Search

US-12621132-B2 - Cloud-edge collaboration method and system, apparatus, cloud platform, devices, and medium

US12621132B2US 12621132 B2US12621132 B2US 12621132B2US-12621132-B2

Abstract

A cloud-edge collaboration method is provided, a data transmission apparatus, a cloud platform, an edge device, a cloud-edge collaboration system, an electric device, and a computer readable medium. The cloud-edge collaboration method includes: receiving first information sent by an edge device, the first information at least comprising image feature information of an image to be recognized; determining whether a local feature library comprises reference feature information matching the image feature information; if the local feature library includes reference feature information matching the image feature information, generating a first determination result, and sending the first determination result to the edge device.

Inventors

  • Xitong Ma
  • Tao Li
  • Congrui Wu

Assignees

  • BOE TECHNOLOGY GROUP CO., LTD.

Dates

Publication Date
20260505
Application Date
20230103
Priority Date
20220127

Claims (17)

  1. 1 . A cloud edge collaboration method, which is applied to a security enhancement module, wherein the security enhancement module is connected to an edge device directly, the security enhancement module is connected to a cloud platform indirectly and the security enhancement module is connected to the cloud platform through the edge device, wherein the method comprises: receiving first information sent by the edge device, wherein the first information comprises at least image feature information of an image to be recognized; determining whether there is reference feature information that matches the image feature information in a local feature library; generating a first determination result and sending the first determination result to the edge device based on a determination that there is reference feature information that matches the image to be recognized in the local feature library; and based on a determination that there is no reference feature information that matches the image feature information in the local feature library, encrypting the first information to obtain a first information ciphertext, sending the first information ciphertext to the edge device, not sending the first information ciphertext to the cloud platform directly, and sending the first information ciphertext to the cloud platform through the edge device, for the cloud platform to determine, based on the first information ciphertext, whether there is reference feature information that matches the image feature information in a cloud feature library, wherein data transmission between the security enhancement module and the edge device is implemented through an application program interface (API), the application program interface is provided by a software development kit (SDK) corresponding to the security enhancement module; wherein an execution logic related to accessing sensitive data are not written into an interface function of the application program interface during setting the SDK, wherein after sending the first information ciphertext to the cloud platform through the edge device, the method further comprises: receiving a second determination result ciphertext sent by the edge device, not directly receiving the second determination result ciphertext from the cloud platform, the second determination result ciphertext is sent to the edge device by the cloud platform after the cloud platform encrypts a second determination result; the second determination result is a determination result of the cloud platform determining whether there is reference feature information that matches the image feature information in the cloud feature library; and decrypting the second determination result ciphertext to obtain the second determination result and sending the second determination result to the edge device.
  2. 2 . The method according to claim 1 , wherein before receiving the first information sent by the edge device, the method further comprises: performing key negotiation with the cloud platform to obtain a security key; encrypting the first information to obtain the first information ciphertext, comprises: encrypting the first information using the security key to obtain the first information ciphertext; and decrypting the second determination result ciphertext to obtain the second determination result, comprises: decrypting the second determination result ciphertext with the security key to obtain the second determination result.
  3. 3 . The method according to claim 2 , wherein performing key negotiation with the cloud platform comprises: receiving a security key ciphertext sent by the edge device, wherein the security key ciphertext is generated and sent to the edge device by the cloud platform after the cloud platform encrypts the security key with a private key of the cloud platform; and decrypting the security key ciphertext with a public key of the cloud platform to obtain the security key.
  4. 4 . The method according to claim 2 , wherein before performing key negotiation with the cloud platform, the method further comprises: receiving and storing a platform certificate generated by the cloud platform in response to a device registration request; and generating a module certificate based on the platform certificate in response to an authentication instruction sent by the edge device, and sending the module certificate to the edge device for the edge device to send the module certificate to the cloud platform for device authentication, wherein performing key negotiation with the cloud platform to obtain the security key comprises: performing key negotiation with the cloud platform to obtain the security key under a condition that the device authentication is passed.
  5. 5 . The method according to claim 1 , wherein determining whether there is reference feature information that matches the image feature information in the local feature library comprises: determining a similarity between the image feature information and each reference feature information in the local feature library; and determining whether a maximum value of all similarities is greater than or equal to a first preset threshold; if so, determining that there is reference feature information that matches the image feature information in the local feature library, and if not, determining that there is no reference feature information that matches the image feature information in the local feature library.
  6. 6 . The method according to claim 1 , wherein the edge device is connected with a plurality of image collection apparatuses, and the image feature information comprises: image feature information obtained by feature extraction of an image to be recognized collected by any of the image collection apparatuses, and the first information further comprises: a serial number of an image collection apparatus having collected the image to be recognized; in a case that there is reference feature information that matches the image to be recognized in the local feature library, the method further comprises: encrypting the first determination result and the serial number of the image collection apparatus corresponding to the image to be recognized to obtain a second information ciphertext, and sending the second information ciphertext to the cloud platform through the edge device.
  7. 7 . A cloud edge collaboration method, applied to a cloud platform, wherein the cloud platform is connected to an edge device directly, the cloud platform is connected to a security enhancement module indirectly and the cloud platform is connected to the security enhancement module through the edge device, wherein the method comprises: receiving a first information ciphertext sent by the edge device, not receiving the first information ciphertext directly from the security enhancement module, the first information ciphertext is generated and sent to the edge device by the security enhancement module after encrypting first information based on that the security enhancement module determines that there is no reference feature information that matches image feature information in a local feature library, and the first information at least comprises the image feature information; decrypting the first information ciphertext to obtain the first information; and determining whether there is reference feature information that matches the image feature information in a cloud feature library, wherein data transmission between the security enhancement module and the edge device is implemented through an application program interface (API), the application program interface is provided by a software development kit (SDK) corresponding to the security enhancement module; wherein an execution logic related to accessing sensitive data are not written into an interface function of the application program interface during setting the SDK, wherein after determining whether there is reference feature information that matches the image feature information in the cloud feature library, the method further comprises: encrypting a determination result to generate a second determination result ciphertext; and sending the second determination result ciphertext to the edge device to allow the edge device to send the received security enhancement module to the security enhancement module for the security enhancement module to decrypt the second determination result ciphertext and send the second determination result obtained after being decrypted to the edge device.
  8. 8 . The method according to claim 7 , wherein before receiving the first information ciphertext sent by the edge device, the method further comprises: in response to a key negotiation request sent by the edge device, encrypting a preset security key with a private key to generate a security key ciphertext; and sending the security key ciphertext to the security enhancement module through the edge device for the security enhancement module to decrypt the security key ciphertext, wherein a key used for decrypting the first information ciphertext is the security key.
  9. 9 . The method according to claim 8 , wherein before responding to the key negotiation request sent by the edge device, the method further comprises: generating a platform certificate in response to a device registration request sent by the edge device, and providing the platform certificate to the security enhancement module; receiving a module certificate sent by the security enhancement module through the edge device; and parsing the module certificate and performing device authentication according to a parsing result.
  10. 10 . The method according to claim 7 , wherein the method further comprises: receiving module status information sent by the edge device, the module status information is used to represent whether the security enhancement module is online or not.
  11. 11 . The method according to claim 7 , wherein determining whether there is reference feature information that matches the image feature information in the cloud feature library comprising: determining a similarity between the image feature information and each reference feature information in the cloud feature library; and determining whether a maximum value of all similarities is greater than or equal to a second preset threshold; if so, determining that there is reference feature information that matches the image feature information in the cloud feature library; if not, determining that there is no reference feature information that matches the image feature information in the cloud feature library.
  12. 12 . A cloud edge collaboration method, applied to an edge device, wherein the edge device is connected to a security enhancement module directly, the edge device is connected to a cloud platform directly, the security enhancement module is connected to the cloud platform indirectly and the security enhancement module is connected to the cloud platform through the edge device, wherein the method comprises: acquiring an image to be recognized, extracting features of the image to be recognized, and obtaining image feature information of the image to be recognized; sending first information comprising the image feature information to the security enhancement module for the security enhancement module to determine whether there is reference feature information that matches the image to be recognized in a local feature library; receiving a first determination result sent by the security enhancement module based on that the security enhancement module determines that there is reference feature information that matches the image to be recognized in the local feature library; and based on that the security enhancement module determines that there is no reference feature information that matches the image to be recognized in the local feature library, receiving a first information ciphertext sent by the security enhancement module, and transferring the first information ciphertext to the cloud platform for the cloud platform to determine, based on the first information ciphertext, whether there is reference feature information that matches the image feature information in a cloud feature library-, wherein after transferring the first information ciphertext to the cloud platform, the method further comprises: receiving a second determination result ciphertext sent by the cloud platform; wherein the second determination result ciphertext is generated by the cloud platform according to the determination result in a case that the cloud platform determines whether there is reference feature information that matches the image feature information in the cloud feature library; transferring the second determination result ciphertext to the security enhancement module; and receiving a second determination result sent by the security enhancement module; wherein the second determination result is obtained by decrypting the second determination result ciphertext by the security enhancement module.
  13. 13 . The method according to claim 12 , wherein before acquiring the image to be recognized, the method further comprises: sending a key negotiation request to the cloud platform; receiving a security key ciphertext sent by the cloud platform, wherein the security key ciphertext is generated by the cloud platform after the cloud platform responds to the key negotiation request and encrypts the security key with a private key of the cloud platform; and sending the security key ciphertext to the security enhancement module for the security enhancement module to decrypt the security key ciphertext with a public key of the cloud platform to obtain the security key, and the security key is used for encrypting the first information and decrypting the second determination result ciphertext.
  14. 14 . The method according to claim 13 , wherein before sending the key negotiation request to the cloud platform, the method further comprises: sending a device registration request to the cloud platform, the security enhancement module receives and stores a platform certificate generated by the cloud platform in response to the device registration request; sending an authentication instruction to the security enhancement module for the security enhancement module to generate a module certificate based on the platform certificate; and sending the module certificate received from the security enhancement module to the cloud platform for the cloud platform to perform device authentication.
  15. 15 . The method according to claim 12 , wherein the method further comprises: detecting a status of the security enhancement module in real time, and sending module status information to the cloud platform according to the status of the security enhancement module, and the module status information is used to represent whether the security enhancement mode is online or not.
  16. 16 . An electronic device, comprising: one or more processors; a memory having one or more programs stored thereon, which, when executed by the one or more processors, cause the one or more processors to implement the method of claim 1 ; one or more Input/Output (I/O) interfaces connected between the processors and the memory and configured to enable information interaction between the processors and the memory.
  17. 17 . A computer-readable non-transitory medium, stored thereon a computer program, when the computer program is executed by a processor, the method of claim 1 is implemented.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS The present application is a U.S. National Phase Entry of International Application No. PCT/CN2023/070036 having an international filing date of Jan. 3, 2023, which claims priority of Chinese Patent Application No. 202210100322.8, filed to the CNIPA on Jan. 27, 2022 and entitled “Cloud-Edge Collaboration Method and System, Apparatus, Cloud Platform, Devices, and Medium”. The above-identified applications are hereby incorporated by reference. TECHNICAL FIELD The present disclosure relates to the field of computer technologies, and particularly, to a cloud edge collaboration method, a data transmission apparatus, a cloud platform, an edge device, a cloud edge collaboration system, an electronic device and a computer readable medium. BACKGROUND With the evolution and maturity of Internet of Things, 5G, digital twinning, edge cloud computing, artificial intelligence and other technologies, the whole era is gradually advancing towards digitalization, networking and intelligence currently. The centralized data processing method centered on the cloud computing model is increasingly difficult to meet the data processing requirements generated by massive terminals, with the vigorous promotion of industrial Internet (IoT), the edge computing market is extremely hot while cloud-edge collaboration is also gradually moving from concept to maturity. SUMMARY In a first aspect, the present disclosure provides a cloud edge collaboration method, which is applied to a security enhancement module, wherein, the method includes: receiving first information sent by an edge device, wherein the first information includes at least image feature information of an image to be recognized; judging whether there is reference feature information that matches the image feature information in a local feature library; generating a first determination result and sending the first determination result to the edge device when there is reference feature information that matches the image to be recognized in the local feature library; when there is no reference feature information that matches the image feature information in the local feature library, encrypting the first information to obtain a first information ciphertext, and sending the first information ciphertext to a cloud platform through the edge device for the cloud platform to determine, based on the first information ciphertext, whether there is reference feature information that matches the image feature information in a cloud feature library. In some embodiments, after sending the first information ciphertext to the cloud platform through the edge device, the method further includes: receiving a second determination result ciphertext sent by the edge device, the second determination result ciphertext is sent to the edge device by the cloud platform after the cloud platform encrypts a second determination result; the second determination result is a determination result of the cloud platform judging whether there is reference feature information that matches the image feature information in the cloud feature library; decrypting the second determination result ciphertext to obtain the second determination result and sending the second determination result to the edge device. In some embodiments, before receiving the first information sent by the edge device, the method further includes: performing key negotiation with the cloud platform to obtain a security key; encrypting the first information to obtain the first information ciphertext, which specifically includes: encrypting the first information using the security key to obtain the first information ciphertext; decrypting the second determination result ciphertext to obtain the second determination result, which specifically includes: decrypting the second determination result ciphertext with the security key to obtain the second determination result. In some embodiments, performing key negotiation with the cloud platform specifically includes: receiving a security key ciphertext sent by the edge device, wherein, the security key ciphertext is generated and sent to the edge device by the cloud platform after the cloud platform encrypts the security key with its private key; decrypting the security key ciphertext with a public key of the cloud platform to obtain the security key. In some embodiments, before performing key negotiation with the cloud platform, the method further includes: receiving and storing a platform certificate generated by the cloud platform in response to a device registration request; generating a module certificate based on the platform certificate in response to an authentication instruction sent by the edge device, and sending the module certificate to the edge device for the edge device to send the module certificate to the cloud platform for device authentication; wherein, the performing key negotiation with the cloud platform to obtain a security key specifically