Aiot communication method and storage medium

By using a digital signature verification mechanism in AIoT communication, the problem of difficulty in verifying the authenticity of information from AIoT devices is solved, thus ensuring the authenticity and security of information.

WO2026145273A1PCT designated stage Publication Date: 2026-07-09BEIJING SPREADTRUM HI TECH COMM TECH CO LTD

Patent Information

Authority / Receiving Office
WO · WO
Patent Type
Applications
Current Assignee / Owner
BEIJING SPREADTRUM HI TECH COMM TECH CO LTD
Filing Date
2025-12-25
Publication Date
2026-07-09

AI Technical Summary

Technical Problem

In existing AIoT communication, the authenticity of service information provided by AIoT devices is difficult to verify, and there is a risk that the devices may deny providing such information.

Method used

When sending business information, AIoT devices carry digital signatures. The first device verifies the digital signature using the AIoT device's public key to confirm the authenticity of the information. Signature algorithms such as hash algorithms and elliptic curve algorithms are used to generate and verify digital signatures.

Benefits of technology

Ensure the authenticity of AIoT business information, prevent devices from denying the information they provide, and improve the reliability and security of communication.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN2025145770_09072026_PF_FP_ABST
    Figure CN2025145770_09072026_PF_FP_ABST
Patent Text Reader

Abstract

The present disclosure belongs to the technical field of communications. Provided in the embodiments of the present disclosure are an AIoT communication method and a storage medium. In the AIoT communication method, an AIoT device sends first information and a first digital signature to a first device, wherein the first digital signature is generated on the basis of the first information and a private key of the AIoT device, and and the first information is encrypted or unencrypted first AIoT service information; and the first device acquires a public key of the IoT device, and verifies the first digital signature on the basis of the public key of the AIoT device and the first information.
Need to check novelty before this filing date? Find Prior Art

Description

AIoT communication methods and storage media

[0001] Cross-references to related applications

[0002] This disclosure is based on and claims priority to Chinese Patent Application No. 202411982190.1, filed on December 30, 2024, the entire contents of which are incorporated herein by reference. Technical Field

[0003] This disclosure belongs to the field of communication technology, specifically relating to an AIoT communication method and storage medium. Background Technology

[0004] Ambient Internet of Things (AIoT) aims to provide a low-power, low-complexity, and low-cost Internet of Things solution.

[0005] In AIoT services, the first device can send AIoT service requests to the AIoT device, such as inventory requests or command requests. Based on the received AIoT service requests, the AIoT device executes the AIoT service and sends service response information to the first device. Summary of the Invention

[0006] This disclosure relates to an AIoT communication method and storage medium, which may include the following aspects:

[0007] In a first aspect, embodiments of this disclosure provide an AIoT communication method applied in an AIoT device, the method comprising:

[0008] Send first information and a first digital signature, the first digital signature being generated based on the first information and the private key of the AIoT device, the first information being encrypted or unencrypted first AIoT business information.

[0009] In one possible implementation, the first information is generated based on the first AIoT service information and the public key of the first device; or, the first information includes ciphertext and plaintext, wherein the ciphertext is generated based on a portion of the information in the first AIoT service information and the public key of the first device, and the plaintext is other information in the first AIoT service information besides the portion of information.

[0010] The information includes the identifier of the AIoT device.

[0011] In one possible implementation, the first AIoT service information includes at least one of the following: AIoT service execution result, the identifier of the AIoT device, first synchronization information, first indication information, second indication information, and the identifier of the first device;

[0012] The first indication information is used to indicate the AIoT service type, and the second indication information is used to indicate the AIoT service identifier.

[0013] In one possible implementation, the first synchronization information includes at least one of the following: event information related to the AIoT service, time information related to the AIoT service, and a first sequence number;

[0014] The event information related to AIoT services includes the number of inventory entries or the number of instructions.

[0015] In one possible implementation, the method further includes:

[0016] Send the public key of the AIoT device.

[0017] In one possible implementation, sending the public key of the AIoT device includes:

[0018] Send a first certificate, the first certificate including a second digital signature and second information, the second information including the public key of the AIoT device;

[0019] The holder of the first certificate is the AIoT device, and the second digital signature is generated based on the second information and the private key of the second device.

[0020] In one possible implementation, the second information further includes at least one of the following: a first algorithm, validity information of the first certificate, the identifier of the AIoT device, the identifier of the second device, and the certificate number of the first certificate;

[0021] The first algorithm is an algorithm related to the public key of the AIoT device.

[0022] In one possible implementation, the validity information of the first certificate includes at least one of the following: the validity period of the first certificate, a first value, and a second value;

[0023] Wherein, the first value indicates the maximum number of times the public key of the AIoT device can be used, and the second value indicates the maximum number of times the AIoT service can be operated.

[0024] In one possible implementation, the method further includes:

[0025] Receive third information, the third information including second AIoT service information, second synchronization information, and third digital signature, the third digital signature being generated based on the second AIoT service information, the second synchronization information, and the private key of the first device;

[0026] Based on the aforementioned third information, execute AIoT services.

[0027] In one possible implementation, the third information further includes a second certificate, the holder of which is the first device.

[0028] In one possible implementation, the method further includes:

[0029] Receive a second certificate, the holder of which is the first device.

[0030] In one possible implementation, the method further includes:

[0031] Obtain key-related information, including the private key and related algorithms of the AIoT device, and the public key and related algorithms of the second device.

[0032] In one possible implementation, the key-related information also includes a second certificate, the certificate holder of which is the first device.

[0033] In one possible implementation, the second certificate includes fourth information and a fourth digital signature, the fourth digital signature being generated based on the fourth information and the private key of the second device, the fourth information including the public key of the first device.

[0034] In one possible implementation, the fourth information further includes at least one of the following: a second algorithm, validity information of the second certificate, the identifier of the first device, the identifier of the second device, and the certificate number of the second certificate;

[0035] The second algorithm is an algorithm related to the public key of the first device.

[0036] In one possible implementation, the validity information of the second certificate includes at least one of the following: the validity period of the second certificate, a third value, and a second value;

[0037] The third value indicates the maximum number of times the public key of the first device can be used, and the second value indicates the maximum number of times the AIoT service can be operated.

[0038] Secondly, this disclosure provides an AIoT communication method applied in a first device, the method comprising:

[0039] Receive first information and a first digital signature, wherein the first digital signature is generated based on the first information and the private key of the AIoT device, and the first information is encrypted or unencrypted first AIoT business information;

[0040] Obtain the public key of the AIoT device;

[0041] The first digital signature is verified based on the public key of the AIoT device and the first information.

[0042] In one possible implementation, the first AIoT service information includes at least one of the following: AIoT service execution result, the identifier of the AIoT device, first synchronization information, first indication information, second indication information, and the identifier of the first device;

[0043] The first indication information is used to indicate the AIoT service type, and the second indication information is used to indicate the AIoT service identifier.

[0044] In one possible implementation, the first synchronization information includes at least one of the following: event information related to the AIoT service, time information related to the AIoT service, and a first sequence number;

[0045] The event information related to AIoT services includes the number of inventory entries or the number of instructions.

[0046] In one possible implementation, obtaining the public key of the AIoT device includes:

[0047] Receive a first certificate, the first certificate including a second digital signature and second information, the second information including the public key of the AIoT device;

[0048] The holder of the first certificate is the AIoT device, and the second digital signature is generated based on the second information and the private key of the second device.

[0049] In one possible implementation, the second information further includes at least one of the following: a first algorithm, validity information of the first certificate, the identifier of the AIoT device, the identifier of the second device, and the certificate number of the first certificate;

[0050] The first algorithm is an algorithm related to the public key of the AIoT device.

[0051] In one possible implementation, the validity information of the first certificate includes at least one of the following: the validity period of the first certificate, a first value, and a second value;

[0052] Wherein, the first value indicates the maximum number of times the public key of the AIoT device can be used, and the second value indicates the maximum number of times the AIoT service can be operated.

[0053] In one possible implementation, the method further includes:

[0054] Send a third message, which includes a second AIoT service message, a second synchronization message, and a third digital signature. The third digital signature is generated based on the second AIoT service message, the second synchronization message, and the private key of the first device.

[0055] In one possible implementation, the third information further includes a second certificate, the holder of which is the first device.

[0056] In one possible implementation, the method further includes:

[0057] Send a second certificate, the holder of which is the first device.

[0058] In one possible implementation, the method further includes:

[0059] Obtain the fifth piece of information, which includes the public key and related algorithms of the first device, and the private key and related algorithms of the first device;

[0060] Send a sixth message, which requests a second certificate, the holder of which is the first device;

[0061] Receive the second certificate.

[0062] In one possible implementation, the second certificate includes the fourth information and a fourth digital signature, the fourth digital signature being generated based on the fourth information and the private key of the second device, the fourth information including the public key of the first device.

[0063] In one possible implementation, the fourth information further includes at least one of the following: a second algorithm, validity information of the second certificate, the identifier of the first device, the identifier of the second device, and the certificate number of the second certificate;

[0064] The second algorithm is an algorithm related to the public key of the first device.

[0065] In one possible implementation, the validity information of the second certificate includes at least one of the following: the validity period of the second certificate, a third value, and a second value;

[0066] The third value indicates the maximum number of times the public key of the first device can be used, and the second value indicates the maximum number of times the AIoT service can be operated.

[0067] In one possible implementation, the fifth information also includes the validity information of the second certificate;

[0068] The sixth piece of information includes: the identifier of the first device, the public key and related algorithm of the first device, and the validity information of the second certificate.

[0069] Thirdly, embodiments of this disclosure provide an AIoT communication device for use in AIoT devices, the device comprising:

[0070] The sending module is used to send first information and a first digital signature, wherein the first digital signature is generated based on the first information and the private key of the AIoT device, and the first information is encrypted or unencrypted first AIoT business information.

[0071] Fourthly, embodiments of this disclosure provide an AIoT communication device applied in a first device, the device comprising:

[0072] A receiving module is used to receive first information and a first digital signature, wherein the first digital signature is generated based on the first information and the private key of the AIoT device, and the first information is encrypted or unencrypted first AIoT business information.

[0073] The acquisition module is used to acquire the public key of the AIoT device;

[0074] The verification module is used to verify the first digital signature based on the public key of the AIoT device and the first information.

[0075] Fifthly, embodiments of this disclosure provide an AIoT communication device, including: a processor and a memory;

[0076] The memory stores computer-executed instructions;

[0077] The processor executes computer execution instructions stored in the memory to implement the method as described in the first or second aspect.

[0078] In a sixth aspect, embodiments of this disclosure provide a computer-readable storage medium storing computer-executable instructions that, when executed by a computer, implement the method described in the first or second aspect.

[0079] In a seventh aspect, embodiments of this disclosure provide a computer program product, including a computer program that, when executed by a computer, implements the method described in the first or second aspect.

[0080] Eighthly, embodiments of this disclosure provide a chip having a computer program stored on it, which, when executed by the chip, implements the method described in the first or second aspect.

[0081] In one possible implementation, the chip is a chip in a chip module. Attached Figure Description

[0082] Figure 1 is a schematic diagram of the structure of an X.509 certificate;

[0083] Figure 2A is a schematic diagram of a network architecture provided in an embodiment of this disclosure;

[0084] Figure 2B is a schematic diagram of another network architecture provided in an embodiment of this disclosure;

[0085] Figure 3 is a flowchart illustrating the AIoT communication method provided in this embodiment of the present disclosure.

[0086] Figure 4 is a schematic flowchart of the AIoT communication method provided in this embodiment of the present disclosure.

[0087] Figure 5 is a schematic diagram of the structure of the first certificate provided in an embodiment of this disclosure;

[0088] Figure 6 is a flowchart illustrating the AIoT communication method provided in this embodiment of the present disclosure.

[0089] Figure 7 is a flowchart illustrating the AIoT communication method provided in this embodiment of the present disclosure.

[0090] Figure 8 is a flowchart illustrating the AIoT communication method provided in this embodiment of the present disclosure.

[0091] Figure 9 is a schematic diagram of generating a first digital signature according to an embodiment of this disclosure;

[0092] Figure 10 is a schematic diagram of another method for generating a first digital signature according to an embodiment of this disclosure;

[0093] Figure 11 is a schematic diagram of the structure of an AIoT communication device provided in an embodiment of this disclosure;

[0094] Figure 12 is a schematic diagram of another AIoT communication device provided in an embodiment of this disclosure;

[0095] Figure 13 is a schematic diagram of the structure of another AIoT communication device provided in an embodiment of this disclosure. Detailed Implementation

[0096] To make the objectives, technical solutions, and advantages of the embodiments of this disclosure clearer, the technical solutions of the embodiments of this disclosure will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of this disclosure, and not all embodiments. Based on the embodiments of this disclosure, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of this disclosure.

[0097] In this disclosure, "at least one item" means one item or more items. "More than one item" means two items or more.

[0098] The descriptions of "first," "second," "third," "fourth," etc., appearing in this disclosure are for illustrative purposes and to distinguish the objects being described. They do not indicate any order and do not imply a specific limitation on the number of objects in the embodiments of this disclosure, nor do they constitute any limitation on the embodiments of this disclosure. For example, "first digital signature," "second digital signature," "third digital signature," and "fourth digital signature" are only used to distinguish different digital signatures and do not indicate any difference in priority or importance of these four digital signatures.

[0099] In this disclosure, terms such as “exemplary,” “in some embodiments,” and “in other embodiments” are used to indicate that something is an example, illustration, or description. Any embodiment or design described as “exemplary” in this disclosure should not be construed as being more preferred or advantageous than other embodiments or designs. Rather, the term “exemplary” is used to present concepts in a specific manner.

[0100] To explain this disclosure more clearly, the relevant technologies involved in this disclosure will be introduced first below.

[0101] 1. AIoT devices

[0102] AIoT devices (also known as environmental energy IoT devices) have little or no energy storage capacity and can obtain energy from the environment through wind, light, pressure, wireless signals, etc. They are characterized by low power consumption, low cost and low complexity.

[0103] The 3rd Generation Partnership Project (3GPP) categorizes AIoT devices into three types based on whether they possess energy storage capabilities and the ability to independently generate signals:

[0104] Type A: This type of AIoT device has energy storage capabilities but no independent signal generation capabilities. It can transmit signals through backscattering.

[0105] Type B: This type of AIoT device has energy storage capabilities but no independent signal generation capabilities. It can transmit signals via backscattering, and the stored energy can be used to amplify the power of the backscattered signal.

[0106] Type C: This type of AIoT device has energy storage capabilities, the ability to generate signals independently, and can be used as a radio frequency device for signal transmission.

[0107] 2. Certificate

[0108] An X.509 certificate is a digital certificate conforming to the X.509 standard, used to verify the identity of entities in network communications. The structure of an X.509 certificate, as shown in Figure 1, includes the certificate version number, serial number, signature algorithm, issuer name, validity period, subject name, subject public key, issuer unique identifier, subject unique identifier, extensions, certificate authority (CA) signature algorithm identifier, and CA signature value.

[0109] To better understand the methods provided in the embodiments of this disclosure, the network architecture of the embodiments of this disclosure will be described first.

[0110] Figure 2A is a schematic diagram of a network architecture provided by an embodiment of this disclosure. As shown in Figure 2A, it includes an AIoT device, a first device, and a second device, and the three devices can communicate with each other.

[0111] Figure 2B is a schematic diagram of another network architecture provided by an embodiment of this disclosure. As shown in Figure 2B, it includes an AIoT device, a first device, and a second device, wherein the first device and the second device belong to the same network.

[0112] The first device has an authentication function that can authenticate the identity of AIoT devices. The first device can be a network element that manages or controls AIoT services (such as an AIoT function (AIoTF) network element) or other network elements that support AIoT services (such as terminals, base stations, readers, network exposure function (NEF) network elements, access and mobility management function (AMF) network elements, service management function (SMF) network elements, and user plane function (UPF) network elements).

[0113] The second device can be a third-party device (such as an application function (AF) network element), and the third party can be a CA, a device manufacturer (such as a manufacturer of AIoT devices), or an operator.

[0114] To address the problems in the background art, this disclosure provides an AIoT communication method in which an AIoT device carries a first digital signature while sending AIoT service information to a first device. The first device can verify the first digital signature based on the AIoT service information and the public key of the AIoT device to confirm that the AIoT service information was sent by the AIoT device, thus ensuring the authenticity of the AIoT service information and preventing the AIoT device from denying the AIoT service information it provides.

[0115] The technical solutions disclosed herein will now be described in detail through specific embodiments. It should be noted that the following embodiments may exist independently or in combination with each other; for identical or similar content, the description will not be repeated in different embodiments.

[0116] Figure 3 is a flowchart illustrating the AIoT communication method provided in this embodiment of the present disclosure. As shown in Figure 3, the method includes:

[0117] S301. The AIoT device sends first information and a first digital signature to the first device. The first digital signature is generated based on the first information and the private key of the AIoT device. The first information is encrypted or unencrypted first AIoT business information.

[0118] Accordingly, the first device receives the first information and the first digital signature sent by the AIoT device.

[0119] The first digital signature can be generated by an AIoT device based on the first information and the AIoT device's private key. For example, the AIoT device can process the first information using a signature algorithm to obtain a first message digest, and then encrypt the first message digest using the AIoT device's private key to obtain the first digital signature. The signature algorithm can be a hash algorithm, elliptic curve algorithm, asymmetric encryption algorithm (RSA algorithm), lattice-based algorithm, etc. Processing can refer to computation or transformation.

[0120] The first AIoT service information can be information actively sent by the AIoT device to the first device, or it can be response information sent by the AIoT device to the first device based on a request from the first device.

[0121] In one possible implementation, the first AIoT service information may include at least one of the following:

[0122] (1) AIoT business execution results.

[0123] For example, the result of AIoT service execution can be at least one of temperature, weight, pressure, and humidity. That is, the AIoT device can report at least one of the temperature, humidity, and pressure of the environment in which the AIoT device is located to the first device, or the AIoT device can report at least one of the temperature, weight, humidity, and pressure measured by the AIoT device to the first device.

[0124] (2) Identification of AIoT devices.

[0125] (3) First synchronization information.

[0126] The first synchronization information can be used to align the business progress between the AIoT device and the first device.

[0127] In one possible implementation, the first synchronization information may include at least one of the following: event information related to the AIoT service, time information related to the AIoT service, and a first sequence number.

[0128] It should be noted that the first synchronization information mentioned above includes event information related to AIoT services, time information related to AIoT services, first serial number, event information related to AIoT services and time information related to AIoT services, event information related to AIoT services and first serial number, time information related to AIoT services and first serial number, and event information related to AIoT services, time information related to AIoT services and first serial number, etc.

[0129] Event information related to AIoT services includes the number of times AIoT services are executed as recorded by AIoT devices, such as the number of inventory entries or the number of commands.

[0130] Time information related to AIoT services can be timestamps. For example, a timestamp can refer to the number of seconds or milliseconds elapsed from the start point of Universal Time Coordinated (UTC) (such as January 1, 1900, 00:00:00) to the acquisition of the first AIoT service information.

[0131] The first serial number can be determined based on event information related to the AIoT service or time information related to the AIoT service. For example, the first serial number can be calculated based on the current inventory count or timestamp of the AIoT device; the calculation method can be pre-configured by the second device or the first device.

[0132] (4) First instruction information.

[0133] The first indication information is used to indicate the AIoT service type, which may include inventory or instructions such as read, write, enable, disable, etc.

[0134] (5) Second instruction information.

[0135] The second indication information is used to indicate the AIoT service identifier. The AIoT service identifier can be used to indicate AIoT services associated with different first devices, or it can indicate different AIoT services associated with the same first device.

[0136] (6) Identification of the first device.

[0137] For example, the identifier of the first device can be a public land mobile network (PLMN) identifier (ID).

[0138] It should be noted that the first AIoT service information includes at least one of the following: AIoT service execution result, AIoT device identifier, first synchronization information, first instruction information, second instruction information, and first device identifier. The first AIoT service information in the above description may include AIoT service execution result, AIoT device identifier, first synchronization information, first instruction information, second instruction information, first device identifier, AIoT service execution result and AIoT device identifier, AIoT service execution result and first synchronization information, AIoT device identifier and first synchronization information, and AIoT service execution result, AIoT device identifier and first synchronization information, etc.

[0139] To make it easier to understand, the first piece of information will be explained in three different ways.

[0140] (1) The first information is the unencrypted first AIoT business information, that is, the first information is the first AIoT business information itself.

[0141] (2) The first information is the information obtained after the first AIoT business information is encrypted as a whole.

[0142] For example, the first information can be generated based on the first AIoT service information and the public key of the first device. That is, the AIoT device can use the public key of the first device to encrypt the first AIoT service information to obtain the first information.

[0143] (3) The first information is the information obtained after the first AIoT business information part is encrypted.

[0144] In this case, the first information includes ciphertext and plaintext. The ciphertext is generated based on some information in the first AIoT business information and the public key of the first device, while the plaintext is the other information in the first AIoT business information besides the ciphertext.

[0145] That is, the AIoT device can use the public key of the first device to encrypt part of the information in the first AIoT business information to obtain ciphertext, and then combine the ciphertext and the other information in the first AIoT business information except for the part of the information to form the first information.

[0146] For example, some information may include the identifier of the AIoT device. By encrypting the identifier of the AIoT device, the privacy and security of the AIoT device can be protected during business interactions.

[0147] In another example, some information may include any one of the following: first synchronization information, AIoT service execution result, first instruction information, second instruction information, and the identifier of the first device, as well as the identifier of the AIoT device; or some information may include any two of the following: first synchronization information, AIoT service execution result, first instruction information, second instruction information, and the identifier of the first device, as well as the identifier of the AIoT device; or some information may include any three of the following: first synchronization information, AIoT service execution result, first instruction information, second instruction information, and the identifier of the first device, as well as the identifier of the AIoT device; or some information may include any four of the following: first synchronization information, AIoT service execution result, first instruction information, second instruction information, and the identifier of the first device, as well as the identifier of the AIoT device.

[0148] In one possible implementation, the first information and the first digital signature can be carried in the AIoT service response message.

[0149] S302, The first device obtains the public key of the AIoT device.

[0150] The first device can obtain the public key of the AIoT device from the AIoT device, or from the second device, or from itself, or from other network elements belonging to the same network as the first device (such as network elements storing AIoT device subscription information).

[0151] In one possible implementation, the public key of the AIoT device can be carried in a first certificate, the holder of which is the AIoT device. This first certificate can be pre-configured in the AIoT device, or it can be stored in a second device, the first device, or another network element belonging to the same network as the first device.

[0152] S303. The first device verifies the first digital signature based on the public key of the AIoT device and the first information.

[0153] For example, the first device can process the first information using the same signature algorithm as the AIoT device to obtain a second message digest; it then decrypts the first digital signature using the AIoT device's public key to obtain the first message digest generated by the AIoT device. If the second message digest is the same as the first message digest, the verification is successful, meaning the first information has not been tampered with. If ciphertext exists in the first information, further verification can be performed by decrypting the ciphertext and verifying whether the information in the ciphertext is consistent with the information maintained by the first device. If the information in the ciphertext is inconsistent with the information maintained by the first device, the verification fails.

[0154] In the embodiment shown in Figure 3, the authenticity of AIoT service information can be guaranteed by adding a first digital signature, thus preventing AIoT devices from denying the AIoT service information they provide.

[0155] Based on the embodiment shown in Figure 3, the communication method of this disclosure will be described below with reference to Figure 4.

[0156] Figure 4 is a schematic flowchart of the AIoT communication method provided in this embodiment of the present disclosure. As shown in Figure 4, the method includes:

[0157] S401. The AIoT device sends first information and a first digital signature to the first device. The first digital signature is generated based on the first information and the private key of the AIoT device. The first information is encrypted or unencrypted first AIoT business information.

[0158] It should be noted that the execution process of S401 can be found in the execution process of S301, and will not be repeated here.

[0159] S402, The AIoT device sends its public key to the first device.

[0160] Accordingly, the first device receives the public key of the AIoT device sent by the AIoT device.

[0161] In one possible implementation, the AIoT device can send its public key to the first device in the following manner:

[0162] Send a first certificate, which includes a second digital signature and second information, the second information including the public key of the AIoT device; wherein the holder of the first certificate is the AIoT device, and the second digital signature is generated based on the second information and the private key of the second device.

[0163] The first certificate can be generated by the second device (i.e., the first certificate is generated by a third party). The second device can generate a second digital signature based on the second information and the private key of the second device. The second digital signature and the second information are then combined to obtain the first certificate. The method for generating the second digital signature can refer to the method for generating the first digital signature, and will not be repeated here.

[0164] When the third party is a CA, the second digital signature is a CA signature.

[0165] In one possible implementation, the second information may further include at least one of the following: a first algorithm, validity information of the first certificate, the identifier of the AIoT device, the identifier of the second device, and the certificate number of the first certificate; wherein the first algorithm is an algorithm related to the public key of the AIoT device.

[0166] It should be noted that the second information in the above description may also include the first algorithm, the validity information of the first certificate, the identifier of the AIoT device, the identifier of the second device, the certificate number of the first certificate, the validity information of the first algorithm and the first certificate, the identifier of the first algorithm and the AIoT device, the identifier of the first algorithm and the second device, the certificate number of the first algorithm and the first certificate, the validity information of the first certificate, and the identifier of the first algorithm and the AIoT device.

[0167] In one possible implementation, the validity information of the first certificate includes at least one of the following: the validity period of the first certificate, a first value, and a second value; wherein the first value indicates the maximum number of times the public key of the AIoT device can be used, and the second value indicates the maximum number of times the AIoT service can be operated.

[0168] It should be noted that the valid information of the first certificate in the above description includes the validity period of the first certificate, the first value, the second value, the validity period and the first value of the first certificate, the validity period and the second value of the first certificate, the first value and the second value, and the validity period, the first value and the second value of the first certificate, etc.

[0169] For example, as shown in Figure 5, the first certificate includes second information and the certificate issuer's signature (i.e., the second digital signature). The second information includes the certificate number, certificate validity information, certificate holder ID (i.e., the identifier of the AIoT device), certificate holder signature algorithm, certificate holder public key (i.e., the public key of the AIoT device), certificate issuer ID (i.e., the identifier of the second device), and certificate issuer signature algorithm.

[0170] S403. The first device verifies the first digital signature based on the public key of the AIoT device and the first information.

[0171] It should be noted that the execution process of S403 can be found in S303, and will not be repeated here.

[0172] The beneficial effects of the embodiment shown in Figure 4 are the same as those of the embodiment shown in Figure 3, and will not be repeated here.

[0173] Figure 6 is a flowchart illustrating the AIoT communication method provided in this embodiment of the present disclosure. As shown in Figure 6, the method includes:

[0174] S601, the first device sends third information to the AIoT device. The third information includes second AIoT service information, second synchronization information, and third digital signature. The third digital signature is generated based on the second AIoT service information, the second synchronization information, and the private key of the first device.

[0175] Correspondingly, the AIoT device receives the third information sent by the first device.

[0176] The second AIoT service information can be used to instruct AIoT devices to execute corresponding AIoT services. For example, if the AIoT service is a data storage service, the second AIoT service information is data storage service information, which may include data storage commands, identifiers of data storage objects, etc. If the AIoT service is an instruction service, the second AIoT service information is instruction service information, which may include instruction commands, identifiers of instruction objects, etc.

[0177] The second synchronization information can be used to align the business progress between the first device and the AIoT device.

[0178] In one possible implementation, the second synchronization information may include at least one of the following: event information related to the AIoT service, time information related to the AIoT service, and a second sequence number.

[0179] Event information related to AIoT services may include the number of times the first device records the execution of AIoT services, such as the number of inventory entries or commands. Time information related to AIoT services can be a timestamp. For example, a timestamp could refer to the number of seconds or milliseconds elapsed from the start of UTC to the acquisition of the second AIoT service information.

[0180] The second serial number can be determined based on event information related to AIoT services or time information related to AIoT services. For example, it can be calculated based on the current inventory count or timestamp of the first device to obtain the second serial number; the calculation method can be pre-configured by the second device or determined by the first device itself.

[0181] The third digital signature is generated by the first device based on the second AIoT business information, the second synchronization information, and the first device's private key. The generation method of the third digital signature can refer to the generation method of the first digital signature, and will not be repeated here.

[0182] In one possible implementation, the third information may further include a second certificate, the holder of which is the first device.

[0183] In addition to sending the second certificate to the AIoT device via third-party information, the first device can also send the second certificate to the AIoT device independently. Besides obtaining the second certificate through the aforementioned two methods, the AIoT device can also obtain the second certificate from its own key-related information.

[0184] In one possible implementation, the second certificate includes fourth information and a fourth digital signature, the fourth digital signature being generated based on the fourth information and the private key of the second device, the fourth information including the public key of the first device.

[0185] The second certificate can be generated by the second device (i.e., the second certificate is generated by a third party). The second device can generate a fourth digital signature based on the fourth information and the second device's private key, and then combine the fourth digital signature and the fourth information to obtain the second certificate. The generation method of the fourth digital signature can refer to the generation method of the first digital signature, and will not be repeated here. After generating the second certificate, the second device can send the second certificate to the first device or configure the second certificate for the AIoT device.

[0186] When the third party is a CA, the fourth digital signature is a CA signature.

[0187] In one possible implementation, the fourth information may further include at least one of the following: a second algorithm, validity information of the second certificate, the identifier of the first device, the identifier of the second device, and the certificate number of the second certificate; wherein the second algorithm is an algorithm associated with the public key of the first device.

[0188] It should be noted that the fourth information in the above description also includes the second algorithm, the validity information of the second certificate, the identifier of the first device, the identifier of the second device, the certificate number of the second certificate, the validity information of the second algorithm and the second certificate, the identifier of the first device and the identifier of the second device, the identifier of the second device and the certificate number of the second certificate, as well as the second algorithm, the validity information of the second certificate, the identifier of the first device and the identifier of the second device, etc.

[0189] In one possible implementation, the validity information of the second certificate includes at least one of the following: the validity period of the second certificate, a third value, and a second value; wherein the third value indicates the maximum number of times the public key of the first device can be used, and the second value indicates the maximum number of times the AIoT service can be operated.

[0190] It should be noted that the valid information of the second certificate in the above description includes the validity period of the second certificate, the third value, the second value, the validity period and the third value of the second certificate, the validity period and the second value of the second certificate, the second value and the third value, and the validity period, the third value and the second value of the second certificate.

[0191] S602. AIoT devices execute AIoT services based on third-party information.

[0192] Third information can be carried in AIoT service requests.

[0193] After receiving third-party information, AIoT devices need to verify the third-party information. The specific verification methods are as follows:

[0194] If the second certificate is included in the third information, the second certificate is verified using the public key of the second device. If the second certificate is not included in the third information, the system checks if the second certificate is stored locally and verifies it based on its validity period. If the second certificate verification fails, the third information is discarded. If the second certificate verification succeeds, the third digital signature is verified using the public key of the first device in the second certificate. If the third digital signature verification fails, the third information is discarded. If the third digital signature verification succeeds, the system further verifies whether the second synchronization information carried in the third information matches the synchronization information maintained by the AIoT device itself. If the second synchronization information carried in the third information does not match the synchronization information maintained by the AIoT device itself, the second AIoT service information and the second synchronization information are discarded, or the third information is discarded. If the second synchronization information carried in the third information matches the synchronization information maintained by the AIoT device itself, it indicates that the third information is authentic. The AIoT device will consider the sender of the third information as a trusted device and execute the AIoT service indicated in the second AIoT service information.

[0195] The following two examples illustrate how to verify third information using second synchronization information.

[0196] Example 1: The second synchronization information is the number of inventory entries.

[0197] If the number of inventory entries received by the AIoT device is less than the number of inventory entries stored locally by the AIoT device, the third information is discarded, or the second AIoT business information and the second synchronization information are discarded; if the number of inventory entries received by the AIoT device is equal to the number of inventory entries stored locally by the AIoT device, the verification of the third information is successful.

[0198] The inventory count can refer to the number of successful inventory operations. When an inventory operation is successfully performed, for example, when the AIoT device successfully sends an inventory response message, the AIoT device increments the locally stored successful inventory count by 1. Conversely, when an inventory operation is successfully performed, for example, when the first device successfully receives an inventory response message, the first device increments its locally stored successful inventory count by 1.

[0199] Example 2: The second synchronization information is a timestamp.

[0200] If the difference between the timestamp received by the AIoT device and the timestamp maintained locally by the AIoT device is greater than or equal to a preset time threshold, the third information is discarded, or the second AIoT business information and the second synchronization information are discarded; if the difference between the timestamp received by the AIoT device and the timestamp maintained locally by the AIoT device is less than the preset time threshold, the verification of the third information is successful.

[0201] The preset time threshold can be pre-configured in the AIoT device. The timestamp maintained locally by the AIoT device can be obtained from the AIoT device itself or from the Global Positioning System (GPS).

[0202] It should be noted that after receiving the second certificate, the AIoT device needs to verify the second certificate using the public key of the second device. In response to the successful verification of the second certificate, the device can either save the second certificate locally or first check whether a valid second certificate exists locally. If no valid second certificate exists locally, the verified second certificate can be saved.

[0203] When saving a certificate, if the certificate number is different from the previously saved certificate number, a second synchronization information can be provided. For example, the number of successful saves can be initialized to 0; or the first device can send a value to the AIoT device, and the AIoT device can set the number of successful saves stored locally on the AIoT device to the value sent by the first device.

[0204] After executing an AIoT service, the AIoT device can generate first AIoT service information. Based on the first AIoT service information, the AIoT device can generate first information and a first digital signature, and then execute S603.

[0205] S603. The AIoT device sends first information and a first digital signature to the first device. The first digital signature is generated based on the first information and the private key of the AIoT device. The first information is encrypted or unencrypted first AIoT business information.

[0206] S604, The first device obtains the public key of the AIoT device.

[0207] S605. The first device verifies the first digital signature based on the public key of the AIoT device and the first information.

[0208] It should be noted that the execution process of S603 to S605 can be referred to the execution process of S301 to S303, and will not be repeated here.

[0209] In the embodiment shown in Figure 6, the AIoT device can execute AIoT services based on the request of the first device, and generate and send first information and first digital signature after executing the AIoT services to ensure the authenticity of the AIoT service information.

[0210] Based on the embodiment shown in Figure 6, the following describes in detail, with reference to Figure 7, how the first device obtains the second certificate.

[0211] Figure 7 is a flowchart illustrating the AIoT communication method provided in this embodiment of the present disclosure. As shown in Figure 7, the method includes:

[0212] S701, the first device obtains the fifth information, which includes the public key and related algorithm of the first device, and the private key and related algorithm of the first device.

[0213] In one possible implementation, the fifth information may also include the validity information of the second certificate.

[0214] The first device can determine the fifth information itself, or it can receive the fifth information from other devices (such as the second device or other devices belonging to the same network as the first device).

[0215] If the first device receives the fifth information from the second device, the first device may not execute S702.

[0216] S702, the first device sends a sixth message to the second device. The sixth message is used to request a second certificate, and the holder of the second certificate is the first device.

[0217] Correspondingly, the second device receives the sixth message sent by the first device.

[0218] For example, the interface for requesting a second certificate can be the interface between AIoTF and AF.

[0219] In one possible implementation, the sixth information may include the identifier of the first device, the public key of the first device, and related algorithms. If the first device has determined the validity information of the second certificate, the sixth information may also include the validity information of the second certificate.

[0220] After receiving the sixth message, the second device can use its own private key and related algorithms to sign the fourth message, obtain the fourth digital signature, and combine the fourth digital signature and the fourth message to obtain the second certificate, and execute S703.

[0221] S703, The second device sends the second certificate to the first device.

[0222] Correspondingly, the first device receives the second certificate sent by the second device.

[0223] The embodiment shown in Figure 7 illustrates how the second device obtains the second certificate.

[0224] It should be noted that before performing the above operations, the AIoT device can also obtain key-related information, including the AIoT device's private key and related algorithms, and the second device's public key and related algorithms. The AIoT device can obtain key-related information from itself; in this case, the key-related information may be pre-configured by the first or second device to the AIoT device. Alternatively, the AIoT device can receive key-related information from the first or second device.

[0225] To facilitate understanding, specific examples are given below with reference to Figure 8 to illustrate the method of this disclosure.

[0226] Figure 8 is a flowchart illustrating the AIoT communication method provided in this embodiment of the present disclosure. As shown in Figure 8, the method includes:

[0227] S801. The AIoT device obtains key-related information, including the AIoT device's private key and related algorithms, and the second device's public key and related algorithms.

[0228] Key-related information can be pre-configured to AIoT devices by a second device.

[0229] In one possible implementation, the key-related information may also include a second certificate.

[0230] The second certificate includes fourth information and a fourth digital signature. The fourth digital signature is obtained by the second device signing the fourth information using its private key. The fourth information includes the first device's public key. Other details regarding the fourth information can be found in the specific description in S601, and will not be repeated here.

[0231] After obtaining the second certificate, the AIoT device needs to verify the second certificate using the public key of the second device. In response to the successful verification of the second certificate, the second certificate can be saved locally, or the device can first check whether a valid second certificate exists locally. If no valid second certificate exists locally, the verified second certificate can be saved.

[0232] S802, the first device obtains the fifth information, which includes the first device's public key and related algorithm, and the first device's private key and related algorithm.

[0233] S803. The first device sends a sixth message to the second device. The sixth message is used to request a second certificate, and the holder of the second certificate is the first device.

[0234] S804, The second device sends the second certificate to the first device.

[0235] It should be noted that the execution process of S802 to S804 can be found in the execution process of S701 to S703, and will not be repeated here.

[0236] If the second certificate is not included in the key-related information, the first device can execute S805.

[0237] If the key-related information includes a second certificate, the first device can also perform S805, for example, to update the second certificate.

[0238] S805, The first device sends the second certificate to the AIoT device.

[0239] S806. The first device sends an AIoT service request message to the AIoT device. The AIoT service request message includes third information.

[0240] The relevant content of the third information can be found in S601, and will not be repeated here.

[0241] If the key-related information does not include the second certificate, and the first device does not send the second certificate separately to the AIoT device, the third information may also include the second certificate.

[0242] S807: AIoT devices execute AIoT services based on AIoT service request messages.

[0243] If the AIoT service request message carries a second certificate, the second certificate is verified using the public key of the second device. If the AIoT service request message does not carry a second certificate, the system checks if the second certificate is stored locally and verifies it based on its validity period. If the second certificate verification fails, the AIoT service request message is discarded. If the second certificate verification succeeds, the system uses the public key of the first device in the second certificate to verify the third digital signature. If the third digital signature verification fails, the AIoT service request message is discarded. If the third digital signature verification succeeds, the system further verifies whether the second synchronization information carried in the third information matches the synchronization information maintained by the AIoT device itself. If the second synchronization information carried in the third information does not match the synchronization information maintained by the AIoT device itself, the second AIoT service information and the second synchronization information are discarded, or the AIoT service request message is discarded. If the second synchronization information carried in the third information matches the synchronization information maintained by the AIoT device itself, the AIoT service request message is determined to be authentic. The AIoT device will then consider the sender of the AIoT service request message as a trusted device and execute the AIoT service requested in the message.

[0244] After executing an AIoT service, the AIoT device can generate first AIoT service information. Based on the first AIoT service information, the AIoT device can generate first information and a first digital signature, and then execute S808.

[0245] S808, the AIoT device sends first information and first digital signature to the first device. The first digital signature is generated based on the first information and the private key of the AIoT device. The first information is encrypted or unencrypted first AIoT business information.

[0246] S809, The first device obtains the public key of the AIoT device.

[0247] S810, The first device verifies the first digital signature based on the public key of the AIoT device and the first information.

[0248] It should be noted that the execution process of S808 to S810 can be referred to the execution process of S301 to S303, and will not be repeated here.

[0249] To facilitate understanding, a specific example is provided below to illustrate how an AIoT device generates a first digital signature. In the following example, the first AIoT service information includes the AIoT device's identifier, first synchronization information, AIoT service execution result, first instruction information, second instruction information, and the first device's identifier.

[0250] Example 1

[0251] As shown in Figure 9, the AIoT device can use the public key of the first device to encrypt the identifier of the AIoT device and the first synchronization information. The algorithm used is the public key encryption algorithm of the first device, resulting in ciphertext 1. Ciphertext 1 and other information in the first AIoT service information other than the identifier of the AIoT device and the first synchronization information (i.e., the AIoT service execution result, the first instruction information, the second instruction information, and the identifier of the first device) constitute the first information. The AIoT device uses the private key of the AIoT device to sign the first information. The algorithm used is the private key signature algorithm of the AIoT device, resulting in the first digital signature.

[0252] Regarding the first digital signature obtained in Figure 9, the first device can verify the first digital signature in the following way: Based on the first information, the first device determines the public key of the AIoT device, uses the public key of the AIoT device to perform a signature verification operation on the first digital signature, and uses the AIoT device public key signature verification algorithm to obtain ciphertext 1 and other information (i.e., AIoT business execution result, first instruction information, second instruction information, and the identifier of the first device); uses the private key of the first device to decrypt ciphertext 1, and uses the private key decryption algorithm of the first device to obtain the identifier of the AIoT device and the first synchronization information; if the first synchronization information does not match the synchronization information maintained by the first device, the first information and the first digital signature are discarded.

[0253] The method of verifying the first information and the first digital signature using the first synchronization information can be referenced to the method of verifying the third information using the second synchronization information, and will not be elaborated here.

[0254] Example 2

[0255] As shown in Figure 10, the AIoT device can use the public key of the first device to encrypt the identifier of the AIoT device, using the first device's public key encryption algorithm to obtain ciphertext 1; ciphertext 1 and other information in the first AIoT service information other than the identifier of the AIoT device (i.e., the first synchronization information, the AIoT service execution result, the first instruction information, the second instruction information, and the identifier of the first device) constitute the first information; the AIoT device uses its private key to sign the first information, using the AIoT device's private key signature algorithm to obtain the first digital signature.

[0256] The method for verifying the first digital signature can be referred to in Example 1, and will not be repeated here.

[0257] Example 3

[0258] The AIoT device can use the public key of the first device to encrypt the AIoT device's identifier, first synchronization information, and some other information (such as the AIoT service execution result), using the first device's public key encryption algorithm to obtain ciphertext 1; ciphertext 1 and other information in the first AIoT service information other than the AIoT device's identifier, first synchronization information, and some other information (i.e., first indication information, second indication information, and the first device's identifier) ​​constitute the first information; the AIoT device uses its private key to sign the first information, using the AIoT device's private key signature algorithm to obtain the first digital signature.

[0259] The method for verifying the first digital signature can be referred to in Example 1, and will not be repeated here.

[0260] Example 4

[0261] The AIoT device can use the public key of the first device to encrypt all the information in the first AIoT business information, using the public key encryption algorithm of the first device, to obtain ciphertext 1, which is the first information; the AIoT device uses the private key of the AIoT device to sign the first information, using the private key signing algorithm of the AIoT device, to obtain the first digital signature.

[0262] The method for verifying the first digital signature can be referred to in Example 1, and will not be repeated here.

[0263] Figure 11 is a schematic diagram of an AIoT communication device provided in an embodiment of this disclosure. As shown in Figure 11, the device 10 includes:

[0264] The sending module 11 is used to send first information and a first digital signature. The first digital signature is generated based on the first information and the private key of the AIoT device. The first information is encrypted or unencrypted first AIoT business information.

[0265] In one possible implementation, the first information is generated based on the first AIoT service information and the public key of the first device; or, the first information includes ciphertext and plaintext, where the ciphertext is generated based on a portion of the information in the first AIoT service information and the public key of the first device, and the plaintext is other information in the first AIoT service information besides the portion of the information.

[0266] Some of the information includes the identifiers of AIoT devices.

[0267] In one possible implementation, the first AIoT service information includes at least one of the following: AIoT service execution result, AIoT device identifier, first synchronization information, first indication information, second indication information, and first device identifier;

[0268] The first indication information is used to indicate the AIoT service type, and the second indication information is used to indicate the AIoT service identifier.

[0269] In one possible implementation, the first synchronization information includes at least one of the following: event information related to the AIoT service, time information related to the AIoT service, and a first sequence number;

[0270] Among them, the event information related to AIoT business includes the number of inventory counts or the number of instructions.

[0271] In one possible implementation, the sending module 11 is further configured to:

[0272] Send the public key of the AIoT device.

[0273] In one possible implementation, the sending module 11 is specifically used for:

[0274] Send a first certificate, which includes a second digital signature and second information, the second information including the public key of the AIoT device;

[0275] The holder of the first certificate is the AIoT device, and the second digital signature is generated based on the second information and the private key of the second device.

[0276] In one possible implementation, the second information further includes at least one of the following: a first algorithm, validity information of the first certificate, the identifier of the AIoT device, the identifier of the second device, and the certificate number of the first certificate;

[0277] The first algorithm is an algorithm related to the public key of AIoT devices.

[0278] In one possible implementation, the validity information of the first certificate includes at least one of the following: the validity period of the first certificate, a first value, and a second value;

[0279] The first value indicates the maximum number of times the public key of the AIoT device can be used, and the second value indicates the maximum number of times the AIoT service can be operated.

[0280] In one possible implementation, the device 10 further includes:

[0281] The receiving module 12 is used to receive third information, which includes second AIoT business information, second synchronization information, and third digital signature. The third digital signature is generated based on the second AIoT business information, second synchronization information, and the private key of the first device.

[0282] Processing module 13 is used to execute AIoT services based on third information.

[0283] In one possible implementation, the third information also includes a second certificate, the holder of which is the first device.

[0284] In one possible implementation, the receiving module 12 is further configured to:

[0285] Receive the second certificate, the holder of the second certificate is the first device.

[0286] In one possible implementation, the device 10 further includes:

[0287] The acquisition module 14 is used to acquire key-related information, including the private key and related algorithms of the AIoT device, and the public key and related algorithms of the second device.

[0288] In one possible implementation, the key-related information also includes a second certificate, the certificate holder of which is the first device.

[0289] In one possible implementation, the second certificate includes fourth information and a fourth digital signature, the fourth digital signature being generated based on the fourth information and the private key of the second device, the fourth information including the public key of the first device.

[0290] In one possible implementation, the fourth information further includes at least one of the following: the second algorithm, the validity information of the second certificate, the identifier of the first device, the identifier of the second device, and the certificate number of the second certificate;

[0291] The second algorithm is an algorithm related to the public key of the first device.

[0292] In one possible implementation, the validity information of the second certificate includes at least one of the following: the validity period of the second certificate, a third value, and a second value;

[0293] The third value indicates the maximum number of times the public key of the first device can be used, and the second value indicates the maximum number of operations of the AIoT service.

[0294] The AIoT communication device 10 can execute the steps performed by the AIoT device in the above method embodiments. Its implementation principle and beneficial effects are similar, and will not be described again here.

[0295] Figure 12 is a schematic diagram of another AIoT communication device provided in an embodiment of this disclosure. As shown in Figure 12, the device 20 includes:

[0296] The receiving module 21 is used to receive first information and a first digital signature. The first digital signature is generated based on the first information and the private key of the AIoT device. The first information is encrypted or unencrypted first AIoT business information.

[0297] Module 22 is used to obtain the public key of the AIoT device;

[0298] Verification module 23 is used to verify the first digital signature based on the public key of the AIoT device and the first information.

[0299] In one possible implementation, the first AIoT service information includes at least one of the following: AIoT service execution result, AIoT device identifier, first synchronization information, first indication information, second indication information, and first device identifier;

[0300] The first indication information is used to indicate the AIoT service type, and the second indication information is used to indicate the AIoT service identifier.

[0301] In one possible implementation, the first synchronization information includes at least one of the following: event information related to the AIoT service, time information related to the AIoT service, and a first sequence number;

[0302] Among them, the event information related to AIoT business includes the number of inventory counts or the number of instructions.

[0303] In one possible implementation, the acquisition module 22 is specifically used for:

[0304] Receive a first certificate, which includes a second digital signature and second information, the second information including the public key of the AIoT device;

[0305] The holder of the first certificate is the AIoT device, and the second digital signature is generated based on the second information and the private key of the second device.

[0306] In one possible implementation, the second information further includes at least one of the following: a first algorithm, validity information of the first certificate, the identifier of the AIoT device, the identifier of the second device, and the certificate number of the first certificate;

[0307] The first algorithm is an algorithm related to the public key of AIoT devices.

[0308] In one possible implementation, the validity information of the first certificate includes at least one of the following: the validity period of the first certificate, a first value, and a second value;

[0309] The first value indicates the maximum number of times the public key of the AIoT device can be used, and the second value indicates the maximum number of times the AIoT service can be operated.

[0310] In one possible implementation, the device 20 further includes:

[0311] The sending module 24 is used to send third information, which includes second AIoT business information, second synchronization information, and third digital signature. The third digital signature is generated based on the second AIoT business information, second synchronization information, and the private key of the first device.

[0312] In one possible implementation, the third information also includes a second certificate, the holder of which is the first device.

[0313] In one possible implementation, the sending module 24 is further configured to:

[0314] Send a second certificate, the holder of which is the first device.

[0315] In one possible implementation, the acquisition module 22 is further configured to: acquire fifth information, the fifth information including the public key and related algorithm of the first device, and the private key and related algorithm of the first device;

[0316] The sending module 24 is also used to send a sixth message, which is used to request a second certificate, and the holder of the second certificate is the first device;

[0317] The receiving module 21 is also used to receive a second certificate.

[0318] In one possible implementation, the second certificate includes fourth information and a fourth digital signature, the fourth digital signature being generated based on the fourth information and the private key of the second device, the fourth information including the public key of the first device.

[0319] In one possible implementation, the fourth information further includes at least one of the following: the second algorithm, the validity information of the second certificate, the identifier of the first device, the identifier of the second device, and the certificate number of the second certificate;

[0320] The second algorithm is an algorithm related to the public key of the first device.

[0321] In one possible implementation, the validity information of the second certificate includes at least one of the following: the validity period of the second certificate, a third value, and a second value;

[0322] The third value indicates the maximum number of times the public key of the first device can be used, and the second value indicates the maximum number of operations of the AIoT service.

[0323] In one possible implementation, the fifth information also includes the validity information of the second certificate;

[0324] The sixth piece of information includes: the identifier of the first device, the public key of the first device and related algorithms, and the validity information of the second certificate.

[0325] The AIoT communication device 20 can execute the steps performed by the first device in the above method embodiment. Its implementation principle and beneficial effects are similar, and will not be repeated here.

[0326] Figure 13 is a schematic diagram of another AIoT communication device provided in an embodiment of this disclosure. As shown in Figure 13, the device 30 may include a transceiver 31, a memory 32, and a processor 33. The transceiver 31 may include a transmitter and / or a receiver. The transmitter may also be referred to as a transmitter, transmitter, transmitting port, or transmitting interface, etc., and the receiver may also be referred to as a receiver, receiver, receiving port, or receiving interface, etc. Exemplarily, the transceiver 31, memory 32, and processor 33 are interconnected via a bus 34.

[0327] Memory 32 is used to store program instructions;

[0328] The processor 33 is used to execute the program instructions stored in the memory, so that the communication device 30 performs the steps performed by the AIoT device or the first device in the above method embodiment.

[0329] The transceiver 31 is used to perform the transmit and receive functions of the AIoT communication device 30 in the above-described AIoT communication method.

[0330] The AIoT communication device 30 can be a chip, module, integrated development environment (IDE), etc.

[0331] The AIoT communication device 30 can execute the steps executed by the AIoT device or the first device in the above method embodiments. The implementation principle and beneficial effects are similar, and will not be repeated here.

[0332] This disclosure provides a computer-readable storage medium storing computer-executable instructions, which, when executed by a computer, cause any of the above-described AIoT communication methods to be executed.

[0333] This disclosure also provides a computer program product that can be executed by a processor, such that when the computer program product is executed by a computer, the AIoT communication method described above is executed.

[0334] All embodiments of this disclosure can be executed individually or in combination with other embodiments, and are all considered to be within the scope of protection claimed by this disclosure.

[0335] All or part of the steps in the above-described method embodiments can be implemented by hardware related to program instructions. The aforementioned program can be stored in a readable memory. When the program is executed, it performs the steps of the above-described method embodiments; and the aforementioned memory (storage medium) includes: read-only memory (ROM), random access memory (RAM), flash memory, hard disk, solid-state drive, magnetic tape, floppy disk, optical disk, and any combination thereof.

[0336] This disclosure describes embodiments of methods, apparatus (systems), and computer program products according to embodiments of this disclosure with reference to flowchart illustrations and / or block diagrams. It will be understood that each block of the flowchart illustrations and / or block diagrams, and combinations of blocks in the flowchart illustrations and / or block diagrams, can be implemented by computer program instructions. These computer program instructions can be provided to a processing unit of a general-purpose computer, special-purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processing unit of the computer or other programmable data processing apparatus, create means for implementing the functions specified in one or more blocks of the flowchart illustrations and / or one or more blocks of the block diagrams.

[0337] These computer program instructions may also be stored in a computer-readable storage medium that can direct a computer or other programmable data processing device to function in a particular manner, such that the instructions stored in the computer-readable storage medium produce an article of manufacture including instruction means that implement the functions specified in one or more flowcharts and / or one or more block diagrams.

[0338] These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer-implemented process, such that the instructions, which execute on the computer or other programmable apparatus, provide steps for implementing the functions specified in one or more flowcharts and / or one or more block diagrams.

[0339] Obviously, those skilled in the art can make various modifications and variations to the embodiments of this disclosure without departing from the spirit and scope of this disclosure. Therefore, if these modifications and variations to the embodiments of this disclosure fall within the scope of the claims of this disclosure and their equivalents, this disclosure is also intended to include these modifications and variations.

Claims

1. An AIoT communication method, characterized in that, The method, applied to environmental IoT (AIoT) devices, includes: Send first information and a first digital signature, the first digital signature being generated based on the first information and the private key of the AIoT device, the first information being encrypted or unencrypted first AIoT business information.

2. The method according to claim 1, characterized in that, The first information is generated based on the first AIoT service information and the public key of the first device; or, the first information includes ciphertext and plaintext, wherein the ciphertext is generated based on a portion of the information in the first AIoT service information and the public key of the first device, and the plaintext is other information in the first AIoT service information besides the portion of information. The information includes the identifier of the AIoT device.

3. The method according to claim 1 or 2, characterized in that, The first AIoT service information includes at least one of the following: AIoT service execution result, the identifier of the AIoT device, first synchronization information, first indication information, second indication information, and the identifier of the first device; The first indication information is used to indicate the AIoT service type, and the second indication information is used to indicate the AIoT service identifier.

4. The method according to claim 3, characterized in that, The first synchronization information includes at least one of the following: event information related to AIoT services, time information related to AIoT services, and a first sequence number; The event information related to AIoT services includes the number of inventory entries or the number of instructions.

5. The method according to any one of claims 1-4, characterized in that, The method further includes: Send the public key of the AIoT device.

6. The method according to claim 5, characterized in that, Sending the public key of the AIoT device includes: Send a first certificate, the first certificate including a second digital signature and second information, the second information including the public key of the AIoT device; The holder of the first certificate is the AIoT device, and the second digital signature is generated based on the second information and the private key of the second device.

7. The method according to claim 6, characterized in that, The second information also includes at least one of the following: a first algorithm, validity information of the first certificate, the identifier of the AIoT device, the identifier of the second device, and the certificate number of the first certificate; The first algorithm is an algorithm related to the public key of the AIoT device.

8. The method according to claim 7, characterized in that, The validity information of the first certificate includes at least one of the following: the validity period of the first certificate, a first value, and a second value; Wherein, the first value indicates the maximum number of times the public key of the AIoT device can be used, and the second value indicates the maximum number of times the AIoT service can be operated.

9. The method according to any one of claims 1-8, characterized in that, The method further includes: Receive third information, the third information including second AIoT service information, second synchronization information, and third digital signature, the third digital signature being generated based on the second AIoT service information, the second synchronization information, and the private key of the first device; Based on the aforementioned third information, execute AIoT services.

10. The method according to claim 9, characterized in that, The third information also includes a second certificate, the holder of which is the first device.

11. The method according to any one of claims 1-9, characterized in that, The method further includes: Receive a second certificate, the holder of which is the first device.

12. The method according to any one of claims 1-9, characterized in that, The method further includes: Obtain key-related information, including the private key and related algorithms of the AIoT device, and the public key and related algorithms of the second device.

13. The method according to claim 12, characterized in that, The key-related information also includes a second certificate, the certificate holder of which is the first device.

14. The method according to claim 10, 11, or 13, characterized in that, The second certificate includes fourth information and a fourth digital signature, the fourth digital signature being generated based on the fourth information and the private key of the second device, the fourth information including the public key of the first device.

15. The method according to claim 14, characterized in that, The fourth information also includes at least one of the following: the second algorithm, the validity information of the second certificate, the identifier of the first device, the identifier of the second device, and the certificate number of the second certificate; The second algorithm is an algorithm related to the public key of the first device.

16. The method according to claim 15, characterized in that, The validity information of the second certificate includes at least one of the following: the validity period of the second certificate, the third value, and the second value; The third value indicates the maximum number of times the public key of the first device can be used, and the second value indicates the maximum number of times the AIoT service can be operated.

17. An AIoT communication method, characterized in that, The method, applied in a first device, includes: Receive first information and a first digital signature, wherein the first digital signature is generated based on the first information and the private key of the environmental Internet of Things (AIoT) device, and the first information is encrypted or unencrypted first AIoT business information; Obtain the public key of the AIoT device; The first digital signature is verified based on the public key of the AIoT device and the first information.

18. The method according to claim 17, characterized in that, The first AIoT service information includes at least one of the following: AIoT service execution result, the identifier of the AIoT device, first synchronization information, first indication information, second indication information, and the identifier of the first device; The first indication information is used to indicate the AIoT service type, and the second indication information is used to indicate the AIoT service identifier.

19. The method according to claim 17 or 18, characterized in that, Obtaining the public key of the AIoT device includes: Receive a first certificate, the first certificate including a second digital signature and second information, the second information including the public key of the AIoT device; The holder of the first certificate is the AIoT device, and the second digital signature is generated based on the second information and the private key of the second device.

20. The method according to any one of claims 17-19, characterized in that, The method further includes: Send a third message, which includes a second AIoT service message, a second synchronization message, and a third digital signature. The third digital signature is generated based on the second AIoT service message, the second synchronization message, and the private key of the first device.

21. The method according to claim 20, characterized in that, The third information also includes a second certificate, the holder of which is the first device.

22. The method according to any one of claims 17-20, characterized in that, The method further includes: Send a second certificate, the holder of which is the first device.

23. The method according to any one of claims 17-22, characterized in that, The method further includes: Obtain the fifth piece of information, which includes the public key and related algorithms of the first device, and the private key and related algorithms of the first device; Send a sixth message, which requests a second certificate, the holder of which is the first device; Receive the second certificate.

24. The method according to any one of claims 21-23, characterized in that, The second certificate includes the fourth information and the fourth digital signature, the fourth digital signature being generated based on the fourth information and the private key of the second device, the fourth information including the public key of the first device.

25. The method according to claim 23, characterized in that, The fifth piece of information also includes the validity information of the second certificate; The sixth piece of information includes: the identifier of the first device, the public key and related algorithm of the first device, and the validity information of the second certificate.

26. An AIoT communication device, characterized in that, The device, used in environmental IoT (AIoT) devices, includes: The sending module is used to send first information and a first digital signature, wherein the first digital signature is generated based on the first information and the private key of the AIoT device, and the first information is encrypted or unencrypted first AIoT business information.

27. An AIoT communication device, characterized in that, Applied in a first device, the device includes: A receiving module is used to receive first information and a first digital signature, wherein the first digital signature is generated based on the first information and the private key of the environmental Internet of Things (AIoT) device, and the first information is encrypted or unencrypted first AIoT business information. The acquisition module is used to acquire the public key of the AIoT device; The verification module is used to verify the first digital signature based on the public key of the AIoT device and the first information.

28. An AIoT communication device, characterized in that, include: Processor, memory; The memory stores computer-executed instructions; The processor executes computer execution instructions stored in the memory to implement the method as described in any one of claims 1-16, or the method as described in any one of claims 17-25.

29. A computer-readable storage medium, characterized in that, The computer-readable storage medium stores computer-executable instructions, which, in response to being executed by a computer, implement the method of any one of claims 1-16, or the method of any one of claims 17-25.

30. A computer program product, characterized in that, Includes a computer program that, when executed by a computer, implements the method of any one of claims 1-16, or the method of any one of claims 17-25.