compact disc read-only memory (CD-ROM) or other optical disc storage, disk storage, magnetic tape storage, or any other computer-readable medium that can be used to carry or store data.

[0236] Finally, it should be noted that the cloud-edge secure communication method and system disclosed in the embodiments of the present invention are merely preferred embodiments of the present invention and are only used to illustrate the technical solutions of the present invention, not to limit it. Although the present invention has been described in detail with reference to the foregoing embodiments, those skilled in the art should understand that modifications can still be made to the technical solutions described in the foregoing embodiments, or equivalent substitutions can be made to some of the technical features. Such modifications or substitutions do not cause the essence of the corresponding technical solutions to deviate from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims

1. A method for secure cloud-edge communication, characterized in that, The method is applied to a cloud-edge secure communication system, which includes a first operating terminal and a second operating terminal. The method includes: The first operating terminal receives the first cloud-edge communication request information sent by the second operating terminal; The first operating terminal determines the first cloud-edge communication identifier corresponding to the first operating communication requirement information and sends the first cloud-edge communication identifier to the second operating terminal to trigger the second operating terminal to determine whether the first cloud-edge communication identifier meets the preset first cloud-edge secure communication conditions and send the second cloud-edge communication requirement information to the first operating terminal when the determination result is yes. The first operating terminal determines whether the second operating terminal meets the preset second cloud-edge secure communication conditions based on the received second cloud-edge communication requirement information; When it is determined that the second operating terminal meets the second cloud-edge secure communication conditions, the first operating terminal determines the second cloud-edge communication identifier corresponding to the second cloud-edge communication requirement information, and determines the information interaction result based on the second cloud-edge communication identifier and the first cloud-edge communication identifier, and sends the second cloud-edge communication identifier to the second operating terminal to trigger the second operating terminal to determine the information interaction result based on the received second cloud-edge communication identifier and the first cloud-edge communication identifier; The second operating terminal establishes a secure connection with the first operating terminal based on the information interaction result to achieve secure cloud-edge communication; And, the second operating terminal determines whether the first cloud-edge communication identifier meets the preset first cloud-edge secure communication conditions, including: The second operating terminal determines the verification matching degree between the first cloud-edge communication identifier and the set identifier generation parameter conditions, and determines whether the verification matching degree is greater than or equal to a preset verification matching degree threshold; when it is determined that the verification matching degree is greater than or equal to the verification matching degree threshold, the second operating terminal determines that the first cloud-edge communication identifier meets the preset first cloud-edge secure communication conditions; when it is determined that the verification matching degree is less than the verification matching degree threshold, the second operating terminal determines that the first cloud-edge communication identifier does not meet the preset first cloud-edge secure communication conditions. Furthermore, the first operating terminal determines, based on the received second cloud-edge communication requirement information, whether the second operating terminal meets the preset second cloud-edge secure communication conditions, including: The first operating terminal determines the first transmission attribute configuration information corresponding to the received second cloud-edge communication requirement information and the set configuration parsing conditions, and determines the correlation matching degree between the first transmission attribute configuration information and the set attribute configuration conditions; the first operating terminal determines whether the correlation matching degree is greater than or equal to a preset correlation matching degree threshold; when it is determined that the correlation matching degree is greater than or equal to the correlation matching degree threshold, the first operating terminal determines that the second operating terminal meets the preset second cloud-edge secure communication conditions; when it is determined that the correlation matching degree is less than the correlation matching degree threshold, the first operating terminal determines that the second operating terminal does not meet the preset second cloud-edge secure communication conditions. And, before the first operating terminal sends the second cloud-edge communication identifier to the second operating terminal, the method further includes: The first operating terminal determines the transmission configuration identifier corresponding to the second transmission attribute configuration information based on the second transmission attribute configuration information that matches the second cloud-edge communication identifier, and monitors the real-time operating status corresponding to the transmission configuration identifier; The first operating terminal determines whether the transmission configuration identifier meets the preset valid operating conditions based on the real-time operating status and the second transmission attribute configuration information; When it is determined that the transmission configuration identifier meets the valid operating conditions, the first operating terminal performs the operation of sending the second cloud-edge communication identifier to the second operating terminal; When it is determined that the transmission configuration identifier does not meet the valid operating conditions, the first operating terminal updates the second transmission attribute configuration information according to the valid operating conditions and the real-time operating status, and sends the second cloud-edge communication identifier to the second operating terminal based on the updated second transmission attribute configuration information; Furthermore, the method further includes: Set runtime configuration information corresponding to the transmission configuration identifier, encrypt the transmission configuration identifier using key information for issuing the second cloud-edge communication identifier, and automatically refresh the transmission configuration identifier before expiration by separating the value obtained by hashing the certificate using a hash function and the information encoded as a JSON object for secure transmission between the first and second running ends and using a key information for secure transmission between the first and second running ends, and storing the transmission configuration identifier and its corresponding transmission attribute configuration information in the corresponding distributed storage system. And, the step of determining whether the transmission configuration identifier meets the preset valid operating conditions based on the real-time operating status and the second transmission attribute configuration information includes: Determine whether the transmission configuration identifier is about to expire; When it is determined that the transmission configuration identifier is about to expire, the transmission attribute configuration information of the transmission configuration identifier is automatically updated in the corresponding time period to extend the online running time of the transmission configuration identifier. And, before the first operating terminal monitors the real-time operating status corresponding to the transmission configuration identifier, the method further includes: The first running terminal obtains special configuration requirement information and determines special configuration attribute information based on the special configuration requirement information and the set special configuration generation conditions; The first running terminal performs a function binding authentication operation on the transmission configuration identifier according to the special configuration attribute information and the second transmission attribute configuration information to obtain the transmission configuration identifier after function binding authentication; the function binding authentication operation includes starting security authentication and exposing a new secure channel port from the message processing center for encrypted communication and protection of the transmission configuration identifier and transmission attribute configuration information transmission. The first operating terminal monitors the real-time operating status corresponding to the transmission configuration identifier, including: The first operating terminal monitors the real-time operating status corresponding to the transmission configuration identifier based on the transmission configuration identifier after function binding authentication.

2. The method for secure cloud-edge communication according to claim 1, characterized in that, The first operating terminal determines the first cloud-edge communication identifier corresponding to the first operating communication requirement information, including: The first operating terminal determines the operating communication requirement conditions corresponding to the first operating communication requirement information, and determines whether there is a first target certificate identifier in the pre-built identifier repository that meets the operating communication requirement conditions; When it is determined that the first target certificate identifier exists in the identifier repository, the first running terminal filters out the first target certificate identifier from the identifier repository and determines the first target certificate identifier as the first cloud-edge communication identifier corresponding to the first running communication requirement information; When it is determined that the first target certificate identifier does not exist in the identifier repository, the first running terminal determines the target identifier configuration information based on the first running communication requirement information and the set identifier configuration generation conditions; obtains the running communication basic attribute information, and generates the second target certificate identifier based on the running communication basic attribute information, the target identifier configuration information and the set communication identifier generation conditions; and determines the second target certificate identifier as the first cloud-edge communication identifier corresponding to the first running communication requirement information.

3. A cloud-edge secure communication system, characterized in that, The cloud-edge secure communication system includes a first operating terminal and a second operating terminal. The first operating terminal includes a receiving module and an information interaction module, and the second operating terminal includes a connection establishment module. The receiving module is used to receive the first cloud-edge communication requirement information sent by the second operating terminal; The information interaction module is used to determine the first cloud-edge communication identifier corresponding to the first operational communication requirement information, and send the first cloud-edge communication identifier to the second operational terminal to trigger the second operational terminal to determine whether the first cloud-edge communication identifier meets the preset first cloud-edge secure communication conditions, and send the second cloud-edge communication requirement information to the first operational terminal when the determination result is yes; determine whether the second operational terminal meets the preset second cloud-edge secure communication conditions based on the received second cloud-edge communication requirement information; when it is determined that the second operational terminal meets the second cloud-edge secure communication conditions, determine the second cloud-edge communication identifier corresponding to the second cloud-edge communication requirement information, determine the information interaction result based on the second cloud-edge communication identifier and the first cloud-edge communication identifier, and send the second cloud-edge communication identifier to the second operational terminal to trigger the second operational terminal to determine the information interaction result based on the received second cloud-edge communication identifier and the first cloud-edge communication identifier; The connection establishment module is used to establish a secure connection with the first running terminal based on the information interaction result, so as to realize secure cloud-edge communication; Furthermore, the specific methods by which the judgment module determines whether the first cloud-edge communication identifier meets the preset first cloud-edge secure communication conditions include: The verification matching degree between the first cloud-edge communication identifier and the set identifier generation parameter conditions is determined, and it is determined whether the verification matching degree is greater than or equal to a preset verification matching degree threshold. When it is determined that the verification matching degree is greater than or equal to the verification matching degree threshold, it is determined that the first cloud-edge communication identifier meets the preset first cloud-edge secure communication condition. When it is determined that the verification matching degree is less than the verification matching degree threshold, it is determined that the first cloud-edge communication identifier does not meet the preset first cloud-edge secure communication condition. Furthermore, the method by which the information interaction module determines whether the second operating terminal meets the preset second cloud-edge secure communication conditions based on the received second cloud-edge communication requirement information specifically includes: The system determines the first transmission attribute configuration information corresponding to the received second cloud-edge communication requirement information and the set configuration parsing conditions, and determines the correlation matching degree between the first transmission attribute configuration information and the set attribute configuration conditions; it then determines whether the correlation matching degree is greater than or equal to a preset correlation matching degree threshold; when the correlation matching degree is greater than or equal to the correlation matching degree threshold, it determines that the second operating terminal meets the preset second cloud-edge secure communication conditions; when the correlation matching degree is less than the correlation matching threshold, it determines that the second operating terminal does not meet the preset second cloud-edge secure communication conditions. The information interaction module is further configured to, before sending the second cloud-edge communication identifier to the second operating terminal, determine the transmission configuration identifier corresponding to the second transmission attribute configuration information based on the second transmission attribute configuration information matching the second cloud-edge communication identifier, and monitor the real-time operating status corresponding to the transmission configuration identifier; determine whether the transmission configuration identifier meets preset valid operating conditions based on the real-time operating status and the second transmission attribute configuration information; when it is determined that the transmission configuration identifier meets the valid operating conditions, perform the operation of sending the second cloud-edge communication identifier to the second operating terminal; when it is determined that the transmission configuration identifier does not meet the valid operating conditions, update the second transmission attribute configuration information based on the valid operating conditions and the real-time operating status, and send the second cloud-edge communication identifier to the second operating terminal based on the updated second transmission attribute configuration information; The information interaction module is also used to set the runtime configuration information corresponding to the transmission configuration identifier, encrypt the transmission configuration identifier using the key information used to issue the second cloud-edge communication identifier, and automatically refresh the transmission configuration identifier and store the transmission configuration identifier and its corresponding transmission attribute configuration information to the corresponding distributed storage system before the expiration date, based on the information encoded as a JSON object for secure transmission between the first and second running ends and the value obtained by hashing the certificate using a hash function and separating it with dots. Furthermore, the method by which the information interaction module determines whether the transmission configuration identifier meets the preset valid operating conditions based on the real-time operating status and the second transmission attribute configuration information specifically includes: Determine whether the transmission configuration identifier is about to expire; When it is determined that the transmission configuration identifier is about to expire, the transmission attribute configuration information of the transmission configuration identifier is automatically updated in the corresponding time period to extend the online running time of the transmission configuration identifier. Furthermore, the information interaction module is also used to obtain special configuration requirement information before monitoring the real-time operation status corresponding to the transmission configuration identifier, and determine special configuration attribute information based on the special configuration requirement information and the set special configuration generation conditions; perform a function binding authentication operation on the transmission configuration identifier based on the special configuration attribute information and the second transmission attribute configuration information to obtain the function-bound authenticated transmission configuration identifier; the function binding authentication operation includes starting security authentication and exposing a new secure channel port from the message processing center for encrypted communication and protection of the transmission configuration identifier and transmission attribute configuration information transmission; Specifically, the information interaction module monitors the real-time operation status corresponding to the transmission configuration identifier in the following ways: Based on the transmission configuration identifier after function binding authentication, monitor the real-time operation status corresponding to the transmission configuration identifier.

4. A cloud-edge secure communication system, characterized in that, The cloud-edge secure communication system includes: Memory containing executable program code; A processor coupled to the memory; The processor calls the executable program code stored in the memory to execute a cloud-edge secure communication method as described in claim 1 or 2.

5. A computer storage medium, characterized in that, The computer storage medium stores computer instructions, which, when invoked, are used to execute a cloud-edge secure communication method as described in claim 1 or 2.