WO2024183048A1

WO2024183048A1 - Connection establishment method and apparatus

Info

Publication number: WO2024183048A1
Application number: PCT/CN2023/080444
Authority: WO
Inventors: 包永明; 茹昭; 吕小强
Original assignee: Guangdong Oppo Mobile Telecommunications Corp Ltd
Current assignee: Guangdong Oppo Mobile Telecommunications Corp Ltd
Priority date: 2023-03-09
Filing date: 2023-03-09
Publication date: 2024-09-12
Anticipated expiration: 2025-09-09
Also published as: CN120731587A

Abstract

Provided are a connection establishment method and apparatus. The method comprises: a client device establishing a connection with a server device on the basis of public network address information, the public network address information comprising public network address information of the client device and/or public network address information of the server device.

Description

Connection establishment method and device

Technical Field

本申请涉及通信技术领域，并且更为具体地，涉及一种连接建立的方法及装置。The present application relates to the field of communication technology, and more specifically, to a method and device for establishing a connection.

Background Art

物联网通信领域中，客户端设备与服务端设备可以基于建立的连接进行通信。但是，目前客户端设备与服务端设备之间的连接需要经过云平台，导致连接的复杂度较高。In the field of IoT communication, client devices and server devices can communicate based on the established connection. However, currently the connection between client devices and server devices needs to go through the cloud platform, resulting in high complexity of the connection.

发明内容Summary of the invention

本申请提供一种连接建立的方法及装置。下面对本申请涉及的各个方面进行介绍。The present application provides a method and device for establishing a connection. The following introduces various aspects of the present application.

第一方面，提供了一种连接建立的方法，包括：客户端设备基于公网地址信息，与服务端设备建立连接，所述公网地址信息包括所述客户端设备的公网地址信息和/或所述服务端设备的公网地址信息。In a first aspect, a method for establishing a connection is provided, comprising: a client device establishing a connection with a server device based on public network address information, wherein the public network address information includes the public network address information of the client device and/or the public network address information of the server device.

第二方面，提供了一种连接建立的方法，包括：配置设备向客户端设备发送服务端设备的公网地址信息，所述服务端设备的公网地址信息用于建立所述客户端设备和所述服务端设备之间的连接。In a second aspect, a method for establishing a connection is provided, comprising: configuring a device to send public network address information of a server device to a client device, wherein the public network address information of the server device is used to establish a connection between the client device and the server device.

第三方面，提供了一种连接建立的方法，包括：公网服务器设备发送服务端设备的公网地址信息，所述服务端设备的公网地址信息用于建立所述客户端设备和所述服务端设备之间的连接。In a third aspect, a method for establishing a connection is provided, comprising: a public network server device sends public network address information of a server device, and the public network address information of the server device is used to establish a connection between the client device and the server device.

第四方面，提供了一种连接建立的方法，包括：服务端设备基于公网地址信息，与客户端设备建立连接，所述公网地址信息包括所述客户端设备的公网地址信息和/或所述服务端设备的公网地址信息。In a fourth aspect, a method for establishing a connection is provided, comprising: a server device establishes a connection with a client device based on public network address information, wherein the public network address information includes the public network address information of the client device and/or the public network address information of the server device.

第五方面，提供一种客户端设备，包括存储器和处理器，所述存储器用于存储程序，所述处理器用于调用所述存储器中的程序，以执行如第一方面所述的方法。In a fifth aspect, a client device is provided, comprising a memory and a processor, wherein the memory is used to store programs, and the processor is used to call the programs in the memory to execute the method described in the first aspect.

第六方面，提供一种配置设备，包括存储器和处理器，所述存储器用于存储程序，所述处理器用于调用所述存储器中的程序，以执行第二方面所述的方法。In a sixth aspect, a configuration device is provided, comprising a memory and a processor, wherein the memory is used to store programs, and the processor is used to call the programs in the memory to execute the method described in the second aspect.

第七方面，提供一种公网服务器设备，包括存储器和处理器，所述存储器用于存储程序，所述处理器用于调用所述存储器中的程序，以执行如第三方面所述的方法。In a seventh aspect, a public network server device is provided, comprising a memory and a processor, wherein the memory is used to store programs, and the processor is used to call the programs in the memory to execute the method described in the third aspect.

第八方面，提供一种服务端设备，包括存储器和处理器，所述存储器用于存储程序，所述处理器用于调用所述存储器中的程序，以执行第四方面所述的方法。In an eighth aspect, a server device is provided, comprising a memory and a processor, wherein the memory is used to store programs, and the processor is used to call the programs in the memory to execute the method described in the fourth aspect.

第九方面，提供一种装置，包括处理器，用于从存储器中调用程序，以执行第一方面至第四方面中任一方面所述的方法。In a ninth aspect, a device is provided, comprising a processor, configured to call a program from a memory to execute the method described in any one of the first to fourth aspects.

第十方面，提供一种芯片，包括处理器，用于从存储器调用程序，使得安装有所述芯片的设备执行第一方面至第四方面中任一方面所述的方法。In a tenth aspect, a chip is provided, comprising a processor for calling a program from a memory so that a device equipped with the chip executes the method described in any one of the first to fourth aspects.

第十一方面，提供一种计算机可读存储介质，其上存储有程序，所述程序使得计算机执行第一方面至第四方面中任一方面所述的方法。In an eleventh aspect, a computer-readable storage medium is provided, on which a program is stored, wherein the program enables a computer to execute the method described in any one of the first to fourth aspects.

第十二方面，提供一种计算机程序产品，包括程序，所述程序使得计算机执行第一方面至第四方面中任一方面所述的方法。In a twelfth aspect, a computer program product is provided, comprising a program, wherein the program enables a computer to execute the method described in any one of the first to fourth aspects.

第十三方面，提供一种计算机程序，所述计算机程序使得计算机执行第一方面至第四方面中任一方面所述的方法。In a thirteenth aspect, a computer program is provided, wherein the computer program enables a computer to execute the method described in any one of the first to fourth aspects.

本申请通过客户端设备的公网地址信息和/或服务端设备的公网地址信息，建立客户端设备与服务端设备之间的连接，使得客户端设备和服务端设备可以进行直接连接，从而可以降低连接的复杂度。The present application establishes a connection between a client device and a server device through the public network address information of the client device and/or the public network address information of the server device, so that the client device and the server device can be directly connected, thereby reducing the complexity of the connection.

BRIEF DESCRIPTION OF THE DRAWINGS

图1是本申请实施例应用的无线通信系统100。FIG. 1 is a wireless communication system 100 to which an embodiment of the present application is applied.

图2是一种为服务端设备进行配网的流程的示意图。FIG. 2 is a schematic diagram of a process of performing network configuration for a server-side device.

图3为可应用本申请实施例的物联网设备的模型结构。FIG3 is a model structure of an Internet of Things device to which an embodiment of the present application can be applied.

图4为本申请实施例提供的基于sigma协议进行密钥交换的流程示意图。FIG4 is a schematic diagram of a process for performing key exchange based on the sigma protocol according to an embodiment of the present application.

图5为本申请实施例提供的一种连接建立的方法的示意性流程图。FIG5 is a schematic flowchart of a method for establishing a connection provided in an embodiment of the present application.

图6为本申请实施例提供的另一种连接建立的方法的示意性流程图。FIG6 is a schematic flowchart of another method for establishing a connection provided in an embodiment of the present application.

图7为本申请实施例提供的另一种连接建立的方法的示意性流程图。FIG. 7 is a schematic flowchart of another method for establishing a connection provided in an embodiment of the present application.

图8为本申请实施例提供的一种配置设备获取公网服务器设备的公网IP地址的流程示意图。FIG8 is a schematic diagram of a process for configuring a device to obtain a public network IP address of a public network server device provided in an embodiment of the present application.

图9为本申请实施例提供的一种客户端设备从配置设备获取公网服务器设备的公网IP地址的流程示意图。FIG9 is a schematic diagram of a process for a client device to obtain a public network IP address of a public network server device from a configuration device according to an embodiment of the present application.

图10为本申请实施例提供的一种公网服务器设备为服务端设备分配公网IP地址的流程。 FIG10 is a process of allocating a public network IP address to a server-side device by a public network server device provided in an embodiment of the present application.

图11为本申请实施例提供的一种客户端设备与服务端设备建立连接的流程示意图。FIG. 11 is a schematic diagram of a process of establishing a connection between a client device and a server device provided in an embodiment of the present application.

图12为本申请实施例提供的另一种配置设备从公网服务器设备获取服务端设备的公网IP地址的流程示意图。FIG. 12 is a flow chart showing another configuration device provided in an embodiment of the present application for obtaining a public IP address of a server device from a public network server device.

图13为本申请实施例提供的另一种客户端设备与服务端设备建立连接的流程示意图。FIG. 13 is a schematic diagram of a process of establishing a connection between another client device and a server device provided in an embodiment of the present application.

图14是本申请实施例提供的一种客户端设备的示意性框图。FIG. 14 is a schematic block diagram of a client device provided in an embodiment of the present application.

图15是本申请实施例提供的一种配置设备的示意性框图。FIG. 15 is a schematic block diagram of a configuration device provided in an embodiment of the present application.

图16是本申请实施例提供的一种公网服务器设备的示意性框图。FIG16 is a schematic block diagram of a public network server device provided in an embodiment of the present application.

图17是本申请实施例提供的一种服务端设备的示意性框图。FIG. 17 is a schematic block diagram of a server device provided in an embodiment of the present application.

图18为本申请实施例提供的装置的结构示意图。FIG. 18 is a schematic diagram of the structure of the device provided in an embodiment of the present application.

DETAILED DESCRIPTION

下面将结合附图，对本申请中的技术方案进行描述。为了便于理解，下文先结合图1介绍本申请实施例适用的系统架构。The technical solution in the present application will be described below in conjunction with the accompanying drawings. For ease of understanding, the following first introduces the system architecture applicable to the embodiment of the present application in conjunction with FIG. 1 .

图1是本申请实施例适用的系统架构的示意图。图1所示的系统100可以包括客户端设备110，配置设备(mediator)120，云平台130以及服务端设备140。FIG1 is a schematic diagram of a system architecture applicable to an embodiment of the present application. The system 100 shown in FIG1 may include a client device 110 , a configuration device (mediator) 120 , a cloud platform 130 and a server device 140 .

客户端设备110，可以是具有与云平台130进行通信功能的设备。在一些实现方式中，客户端设备110可以设置有客户端(client)，客户端可以用于与云平台130进行通信，并通过云平台130与服务端设备140进行通信。例如，用户可以通过客户端访问云平台130，并通过云平台130访问服务端设备140。又例如，用户可以通过客户端访问云平台130，并通过云平台130控制服务端设备140。在一些实施例中，客户端设备110也可以称为客户端。The client device 110 may be a device having a function of communicating with the cloud platform 130. In some implementations, the client device 110 may be provided with a client, which may be used to communicate with the cloud platform 130 and communicate with the server device 140 through the cloud platform 130. For example, a user may access the cloud platform 130 through a client, and access the server device 140 through the cloud platform 130. For another example, a user may access the cloud platform 130 through a client, and control the server device 140 through the cloud platform 130. In some embodiments, the client device 110 may also be referred to as a client.

在一些实施例中，上述客户端可以为应用程序(application，APP)或者小程序等。In some embodiments, the above-mentioned client may be an application (APP) or a mini-program, etc.

服务端设备140，可以是具有与云平台130进行通信功能的设备。在一些实现方式中，服务端设备140可以为用户提供服务功能，因此，服务端设备140又可以称为服务端(server)，或者服务设备。The server device 140 may be a device that has a function of communicating with the cloud platform 130. In some implementations, the server device 140 may provide service functions for users, and therefore, the server device 140 may also be referred to as a server or a service device.

配置设备120，用于对客户端设备110和/或服务端设备140进行配置。例如，配置设备120可以配置客户端设备110和/或服务端设备140与云平台130进行通信。又例如，配置设备120可以为客户端设备110中的客户端进行配置，使得客户端可以与云平台130进行通信。The configuration device 120 is used to configure the client device 110 and/or the server device 140. For example, the configuration device 120 can configure the client device 110 and/or the server device 140 to communicate with the cloud platform 130. For another example, the configuration device 120 can configure the client in the client device 110 so that the client can communicate with the cloud platform 130.

在一些实现方式中，配置设备120可以为应用程序(application，APP)或者小程序等。在另一些实现方式中，配置设备120可以安装在终端设备上，其中，终端设备可以是手机、平板电脑(Pad)、笔记本电脑、掌上电脑、移动互联网设备(mobile internet device，MID)、可穿戴设备，虚拟现实(virtual reality，VR)设备、增强现实(augmented reality，AR)设备、工业控制(industrial control)中的无线终端、无人驾驶(self driving)中的无线终端、远程手术(remote medical surgery)中的无线终端、智能电网(smart grid)中的无线终端、运输安全(transportation safety)中的无线终端、智慧城市(smart city)中的无线终端、智慧家庭(smart home)中的无线终端等。本申请实施例对此并不进行限定。In some implementations, the configuration device 120 may be an application (APP) or a small program, etc. In other implementations, the configuration device 120 may be installed on a terminal device, wherein the terminal device may be a mobile phone, a tablet computer (Pad), a laptop computer, a PDA, a mobile internet device (MID), a wearable device, a virtual reality (VR) device, an augmented reality (AR) device, a wireless terminal in industrial control (industrial control), a wireless terminal in self-driving, a wireless terminal in remote medical surgery, a wireless terminal in smart grid (smart grid), a wireless terminal in transportation safety (transportation safety), a wireless terminal in a smart city (smart city), a wireless terminal in a smart home (smart home), etc. The embodiments of the present application do not limit this.

云平台130，又称为云计算平台(cloud computing platform)或者“云端”，可以理解为基于硬件资源和软件资源的服务提供网络通信能力。因此，在本申请实施例中，客户端设备110中的客户端可以通过云平台130对服务端设备140进行访问或控制。The cloud platform 130, also known as a cloud computing platform or "cloud", can be understood as a service providing network communication capabilities based on hardware resources and software resources. Therefore, in the embodiment of the present application, the client in the client device 110 can access or control the server device 140 through the cloud platform 130.

在一些实现方式中，云平台130可以基于一个或多个云端服务器搭建而成，来提供网络功能。In some implementations, the cloud platform 130 may be built based on one or more cloud servers to provide network functions.

需要说明的是，上述云平台130还可以是其他可以提供网络功能的系统或设备。例如，可以提供网络功能的集群系统等等。本申请实施例对此不作限定。It should be noted that the cloud platform 130 may also be other systems or devices that can provide network functions, such as a cluster system that can provide network functions, etc. This embodiment of the application does not limit this.

另外，上述配置设备120可以与客户端是匹配的APP或小程序，当然，配置设备230可以与客户端是不同的APP或小程序。本申请实施例对此不作限定。In addition, the configuration device 120 may be an APP or a small program that matches the client, and of course, the configuration device 230 may be an APP or a small program that is different from the client. This embodiment of the application does not limit this.

在一些场景中，上述系统100例如可以是物联网(internet of things，IoT)系统。其中，物联网即“万物相连的互联网”，可以理解为是在互联网基础上延伸和扩展的网络，可以通过各种信息传感设备(如射频识别、全球定位系统等)将任何物品与互联网连接起来形成一个巨大的网络，来进行信息交换和通信，以实现万物之间的互联互通。In some scenarios, the system 100 may be, for example, an Internet of Things (IoT) system. The IoT, or "Internet of Things connected to everything", can be understood as a network extended and expanded on the basis of the Internet. Any object can be connected to the Internet through various information sensing devices (such as radio frequency identification, global positioning system, etc.) to form a huge network for information exchange and communication, so as to realize the interconnection between all things.

在一些实施例中，上述客户端设备110和/或服务端设备140可以为物联网(internet of things，IoT)设备。该客户端设备110和/或服务端设备140可以是指支持任意物联网协议的物联网设备，比如，支持Matter标准协议的IoT设备。示例性地，IoT设备可以包括车设备、车载终端、智能家居设备、智能监控设备等。智能家居设备例如可以包括智能空调、智能冰箱、洗衣机、电饭煲、扫地机器人等设备。智能监控设备例如可以包括监控摄像头、温度传感器、声音传感器等设备。In some embodiments, the client device 110 and/or the server device 140 may be an Internet of Things (IoT) device. The client device 110 and/or the server device 140 may refer to an IoT device that supports any IoT protocol, such as an IoT device that supports the Matter standard protocol. Exemplarily, IoT devices may include vehicle devices, vehicle-mounted terminals, smart home devices, smart monitoring devices, and the like. Smart home devices may include, for example, smart air conditioners, smart refrigerators, washing machines, rice cookers, sweeping robots, and the like. Smart monitoring devices may include, for example, surveillance cameras, temperature sensors, sound sensors, and the like.

在另一些实施例中，上述云平台可以是IoT云平台，简称“IoT云”，用于为IoT系统中的IoT设备提供通信服务功能。 In other embodiments, the cloud platform may be an IoT cloud platform, referred to as “IoT cloud”, which is used to provide communication service functions for IoT devices in an IoT system.

为了便于理解，以IoT设备为例介绍系统100。假设客户端设备110为车载终端，服务端设备140为智能家居设备，配置设备120可以为终端设备。继续参见图1，终端设备120可以对车载终端110中的客户端进行配置，使得客户端可以与云平台130进行通信。在客户端配置成功后，用户便可以通过客户端对于云平台上的智能家居设备(或者说与云平台连接的智能家居设备)进行访问和/控制。对于可以对智能家居设备进行访问和/或控制的客户端又可以称为“智能家居客户端(smart home client)”。For ease of understanding, the system 100 is introduced by taking an IoT device as an example. Assume that the client device 110 is a vehicle-mounted terminal, the server device 140 is a smart home device, and the configuration device 120 can be a terminal device. Continuing to refer to Figure 1, the terminal device 120 can configure the client in the vehicle-mounted terminal 110 so that the client can communicate with the cloud platform 130. After the client is successfully configured, the user can access and/or control the smart home devices on the cloud platform (or the smart home devices connected to the cloud platform) through the client. The client that can access and/or control the smart home devices can also be called a "smart home client".

示例性地，假设服务端设备为智能空调，并且智能空调位于云平台，此时，客户端可以通过云平台控制智能空调的开关以及设置空调温度、风速等。当服务端设备为扫地机器人时，客户端可以通过云平台控制扫地机器人开始工作或停止工作、控制扫地机器人的工作模式等。For example, assuming that the server device is a smart air conditioner, and the smart air conditioner is located on the cloud platform, the client can control the smart air conditioner on and off through the cloud platform and set the air conditioner temperature, wind speed, etc. When the server device is a sweeping robot, the client can control the sweeping robot to start or stop working, control the sweeping robot's working mode, etc. through the cloud platform.

下面结合图2，对为服务端设备进行配网的流程进行介绍。The following is an introduction to the process of configuring the network for the server device in conjunction with FIG. 2 .

图2所示的配置设备可以具备自己的生态网络(fabric)。生态网络也可以称为生态。生态网络可以是一个网络域，在该网络域中，所有的设备或节点都能安全的进行通信。例如，A公司开发了一个APP，并基于该APP构建了A公司的生态，使得连接在该生态中的设备都能安全通信。The configuration device shown in Figure 2 can have its own ecological network (fabric). The ecological network can also be called ecology. The ecological network can be a network domain in which all devices or nodes can communicate securely. For example, Company A developed an APP and built Company A's ecology based on the APP, so that all devices connected in the ecology can communicate securely.

参见图2，在步骤S210，配置设备可以与公网服务器设备建立连接。在一些实现方式中，公网服务器设备可以为配置设备分配IP地址。2 , in step S210 , the configuration device may establish a connection with a public network server device. In some implementations, the public network server device may allocate an IP address to the configuration device.

在步骤S220，配置设备可以将服务端设备配置到自己的生态网络中，并配置服务端设备入网。在一些实现方式中，配置设备可以向服务端设备发送可与公网服务器设备连接的认证信息。In step S220, the configuration device may configure the server device into its own ecological network and configure the server device to access the network. In some implementations, the configuration device may send authentication information that can connect to the public network server device to the server device.

在步骤S230，服务端设备与公网服务器设备建立连接。例如，服务端设备可以基于配置设备发送的认证信息，与公网服务器设备建立连接。在一些实施例中，公网服务器设备可以为服务器设备分配IP地址。In step S230, the server device establishes a connection with the public network server device. For example, the server device may establish a connection with the public network server device based on the authentication information sent by the configuration device. In some embodiments, the public network server device may allocate an IP address to the server device.

在步骤S240，配置设备与服务端设备建立基于IP地址的连接。在一些实现方式中，配置设备还可以与服务端设备建立本地安全会话通道。In step S240, the configuration device establishes a connection with the server device based on the IP address. In some implementations, the configuration device may also establish a local secure session channel with the server device.

上述公网服务器设备也可以称为公网服务器、接入点或接入点设备。公网服务器设备例如可以为网关、路由器、接入点等。The above-mentioned public network server device may also be referred to as a public network server, an access point or an access point device. The public network server device may be, for example, a gateway, a router, an access point, etc.

目前，不同厂家可能使用不同的通信协议(也可以称为生态链协议)，实现支持该通信协议的物联网设备之间的互联互通，这样可能导致不同厂家生产的物联网设备之间不能通信，不能达到真正的万物互联。At present, different manufacturers may use different communication protocols (also called ecological chain protocols) to achieve interconnection between IoT devices that support the communication protocols. This may lead to the inability of IoT devices produced by different manufacturers to communicate with each other, and the true interconnection of all things cannot be achieved.

基于此，连接标准联盟(connectivity standards alliance，CSA)推出一种物联网应用层技术标准—Matter标准协议，其可以提供基于互联网协议(internet protocol，IP)的智能家居设备的可互操作的应用层解决方案。在一些实施例中，matter标准也可以称为基于IP的互联家居(connected home over IP，CHIP)标准。在一些实施例中，Matter标准可以支持以太网、Wi-Fi和Thread三种底层通信协议，并且可以让不同协议的物联网设备互相通信。Based on this, the Connectivity Standards Alliance (CSA) launched an IoT application layer technology standard - Matter standard protocol, which can provide an interoperable application layer solution for smart home devices based on the Internet Protocol (IP). In some embodiments, the Matter standard can also be called the connected home over IP (CHIP) standard. In some embodiments, the Matter standard can support three underlying communication protocols: Ethernet, Wi-Fi, and Thread, and can allow IoT devices with different protocols to communicate with each other.

相应地，若上文介绍的客户端支持Matter协议，可以称为“Matter客户端”。若上述服务端设备支持Matter协议，可以称为“Matter服务端”。对于支持Matter协议的客户端设备和/或服务端设备也可以称为“Matter设备”。Accordingly, if the client described above supports the Matter protocol, it can be called a "Matter client". If the server device described above supports the Matter protocol, it can be called a "Matter server". Client devices and/or server devices that support the Matter protocol can also be called "Matter devices".

下文以Matter协议的场景为例，介绍本申请实施例涉及的术语，以及本申请实施例的方案。当然，本申请实施例的方案还可以应用于其他物联网协议。The following uses the Matter protocol as an example to introduce the terms involved in the embodiments of the present application and the solutions of the embodiments of the present application. Of course, the solutions of the embodiments of the present application can also be applied to other Internet of Things protocols.

Matter设备的模型Model of the Matter device

图3是本申请实施例适用的Matter设备的数据模型结构。Matter设备的数据模型结构200包括节点(node)310、端点(endpoint)320、功能集群(cluster)330。3 is a data model structure of a Matter device applicable to an embodiment of the present application. The data model structure 200 of the Matter device includes a node 310 , an endpoint 320 , and a function cluster 330 .

节点(node)310，封装了网络上可寻址的、唯一的资源，具有一组功能和能力，用户可以清楚地将其视为一个功能整体。通常，节点310可以是数据模型中最高或最外层的一阶元素。或者说，节点310是数据模型最外层唯一的可寻址元素。因此，节点可以代表一个设备节点，属于逻辑设备。Node 310 encapsulates an addressable, unique resource on the network, has a set of functions and capabilities, and can be clearly viewed by the user as a functional whole. Generally, node 310 can be the highest or outermost first-order element in the data model. In other words, node 310 is the only addressable element at the outermost level of the data model. Therefore, a node can represent a device node and belongs to a logical device.

需要说明的是，一个物理实体(例如，Matter设备)可以支持多个节点310。另外，一个节点可以有多个节点ID，每个节点ID的作用域是一个特定的网络(fabric)。例如，当节点ID被用作交互的目标地址时，指定节点ID作用域的网络就是交互的访问网络。一个节点可以包括一个或多个端点320。端点320是一个实例，它可以是一个服务实例或虚拟设备，由设备类型指示。每个端点320都符合一个或多个设备类型定义，这些设备类型定义了端点上支持的群集。而群集是在端点上实例化的对象类。It should be noted that a physical entity (e.g., a Matter device) can support multiple nodes 310. In addition, a node can have multiple node IDs, and the scope of each node ID is a specific network (fabric). For example, when the node ID is used as the target address of an interaction, the network that specifies the scope of the node ID is the access network for the interaction. A node can include one or more endpoints 320. An endpoint 320 is an instance, which can be a service instance or a virtual device, indicated by the device type. Each endpoint 320 conforms to one or more device type definitions, which define the clusters supported on the endpoint. A cluster is an object class instantiated on an endpoint.

需要说明的是，在这个体系结构模型中，上述设备类型可以是最高语义元素。设备类型定义了一组端点320的一致性。设备类型为节点310或端点320定义了一组需求。It should be noted that in this architecture model, the device type can be the highest semantic element. The device type defines the consistency of a set of endpoints 320. The device type defines a set of requirements for a node 310 or an endpoint 320.

在一些实施例中，端点可以分为端点0(endpoint 0)和业务端点两类。端点0可以理解为是节点中的第一个端点，端点0的设备类型为“根节点”设备类型(root node device type)。在一些实施例中，端点0也可以称为根节点端点(root node endpoint)。每个节点下面必须包含端点0。业务端点可以理解为是节点中除端点0之外的任意一个端点。业务端点可以支持节点的主要操作，例如，业务端点下可以包括一个或多个应用程序功能集群。In some embodiments, endpoints can be divided into two categories: endpoint 0 and business endpoints. Endpoint 0 can be understood as the first endpoint in a node, and the device type of endpoint 0 is the "root node" device type. In some embodiments, endpoint 0 can also be called a root node endpoint. Endpoint 0 must be included under each node. A business endpoint can be understood as any endpoint in a node except endpoint 0. A business endpoint can support the main operations of a node. For example, a business endpoint can include one or more application function clusters.

每个端点320可以是一类功能的集合，其可以包含一个或多个功能集群330。Each endpoint 320 may be a collection of a type of functions, which may include one or more function clusters 330 .

功能集群330是数据模型的功能构建块元素，或者说，功能集群330属于构建功能集合的元素。在一些实施例中，功能集群也可以称为功能集、功能集合、集群、群集等，本申请实施例对此并不限定。功能集群规范定义了通过交互相互对应的客户端(client)和服务端(server)，换句话说，功能集群330可以包含两种角色，分别为客户端和服务端，其中，客户端属于控制端，服务端属于被控端。功能集群330可以被视为接口、服务或对象类，是数据模型中最低的独立功能元素。Function cluster 330 is a functional building block element of the data model, or in other words, function cluster 330 belongs to an element for building a function set. In some embodiments, function cluster may also be referred to as function set, function set, cluster, cluster, etc., which is not limited by the embodiments of the present application. Function cluster specification defines a client and a server that correspond to each other through interaction. In other words, function cluster 330 may include two roles, namely, client and server, wherein the client belongs to the control end and the server belongs to the controlled end. Function cluster 330 may be regarded as an interface, service or object class, which is the lowest independent functional element in the data model.

通常，上述功能集群可以分为实用程序功能集群(utility cluster)和应用程序功能集群(application cluster)两类。Generally, the above functional clusters can be divided into two categories: utility functional clusters (utility cluster) and application functional clusters (application cluster).

实用程序功能集群不是端点的主要应用程序操作的一部分。实用程序功能集群可以用于配置、发现、寻址、诊断、监视设备运行状况、软件更新等。实用程序功能集群可能与它的功能集群对等物(cluster counterpart)有一个临时的关系。实用程序功能集群例如可以包括描述符功能集群(descriptor cluster)、绑定功能集群(binding cluster)等。Utility function clusters are not part of the primary application operation of the endpoint. Utility function clusters can be used for configuration, discovery, addressing, diagnostics, monitoring device health, software updates, etc. A utility function cluster may have a temporary relationship with its function cluster counterpart. Utility function clusters may include, for example, descriptor function clusters, binding function clusters, etc.

应用程序功能集群支持端点的主要操作，在一些实施例中，应用程序功能集群也可以称为业务功能集群。应用程序功能集群可以支持客户端和服务端之间的一个或多个持久应用程序的交互。例如，智能电灯中的开关功能集群(On/Off cluster)，客户端可以向服务端(即，开关功能集群)发送控制命令，以控制智能电灯的开关。The application function cluster supports the main operations of the endpoint. In some embodiments, the application function cluster can also be called a business function cluster. The application function cluster can support the interaction of one or more persistent applications between the client and the server. For example, the switch function cluster (On/Off cluster) in the smart light, the client can send a control command to the server (i.e., the switch function cluster) to control the switch of the smart light.

在一些实施例中，业务功能集群可以是指除节点中的端点0之外的其他端点上的功能集群，即业务端点上的功能集群。In some embodiments, the service function cluster may refer to a function cluster on other endpoints except endpoint 0 in the node, that is, a function cluster on a service endpoint.

通常，每个功能集群330都可以由一个功能集群规范定义，该规范定义了功能集群330的元素，包括属性(attribute)、事件(event)、命令(command)以及与这些元素交互相关的行为。在一些实施例中，属性、命令、事件也可以称为功能集群330的接口单元，可以通过这三种接口单元提供相应的功能。Typically, each functional cluster 330 may be defined by a functional cluster specification, which defines the elements of the functional cluster 330, including attributes, events, commands, and behaviors related to the interactions of these elements. In some embodiments, attributes, commands, and events may also be referred to as interface units of the functional cluster 330, and corresponding functions may be provided through these three interface units.

在一些实施例中，功能集群330中的属性、事件、命令和行为是强制性的还是可选的，取决于功能集群330的定义。In some embodiments, the properties, events, commands, and behaviors in a functional cluster 330 are mandatory or optional, depending on the definition of the functional cluster 330 .

下面对功能集群的命令、属性、以及事件等主要元素进行简单介绍。The following is a brief introduction to the main elements of the function cluster, such as commands, properties, and events.

属性可以用于描述功能集群中的功能单元，一个功能集群可以包含0或多个属性。属性是功能集群数据。目前，协议中约定，每个属性可以列在一个表中，该表定义的属性的数据质量列可以包括：ID、名称(name)、(数据)类型(type)、约束(constraint)、其他质量、访问、默认(值)和一致性。在一些实现方式中，属性还可以定义其相关的语义和行为。属性可以反映设备的可查询/可设置的状态、配置和能力。在一些情况下，如果没有为属性显式定义特权，则默认的访问特权生效。Attributes can be used to describe functional units in a functional cluster. A functional cluster can contain 0 or more attributes. Attributes are functional cluster data. Currently, the protocol stipulates that each attribute can be listed in a table. The data quality columns of the attribute defined in the table may include: ID, name, (data) type, constraint, other quality, access, default (value) and consistency. In some implementations, attributes can also define their related semantics and behaviors. Attributes can reflect the queryable/settable status, configuration, and capabilities of the device. In some cases, if privileges are not explicitly defined for an attribute, the default access privilege takes effect.

功能集群命令(又称“命令”)可以用于描述对功能集群的控制，一个功能集群可以包含0或多个命令。命令是一组数据字段，每个数据类型在客户端和服务端功能集群实例之间传递，以调用命令接收者的行为。目前，协议中约定，每个命令都可以列在一个表中，该表可以包含命令的数据质量列：标识(ID)、名称(name)、方向(direction)、响应(response)、访问(access)、一致性(conformance)。相应地，一条命令可以指示一个表中定义的零个或多个字段。每个命令字段定义为表中的一行。Functional cluster commands (also called "commands") can be used to describe the control of functional clusters. A functional cluster can contain 0 or more commands. A command is a set of data fields, each data type is passed between client and server functional cluster instances to invoke the behavior of the command recipient. Currently, it is agreed in the protocol that each command can be listed in a table, which can contain data quality columns for the command: identification (ID), name (name), direction (direction), response (response), access (access), and consistency (conformance). Accordingly, a command can indicate zero or more fields defined in a table. Each command field is defined as a row in the table.

事件可以用于描述对功能集群过去发生过的具体行为的记录，或者说事件定义了过去发生的事情的记录。在这方面，事件记录可以被认为是一个日志条目，该日志条目可以通过事件记录流提供节点上的事件的时间顺序视图。一个功能集群可以包含0或多个事件。与属性不同，属性不提供任何临界点保留(edge-preserving)的功能(也就是说，不保证每一个属性的变化都会传递给观察者)，事件允许捕捉每一个单独的临界点或变化，并可靠地传递给观察者。这对于依赖于正确行为保证的安全和安全应用程序至关重要。目前，协议中规定，每个功能集群事件可以列在一个表中，该表定义的事件的数据质量列可以包括：ID、优先级(priority)、访问、一致性。Events can be used to describe a record of specific behaviors that have occurred in the past for a functional cluster, or events define a record of what happened in the past. In this regard, an event record can be thought of as a log entry that provides a chronological view of events on a node through an event record stream. A functional cluster can contain 0 or more events. Unlike attributes, which do not provide any edge-preserving functionality (that is, there is no guarantee that every attribute change will be delivered to the observer), events allow each individual edge or change to be captured and reliably delivered to the observer. This is critical for safety and security applications that rely on correct behavior guarantees. Currently, the protocol stipulates that each functional cluster event can be listed in a table, and the data quality columns of the event defined in the table may include: ID, priority, access, and consistency.

为了便于理解，下文介绍命令、属性和事件中包含的几种常见的数据质量的含义。需要说明的是，本申请实施例中的命令、属性和事件中还可以包含其他数据质量，或者包含上述数据质量中的部分。本申请实施例对此不作限定。For ease of understanding, the following describes the meanings of several common data qualities contained in commands, attributes, and events. It should be noted that the commands, attributes, and events in the embodiments of the present application may also include other data qualities, or include parts of the above data qualities. The embodiments of the present application do not limit this.

标识，表示字段的唯一字段ID，或者说，是命令(或，属性、事件)的唯一标识。Identifier, which indicates the unique field ID of a field, or the unique identifier of a command (or attribute, event).

名称，表示字段的唯一名称，或者说，表示命令(或，属性)的名称。Name, which indicates the unique name of the field, or the name of the command (or attribute).

类型，表示字段的数据类型，或者说，表示命令参数(或，属性参数)的数据类型。Type indicates the data type of the field, or the data type of the command parameter (or attribute parameter).

方向，通常存在于命令列表中，用于定义命令的传输方向，例如，可以定义为从客户端到服务端。又例如，可以定于为从服务端到客户端。 Direction, usually present in the command list, is used to define the transmission direction of the command, for example, it can be defined as from the client to the server. For another example, it can be defined as from the server to the client.

访问权限，用于定义一个元素如何被访问(例如读或写)以及访问该数据需要哪些权限。在一些实现方式中，访问权限可以包括V，V表示读取访问或调用访问需要视图特权。访问权限还可以包括O，O表示“读访问”、“写访问”或“调用访问”需要操作权限。访问权限还可以包括R，R表示读访问。访问权限还可以包括W，W表示写访问。Access permissions, which define how an element can be accessed (e.g., read or write) and what permissions are required to access the data. In some implementations, access permissions may include V, which indicates that view privileges are required for read access or call access. Access permissions may also include O, which indicates that "read access", "write access", or "call access" requires operation permissions. Access permissions may also include R, which indicates read access. Access permissions may also include W, which indicates write access.

响应，通常存在于命令列表中，用于定义命令的响应消息。Response, usually exists in the command list, and is used to define the response message of the command.

质量，用于定义其他列中没有涉及的其他数据质量。Quality, used to define additional data qualities not covered in other columns.

默认，用于定义的默认值。需要说明的是，默认值并不是服务端返回出厂刷新设置时使用的值。默认值可以指示为数据字段指定的一致性可以是可选的，也可以随时间变化。当实际数据字段值不存在时，可以定义默认值以完成依赖关系。Default, used to define the default value. It should be noted that the default value is not the value used when the server returns the factory refresh settings. The default value can indicate that the consistency specified for the data field can be optional or can change over time. When the actual data field value does not exist, a default value can be defined to complete the dependency.

一致性，定义了任何数据模型元素或元素集的可选性和依赖性。通常，此列对属性、命令、事件、枚举以及命令、事件或结构的字段有效。在一些实现方式中，“M”表示对应的命令为基本的强制特性集的一部分，“O”表示对应的命令为可选的特性集的一部分。Conformance, defines the optionality and dependencies of any data model element or set of elements. Typically, this column is valid for attributes, commands, events, enumerations, and fields of commands, events, or structures. In some implementations, "M" indicates that the corresponding command is part of the basic mandatory feature set, and "O" indicates that the corresponding command is part of the optional feature set.

对于命令而言，客户端到服务端命令的一致性意味着服务器应该识别并支持客户端到服务器的命令，并按照定义生成响应。服务端到客户端命令的一致性意味着服务器应该按照功能集群行为定义的方式发送命令，例如，响应客户端到服务器的命令。命令的一致性取决于所支持的服务器特性。客户端不应被要求支持可选命令或依赖于可选特性的命令。For commands, client-to-server command conformance means that the server should recognize and support client-to-server commands and generate responses as defined. Server-to-client command conformance means that the server should send commands as defined by the functional cluster behavior, i.e., respond to client-to-server commands. Command conformance depends on supported server features. Clients should not be required to support optional commands or commands that depend on optional features.

约束，包含all和desc。其中，all定义在数值数据类型中表示允许所有值。desc表示约束是在描述部分定义的。Constraints include all and desc. All is defined in a numeric data type to allow all values. desc indicates that the constraint is defined in the description part.

范围(range)，表示字段的取值范围。范围可以支持两种形式：显式约束(explicit constraint)和宽度约束(width constraint)。其中，显式约束可以给出字段的取值对应的最小值和最大值，例如，某个字段的取值范围为(0,128)。宽度约束可以将字段的取值限定在特定字节数内，例如，某个字段的取值限定在8个字节内。在一些实施例中，范围的取值可以包含“N/A”表示不适用。当然，“N/A”也可以出现在其他部分(其他数据质量中)，比如，默认、约束等。Range, which indicates the value range of a field. Range can support two forms: explicit constraint and width constraint. Among them, the explicit constraint can give the minimum and maximum values corresponding to the value of the field, for example, the value range of a field is (0,128). The width constraint can limit the value of a field to a specific number of bytes, for example, the value of a field is limited to 8 bytes. In some embodiments, the value of the range can include "N/A" to indicate not applicable. Of course, "N/A" can also appear in other parts (other data quality), such as defaults, constraints, etc.

优先级：每个事件记录都有一个相关的优先级。该优先级可以用于描述事件的使用语义。Priority: Each event record has an associated priority. This priority can be used to describe the usage semantics of the event.

上文对Matter协议进行了介绍，下面对本申请涉及的sigma协议进行介绍。The Matter protocol is introduced above, and the sigma protocol involved in this application is introduced below.

sigma协议Sigma Protocol

一方面，sigma协议可以理解为是一种高效的交互式零知识证明协议，可以使证明者在不向验证者出示秘密的情况下，向验证者证明其知道该秘密。On the one hand, the sigma protocol can be understood as an efficient interactive zero-knowledge proof protocol that allows the prover to prove to the verifier that he knows the secret without showing the secret to the verifier.

另一方面，sigma协议可以理解为是一种密钥交换协议，可以通过使用数字签名进行身份验证，以进一步保证密钥交换的安全性。On the other hand, the sigma protocol can be understood as a key exchange protocol that can further ensure the security of key exchange by using digital signatures for authentication.

在一些实施例中，sigma协议的参与方可以包括发起流程的配置端(initiator)和响应流程的接收端(responder)。initiator和responder可以通过一轮或多轮sigma消息来进行密钥交换。图4为本申请实施例提供的一种基于sigma协议进行密钥交换的流程示意图。下面结合图4，对initiator和responder基于sigma协议进行密钥交换进行示例性说明。In some embodiments, the participants of the sigma protocol may include the configuration end (initiator) of the initiation process and the receiving end (responder) of the response process. The initiator and the responder may exchange keys through one or more rounds of sigma messages. FIG4 is a schematic diagram of a process of performing key exchange based on the sigma protocol provided in an embodiment of the present application. In conjunction with FIG4, the key exchange between the initiator and the responder based on the sigma protocol is exemplarily described below.

如图4所示，在步骤S410，initiator构造sigma1消息，发送sigma1消息给responder。As shown in FIG. 4 , in step S410 , the initiator constructs a sigma1 message and sends the sigma1 message to the responder.

sigma1消息可以用于请求responder进行密钥交换，或者进行密钥协商。在一些实施例中，sigma1消息可以是明文消息。在一些实施例中，sigma1消息可以是密文消息。The sigma1 message may be used to request the responder to perform key exchange or key negotiation. In some embodiments, the sigma1 message may be a plaintext message. In some embodiments, the sigma1 message may be a ciphertext message.

在步骤S420，responder根据initiator发来的sigma1消息，生成共享密钥，并将构造的sigma2消息发送给initiator。In step S420, the responder generates a shared key according to the sigma1 message sent by the initiator, and sends the constructed sigma2 message to the initiator.

在一些实施例中，responder在生成共享密钥之前，可以对initiator发来的sigma1消息进行校验，校验通过后执行步骤S420。In some embodiments, before generating a shared key, the responder may verify the sigma1 message sent by the initiator, and execute step S420 after the verification passes.

在步骤S430，initiator根据responder发来的sigma2消息，生成共享密钥，并将构造的sigma3消息发送给responder。In step S430, the initiator generates a shared key according to the sigma2 message sent by the responder, and sends the constructed sigma3 message to the responder.

在一些实施例中，initiator在生成共享密钥之前，可以对responder发来的sigma2消息进行校验，校验通过后执行步骤S430。In some embodiments, before generating a shared key, the initiator may verify the sigma2 message sent by the responder, and execute step S430 after the verification passes.

在步骤S440，responder校验sigma3消息，校验通过后返回sigma校验完成消息给initiator。In step S440, the responder verifies the sigma3 message, and returns a sigma verification completion message to the initiator after the verification passes.

在现实生活中，可能存在如下场景。场景1、用户可能拥有不同的房子A和房子B，用户希望利用房子B中的设备访问房子A中的设备。场景2、用户拥有车，用户开车离家出门后，希望通过车访问家里的设备。上述场景1中，房子A中的设备可以理解为客户端设备，房子B中的设备可以理解为服务端设备，上述场景2中，车可以理解为客户端设备，用户家里的设备可以理解为服务端设备。目前，客户端设备对服务端设备的访问需要通过云平台来实现。下面结合图1进行说明。In real life, the following scenarios may exist. Scenario 1: The user may have different houses A and B, and the user wants to use the devices in house B to access the devices in house A. Scenario 2: The user has a car, and after the user drives away from home, he wants to access the devices at home through the car. In the above scenario 1, the devices in house A can be understood as client devices, and the devices in house B can be understood as server devices. In the above scenario 2, the car can be understood as a client device, and the devices in the user's home can be understood as server devices. At present, the access of client devices to server devices needs to be implemented through the cloud platform. The following is an explanation in conjunction with Figure 1.

继续参见图1，客户端设备110在对服务端设备140进行访问时，需要通过云平台130才能实现对服务端设备140的访问。例如，客户端设备110需要先将指令发送至云平台130，然后再由云平台将指令发送至服务端设备140。这种方式存在连接复杂度高的问题。尤其是对于客户端设备与服务端设备属于不同的厂商的情况，会进一步增加连接的复杂度。举例说明，如果客户端设备与服务端设备属于不同的厂商，则需要采用云云互联的方案，来实现客户端设备对服务端设备的访问。例如，假设客户端设备属于厂商A，厂商A对应的云平台称为云平台A，服务端设备属于厂商B，厂商B对应的云平台称为云平台B，客户端设备在对服务端设备进行访问时，需要经过云平台A和云平台B，才能实现对服务端设备的访问。Continuing to refer to FIG. 1 , when the client device 110 accesses the server device 140, it needs to access the server device 140 through the cloud platform 130. For example, the client device 110 needs to first send the instruction to the cloud platform 130, and then the cloud platform sends the instruction to the server device 140. This method has the problem of high connection complexity. Especially for the case where the client device and the server device belong to different manufacturers, the complexity of the connection will be further increased. For example, if the client device and the server device belong to different manufacturers, it is necessary to adopt a cloud-to-cloud interconnection solution to enable the client device to access the server device. For example, assuming that the client device belongs to manufacturer A, the cloud platform corresponding to manufacturer A is called cloud platform A, and the server device belongs to manufacturer B, and the cloud platform corresponding to manufacturer B is called cloud platform B, when the client device accesses the server device, it needs to go through cloud platform A and cloud platform B to access the server device.

基于此，本申请实施例提供一种连接建立的方法及装置，可以通过公网地址信息，实现客户端设备与服务端设备的连接建立，使得客户端设备和服务端设备可以进行直接连接，从而可以降低连接和访问的复杂度，使得连接和访问变得简单和方便。Based on this, the embodiments of the present application provide a method and device for establishing a connection, which can realize the establishment of a connection between a client device and a server device through public network address information, so that the client device and the server device can be directly connected, thereby reducing the complexity of connection and access, making connection and access simple and convenient.

下面结合图5，对本申请实施例的方案进行详细介绍。The solution of the embodiment of the present application is described in detail below in conjunction with FIG. 5 .

参见图5，在步骤S510，客户端设备与服务端设备建立基于公网地址信息的连接。Referring to FIG. 5 , in step S510 , the client device establishes a connection with the server device based on public network address information.

在一些实施例中，客户端设备和/或服务端设备可以为IoT设备。该客户端设备和/或服务端设备可以是指支持任意物联网协议的物联网设备，比如，支持Matter标准协议的IoT设备。示例性地，IoT设备可以包括车设备、车载终端、智能家居设备、智能监控设备等。智能家居设备例如可以包括智能空调、智能冰箱、洗衣机、电饭煲、扫地机器人等设备。智能监控设备例如可以包括监控摄像头、温度传感器、声音传感器等设备。In some embodiments, the client device and/or the server device may be an IoT device. The client device and/or the server device may refer to an IoT device that supports any IoT protocol, such as an IoT device that supports the Matter standard protocol. Exemplarily, IoT devices may include vehicle devices, vehicle-mounted terminals, smart home devices, smart monitoring devices, and the like. Smart home devices may include, for example, smart air conditioners, smart refrigerators, washing machines, rice cookers, sweeping robots, and other devices. Smart monitoring devices may include, for example, surveillance cameras, temperature sensors, sound sensors, and other devices.

客户端设备和服务端设备可以为同一个厂商的设备，也可以为不同厂商的设备，本申请实施例对此不做具体限定。The client device and the server device may be devices from the same manufacturer or devices from different manufacturers, and this embodiment of the present application does not specifically limit this.

在一些实施例中，客户端设备可以称为离家设备，服务端设备可以称为家居设备。In some embodiments, the client device may be referred to as an away-from-home device, and the server device may be referred to as a home device.

在一些实施例中，客户端设备可以为车设备，或者客户端设备可以为与服务端设备处于不同区域的中控设备。In some embodiments, the client device may be a vehicle device, or the client device may be a central control device located in a different area from the server device.

公网地址信息具有唯一性，可以使得一个设备通过另一个设备的公网地址信息唯一寻址到该另一个设备。公网地址信息可以包括公网IP地址信息和/或端口号。该公网IP地址可以为IPv4地址(或公网IPv4地址)，也可以为IPv6地址(或公网IPv6地址)。由于IPv6协议中的IP地址数量大于IPv4协议中的IP地址数量，因此，采用IPv6地址可以为客户端设备与服务端设备之间的连接建立提供了更多的可能性。The public network address information is unique, and can enable a device to uniquely address another device through the public network address information of another device. The public network address information may include public network IP address information and/or port number. The public network IP address can be an IPv4 address (or a public network IPv4 address) or an IPv6 address (or a public network IPv6 address). Since the number of IP addresses in the IPv6 protocol is greater than the number of IP addresses in the IPv4 protocol, the use of IPv6 addresses can provide more possibilities for establishing a connection between a client device and a server device.

在一些实施例中，公网地址信息可以包括服务端设备的公网地址信息和/或客户端设备的公网地址信息。例如，客户端设备可以基于服务端设备的公网地址信息，与服务端设备建立连接。又例如，客户端设备可以基于客户端设备的公网地址信息，与服务端设备建立连接。又例如，客户端设备可以基于客户端设备的公网地址信息和服务端设备的公网地址信息，与服务端设备建立连接。又例如，服务端设备可以基于服务端设备的公网地址信息，与客户端设备建立连接。又例如，服务端设备可以基于客户端设备的公网地址信息，与客户端设备建立连接。又例如，服务端设备可以基于客户端设备的公网地址信息和服务端设备的公网地址信息，与客户端设备建立连接。In some embodiments, the public network address information may include the public network address information of the server device and/or the public network address information of the client device. For example, the client device may establish a connection with the server device based on the public network address information of the server device. For another example, the client device may establish a connection with the server device based on the public network address information of the client device. For another example, the client device may establish a connection with the server device based on the public network address information of the client device and the public network address information of the server device. For another example, the server device may establish a connection with the client device based on the public network address information of the server device. For another example, the server device may establish a connection with the client device based on the public network address information of the client device. For another example, the server device may establish a connection with the client device based on the public network address information of the client device. For another example, the server device may establish a connection with the client device based on the public network address information of the client device and the public network address information of the server device.

客户端设备的公网地址信息与服务端设备的公网地址信息的类型可以相同，也可以不同。例如，客户端设备的公网地址信息可以为IPv4地址，服务端设备的公网地址信息可以为IPv6地址。又例如，客户端设备的公网地址信息可以为IPv6地址，服务端设备的公网地址信息可以为IPv4地址。又例如，客户端设备的公网地址信息和服务端设备的公网地址信息均为IPv4地址。又例如，客户端设备的公网地址信息和服务端设备的公网地址信息均为IPv6地址。The types of the public network address information of the client device and the public network address information of the server device may be the same or different. For example, the public network address information of the client device may be an IPv4 address, and the public network address information of the server device may be an IPv6 address. For another example, the public network address information of the client device may be an IPv6 address, and the public network address information of the server device may be an IPv4 address. For another example, the public network address information of the client device and the public network address information of the server device are both IPv4 addresses. For another example, the public network address information of the client device and the public network address information of the server device are both IPv6 addresses.

在一些实施例中，客户端设备的公网地址信息可以由运营商配置，或者，也可以由公网服务器设备配置。In some embodiments, the public network address information of the client device may be configured by an operator, or may also be configured by a public network server device.

在一些实施例中，服务端设备的公网地址信息可以由运营商配置，或者，也可以由公网服务器设备配置。In some embodiments, the public network address information of the server device may be configured by an operator, or may also be configured by a public network server device.

公网服务器设备可以为具有公网地址分配能力的设备。在一些实施例中，运营商可以为公网服务器设备配置一个地址范围，公网服务器设备可以在该地址范围内，为其他设备配置公网地址。在一些实施例中，公网服务器可以为与其连接的设备配置公网地址。The public network server device may be a device with the ability to allocate public network addresses. In some embodiments, the operator may configure an address range for the public network server device, and the public network server device may configure public network addresses for other devices within the address range. In some embodiments, the public network server may configure public network addresses for devices connected thereto.

在一些实施例中，公网服务器设备为设备配置的公网地址可以为静态地址，也可以为动态地址。以动态地址为例，公网服务器设备可以每隔一段时间，更新为设备配置的公网地址。In some embodiments, the public network address configured by the public network server device for the device may be a static address or a dynamic address. Taking the dynamic address as an example, the public network server device may update the public network address configured for the device at regular intervals.

在一些实施例中，服务端设备的公网地址信息可以基于公网服务器设备的公网地址生成。例如，服务端的公网地址可以基于公网服务器设备的IP地址生成，公网服务器设备可以在自身的IP地址的基础上增加端口号信息生成服务端的公网地址。In some embodiments, the public network address information of the server device can be generated based on the public network address of the public network server device. For example, the public network address of the server can be generated based on the IP address of the public network server device, and the public network server device can add port number information to its own IP address to generate the public network address of the server.

在一些实施例中，该公网服务器设备可以包括以下中的一种或多种：网关、路由器、接入点等。在一些实施例中，公网服务器设备也可以称为接入点或接入点设备。In some embodiments, the public network server device may include one or more of the following: a gateway, a router, an access point, etc. In some embodiments, the public network server device may also be referred to as an access point or an access point device.

在一些实施例中，公网服务器设备可以具备网络地址转换(network address translation，NAT)功能，从而可以将私有IP地址转换成公网IP地址。在一些实施例中，公网服务器设备可以具备网络地址端口转换(network address port translation，NAPT)功能，从而可以将IP地址和端口号一起转换成公网IP地址。在一些实施例中，公网服务器设备可以具备网络地址转换协议转换(network address translator-protocol translator，NAT-PT)功能，从而可以将IPv4地址转换成IPv6地址。In some embodiments, the public network server device may have a network address translation (NAT) function, so that a private IP address can be converted into a public IP address. In some embodiments, the public network server device may have a network address port translation (NAPT) function, so that an IP address and a port number can be converted into a public IP address. In some embodiments, the public network server device may have a network address translation protocol translation (NAT-PT) function, so that an IPv4 address can be converted into an IPv6 address.

客户端设备与服务端设备建立的连接可以为远程连接。如上文描述的场景1和场景2，服务端设备和客户端设备可以位于不同的局域网内。通过本申请实施例的方案，可以实现客户端设备对服务端设备的远程控制。The connection established between the client device and the server device can be a remote connection. As described in the above scenario 1 and scenario 2, the server device and the client device can be located in different local area networks. Through the solution of the embodiment of the present application, the client device can achieve remote control of the server device.

下面以服务端设备的公网地址信息由公网服务器设备配置为例，对本申请实施例的方案进行说明。The following uses the example of the public network address information of the server-side device being configured by the public network server device to illustrate the solution of the embodiment of the present application.

在一些实施例中，公网服务器设备可以为服务端设备配置公网地址。公网服务器设备在为服务端设备配置公网地址后，可以发送服务端设备的公网地址信息。如图6所示，在步骤S610，公网服务器设备可以发送服务端设备的公网地址信息。例如，公网服务器设备可以向客户端设备发送服务端设备的公网地址信息。又例如，公网服务器设备可以向配置设备发送服务端设备的公网地址信息。In some embodiments, the public network server device can configure a public network address for the server device. After configuring the public network address for the server device, the public network server device can send the public network address information of the server device. As shown in FIG6, in step S610, the public network server device can send the public network address information of the server device. For example, the public network server device can send the public network address information of the server device to the client device. For another example, the public network server device can send the public network address information of the server device to the configuration device.

在一些实施例中，客户端设备在与服务端设备建立连接之前，可以先获取服务端设备的公网地址信息。In some embodiments, before establishing a connection with a server device, the client device may first obtain the public network address information of the server device.

在一些实施例中，客户端设备获取服务端设备的公网地址信息的方式有多种。例如，客户端设备可以从公网服务器设备获取服务端设备的公网地址信息。又例如，客户端设备可以从配置设备获取服务端设备的公网地址信息。如果客户端设备从配置设备获取服务端设备的公网地址信息，则配置设备可以先从公网服务器设备获取服务端设备的公网地址信息。下文将会针对这两种情况分别进行介绍。In some embodiments, there are multiple ways for a client device to obtain the public network address information of a server device. For example, the client device can obtain the public network address information of the server device from a public network server device. For another example, the client device can obtain the public network address information of the server device from a configuration device. If the client device obtains the public network address information of the server device from the configuration device, the configuration device can first obtain the public network address information of the server device from the public network server device. The following will introduce these two situations respectively.

接下来先对客户端设备从公网服务器设备获取服务端设备的公网地址信息的相关方案进行介绍。Next, the relevant solutions for the client device to obtain the public network address information of the server device from the public network server device are introduced.

在一些实施例中，在客户端设备从公网服务器设备获取服务端设备的公网地址信息之前，客户端设备可以与公网服务器设备建立连接。例如，客户端设备可以基于公网服务器设备的公网地址信息，建立与公网服务器设备的连接。In some embodiments, before the client device obtains the public network address information of the server device from the public network server device, the client device may establish a connection with the public network server device. For example, the client device may establish a connection with the public network server device based on the public network address information of the public network server device.

客户端设备获取公网服务器设备的公网地址信息的方式有多种。例如，客户端设备可以从配置设备获取公网服务器设备的公网地址信息。又例如，客户端设备可以从云平台获取公网服务器设备的公网地址信息。There are many ways for a client device to obtain the public network address information of a public network server device. For example, the client device can obtain the public network address information of the public network server device from a configuration device. For another example, the client device can obtain the public network address information of the public network server device from a cloud platform.

在一些实施例中，如果客户端设备从配置设备获取公网服务器设备的公网地址信息，则配置设备可以先与客户端设备建立连接，然后向客户端设备发送公网服务器设备的公网地址信息。In some embodiments, if the client device obtains the public network address information of the public network server device from the configuration device, the configuration device may first establish a connection with the client device and then send the public network address information of the public network server device to the client device.

在一些实施例中，配置设备可以具备自己的生态网络，为了提高通信的安全性，配置设备可以将客户端设备配置到自己的生态网络中，即客户端设备处于配置设备的生态网络中，配置设备可以通过该生态网络与客户端设备进行安全通信，如配置设备可以通过该生态网络向客户端设备发送公网服务器设备的公网地址信息。In some embodiments, the configuration device may have its own ecological network. In order to improve the security of communication, the configuration device may configure the client device into its own ecological network, that is, the client device is in the ecological network of the configuration device. The configuration device can communicate securely with the client device through the ecological network. For example, the configuration device can send the public network address information of the public network server device to the client device through the ecological network.

在一些实施例中，客户端设备从公网服务器设备获取的服务端设备的公网地址信息可以是静态地址信息，也可以是动态地址信息。公网服务器设备在为服务端设备分配公网地址信息时，可以为其分配静态地址信息，也可以为其分配动态地址信息。In some embodiments, the public network address information of the server device obtained by the client device from the public network server device can be static address information or dynamic address information. When allocating public network address information to the server device, the public network server device can allocate static address information or dynamic address information.

在一些实施例中，配置设备可以将公网服务器设备配置到自己的生态网络中，即公网服务器设备处于配置设备的生态网络中，配置设备可以通过该生态网络与公网服务器设备进行安全通信。例如，配置设备可以通过该生态网络从公网服务器设备获取公网服务器设备的公网地址信息。In some embodiments, the configuration device can configure the public network server device to its own ecological network, that is, the public network server device is in the ecological network of the configuration device, and the configuration device can communicate securely with the public network server device through the ecological network. For example, the configuration device can obtain the public network address information of the public network server device from the public network server device through the ecological network.

在一些实施例中，客户端设备和公网服务器设备可以均处于配置设备的生态网络中，客户端设备和公网服务器设备可以在该生态网络中进行安全通信。例如，公网服务器设备可以通过该生态网络向客户端设备发送服务端设备的公网地址信息。在一些实现方式中，配置设备可以具备多个生态网络，客户端设备和公网服务器设备可以处于配置设备的同一个生态网络中。In some embodiments, the client device and the public network server device may both be in the ecological network of the configuration device, and the client device and the public network server device may communicate securely in the ecological network. For example, the public network server device may send the public network address information of the server device to the client device through the ecological network. In some implementations, the configuration device may have multiple ecological networks, and the client device and the public network server device may be in the same ecological network of the configuration device.

在一些实施例中，公网服务器设备上可以存储一个或多个服务端设备的公网地址信息。公网服务器设备在向客户端设备发送服务端设备的公网地址信息时，可以发送公网服务器设备上存储的部分服务端设备的公网地址信息，也可以发送公网服务器设备上存储的全部服务端设备的公网地址信息。In some embodiments, the public network server device may store public network address information of one or more server devices. When the public network server device sends the public network address information of the server device to the client device, it may send the public network address information of some of the server devices stored on the public network server device, or it may send the public network address information of all the server devices stored on the public network server device.

在一些实施例中，公网服务器设备可以主动向客户端设备发送服务端设备的公网地址信息，或者，客户端设备可以先向公网服务器设备发送请求消息，接收到该请求消息后，公网服务器设备向配置设备发送服务端设备的公网地址信息。客户端设备向公网服务器设备发送请求消息时，还可以向公网服务器设备指示请求哪些服务端设备的公网地址信息，如客户端设备可以向公网服务器设备指示请求第一设备的公网地址信息，公网服务器设备可以根据客户端设备的请求，向客户端设备发送第一设备的公网地址信息。 In some embodiments, the public network server device can actively send the public network address information of the server device to the client device, or the client device can first send a request message to the public network server device, and after receiving the request message, the public network server device sends the public network address information of the server device to the configuration device. When the client device sends a request message to the public network server device, it can also indicate to the public network server device which server devices' public network address information to request, such as the client device can indicate to the public network server device to request the public network address information of the first device, and the public network server device can send the public network address information of the first device to the client device according to the request of the client device.

下面对客户端设备从配置设备获取服务端设备的公网地址信息的相关方案进行介绍。The following introduces the relevant solutions for the client device to obtain the public network address information of the server device from the configuration device.

参见图7，在步骤S710，配置设备向客户端设备发送服务端设备的公网地址信息。Referring to FIG. 7 , in step S710 , the configuration device sends the public network address information of the server device to the client device.

在一些实施例中，配置设备可以先从公网服务器设备获取服务端设备的公网地址信息，然后将服务端设备的公网地址信息发送至客户端设备。在一些实施例中，配置设备也可以从其他设备(如运营商)获取服务端设备的公网地址信息。In some embodiments, the configuration device may first obtain the public network address information of the server device from the public network server device, and then send the public network address information of the server device to the client device. In some embodiments, the configuration device may also obtain the public network address information of the server device from other devices (such as operators).

在一些实施例中，配置设备可以先对公网服务器设备进行配置，以建立与公网服务器设备之间的连接。在与公网服务器设备建立连接后，配置设备可以从公网服务器设备获取服务端设备的公网地址信息。在一些实施例中，公网服务器设备可以主动向配置设备发送服务端设备的公网地址信息，或者，配置设备可以先向公网服务器设备发送请求消息，接收到该请求消息后，公网服务器设备向配置设备发送服务端设备的公网地址信息。In some embodiments, the configuration device may first configure the public network server device to establish a connection with the public network server device. After establishing a connection with the public network server device, the configuration device may obtain the public network address information of the server device from the public network server device. In some embodiments, the public network server device may actively send the public network address information of the server device to the configuration device, or the configuration device may first send a request message to the public network server device, and after receiving the request message, the public network server device sends the public network address information of the server device to the configuration device.

为了保证通信的安全性，配置设备可以将公网服务器设备配置到自己的生态网络中，通过该生态网络与公网服务器设备进行通信。例如，公网服务器设备可以通过该生态网络向配置设备发送服务端设备的公网地址信息。In order to ensure the security of communication, the configuration device can configure the public network server device into its own ecological network and communicate with the public network server device through the ecological network. For example, the public network server device can send the public network address information of the server device to the configuration device through the ecological network.

类似地，为了保证通信的安全性，配置设备可以将客户端设备配置到自己的生态网络中，通过该生态网络与客户端设备进行通信。例如，配置设备可以通过该生态网络向客户端设备发送服务端设备的公网地址信息。Similarly, to ensure the security of communication, the configuration device can configure the client device into its own ecological network and communicate with the client device through the ecological network. For example, the configuration device can send the public network address information of the server device to the client device through the ecological network.

在一些实施例中，公网服务器设备上可以存储一个或多个服务端设备的公网地址信息。配置设备在从公网服务器设备获取服务端设备的公网地址信息时，可以获取公网服务器设备上存储的部分服务端设备的公网地址信息，也可以获取公网服务器设备上存储的全部服务端设备的公网地址信息。In some embodiments, the public network server device may store public network address information of one or more server devices. When the configuration device obtains the public network address information of the server device from the public network server device, it may obtain the public network address information of some server devices stored on the public network server device, or it may obtain the public network address information of all server devices stored on the public network server device.

在一些实施例中，配置设备可以向客户端设备发送一个或多个服务端设备的公网地址信息。例如，配置设备可以向客户端设备发送所获取的部分服务端设备的公网地址信息。又例如，配置设备可以向客户端设备发送所获取的全部服务端设备的公网地址信息。In some embodiments, the configuration device may send the public network address information of one or more server devices to the client device. For example, the configuration device may send the acquired public network address information of some server devices to the client device. For another example, the configuration device may send the acquired public network address information of all server devices to the client device.

在一些实施例中，为了保证通信的安全性，本申请中相互通信的两个设备之间可以建立安全连接。相互通信的两个设备可以为客户端设备和服务端设备，或者可以为客户端设备与公网服务器设备，或者可以为服务端设备和公网服务器设备。In some embodiments, in order to ensure the security of communication, a secure connection can be established between two devices communicating with each other in the present application. The two devices communicating with each other can be a client device and a server device, or a client device and a public network server device, or a server device and a public network server device.

在一些实施例中，该安全连接可以包括基于sigma协议建立的安全连接。相互通信的两个设备可以基于sigma协议进行密钥交换和共享密钥协商，从而建立安全连接。例如，相互通信的两个设备可以基于sigma协议协商共享密钥，并基于该共享密钥，建立操作通道(或互操作通道)，通过该操作通道进行安全通信。In some embodiments, the secure connection may include a secure connection established based on a sigma protocol. Two devices communicating with each other may perform key exchange and shared key negotiation based on the sigma protocol to establish a secure connection. For example, two devices communicating with each other may negotiate a shared key based on the sigma protocol, and based on the shared key, establish an operation channel (or interoperation channel) and perform secure communication through the operation channel.

在一些实施例中，由前文的描述可知，sigma协议是基于操作证书进行的密钥交换和共享密钥协商。本申请中的两个设备之间可以基于操作证书进行密钥交换和共享密钥协商。In some embodiments, it can be known from the above description that the sigma protocol is a key exchange and shared key negotiation based on the operation certificate. The two devices in this application can perform key exchange and shared key negotiation based on the operation certificate.

该操作证书可以是配置设备发送给其他设备的。例如，配置设备可以向客户端设备发送客户端设备对应的操作证书。又例如，配置设备可以向服务端设备发送服务端设备对应的操作证书。又例如，配置设备可以向公网服务器设备发送公网服务器设备对应的操作证书。The operation certificate may be sent by the configuration device to other devices. For example, the configuration device may send the operation certificate corresponding to the client device to the client device. For another example, the configuration device may send the operation certificate corresponding to the server device to the server device. For another example, the configuration device may send the operation certificate corresponding to the public network server device to the public network server device.

为了保证通信的安全性，配置设备可以将其他设备配置到自己的生态网络中，并通过该生态网络向其他设备发送操作证书。不同设备对应的操作证书可以不相同。To ensure the security of communication, the configuration device can configure other devices into its own ecological network and send operation certificates to other devices through the ecological network. The operation certificates corresponding to different devices may be different.

在一些实施例中，相互通信的两个设备可以基于生态网络标识和/或节点标识，来验证操作证书的身份。在操作证书验证通过的情况下，两个设备之间可以建立安全连接。生态网络标识用于标识设备接入到哪个生态网络中，节点标识是配置设备为设备分配的唯一标识设备入网的身份信息。生态网络标识和节点标识可以是配置设备与设备建立连接时为设备分配的。In some embodiments, two devices communicating with each other can verify the identity of the operation certificate based on the ecological network identifier and/or node identifier. If the operation certificate is verified, a secure connection can be established between the two devices. The ecological network identifier is used to identify which ecological network the device is connected to, and the node identifier is the unique identity information assigned by the configuration device to the device to identify the device's access to the network. The ecological network identifier and node identifier can be assigned to the device when the configuration device establishes a connection with the device.

在一些实施例中，客户端设备处于配置设备的生态网络中，配置设备可以通过生态网络向客户端设备发送针对客户端设备的第一信息，从而保证第一信息的安全性。第一信息可用于客户端设备建立与其他设备的安全连接。例如，第一信息可用于建立客户端设备与公网服务器设备之间的安全连接，或第一信息可用于建立客户端设备与服务端设备之间的安全连接。In some embodiments, the client device is in the ecological network of the configuration device, and the configuration device can send the first information for the client device to the client device through the ecological network, thereby ensuring the security of the first information. The first information can be used by the client device to establish a secure connection with other devices. For example, the first information can be used to establish a secure connection between the client device and a public network server device, or the first information can be used to establish a secure connection between the client device and a server device.

第一信息可以包括以下中的一种或多种：操作证书、生态网络标识和节点标识。The first information may include one or more of the following: an operation certificate, an ecological network identifier, and a node identifier.

生态网络标识可用于标识设备所处的生态网络。如果两个设备的生态网络标识相同，则这两个设备可以在该生态网络中安全通信。如果两个设备的生态网络标识不同，则这两个设备可能无法通过生态网络进行安全通信。The eco-network identifier can be used to identify the eco-network in which the device is located. If the eco-network identifiers of two devices are the same, the two devices can communicate securely in the eco-network. If the eco-network identifiers of two devices are different, the two devices may not be able to communicate securely through the eco-network.

节点标识可用做交互的目标地址。客户端设备可以通过节点标识与其他设备进行安全通信。The node identifier can be used as the target address for interaction. Client devices can communicate securely with other devices through the node identifier.

操作证书中存储有设备的密钥信息。发送方和接收方可以基于操作证书进行密钥交换和共享密钥协商。例如，客户端设备可以使用sigma密钥协商算法，与其他设备进行密钥交换和共享密钥协商。在一些实施例中，客户端设备可以基于该操作证书与其他设备进行安全连接。 The operation certificate stores the key information of the device. The sender and the receiver can perform key exchange and shared key negotiation based on the operation certificate. For example, the client device can use the sigma key negotiation algorithm to perform key exchange and shared key negotiation with other devices. In some embodiments, the client device can establish a secure connection with other devices based on the operation certificate.

在一些实施例中，生态网络标识和/或节点标识可用于对操作证书进行验证。在操作证书验证通过的情况下，客户端设备可以利用该操作证书与其他设备建立安全连接。In some embodiments, the ecological network identifier and/or the node identifier may be used to verify the operation certificate. If the operation certificate is verified, the client device may use the operation certificate to establish a secure connection with other devices.

在一些实施例中，公网服务器设备处于配置设备的生态网络中，配置设备可以通过生态网络向公网服务器设备发送针对公网服务器设备的第二信息，从而保证第二信息的安全性。该第二信息可用于公网服务器设备建立与其他设备之间的安全连接。例如，该第二信息可用于建立公网服务器设备与客户端设备之间的安全连接。In some embodiments, the public network server device is in the ecological network of the configuration device, and the configuration device can send the second information for the public network server device to the public network server device through the ecological network, thereby ensuring the security of the second information. The second information can be used by the public network server device to establish a secure connection with other devices. For example, the second information can be used to establish a secure connection between the public network server device and the client device.

第二信息可以包括以下中的一种或多种：操作证书、生态网络标识和节点标识。操作证书、生态网络标识和节点标识的相关内容可以参见前文的描述，为了简洁，此处不再赘述。The second information may include one or more of the following: an operation certificate, an ecological network identifier, and a node identifier. The relevant contents of the operation certificate, the ecological network identifier, and the node identifier can be found in the above description, and will not be repeated here for the sake of brevity.

在一些实施例中，生态网络标识和/或节点标识可用于对操作证书进行验证。在操作证书验证通过的情况下，公网服务器设备可以利用该操作证书与其他设备建立安全连接。In some embodiments, the ecological network identifier and/or the node identifier may be used to verify the operation certificate. If the operation certificate is verified, the public network server device may use the operation certificate to establish a secure connection with other devices.

在一些实施例中，服务端设备处于配置设备的生态网络中，配置设备可以通过生态网络向公网服务器设备发送针对公网服务器设备的第三信息，从而保证第三信息的安全性。该第三信息可用于公网服务器设备建立与其他设备之间的安全连接。例如，该第三信息可用于建立公网服务器设备与客户端设备之间的安全连接，或者该第三信息可用于建立公网服务器设备与服务端设备之间的安全连接。In some embodiments, the server device is in the ecological network of the configuration device, and the configuration device can send the third information for the public network server device to the public network server device through the ecological network, thereby ensuring the security of the third information. The third information can be used by the public network server device to establish a secure connection with other devices. For example, the third information can be used to establish a secure connection between the public network server device and the client device, or the third information can be used to establish a secure connection between the public network server device and the server device.

第三信息可以包括以下中的一种或多种：操作证书、生态网络标识和节点标识。操作证书、生态网络标识和节点标识的相关内容可以参见前文的描述，为了简洁，此处不再赘述。The third information may include one or more of the following: operation certificate, ecological network identifier and node identifier. The relevant contents of the operation certificate, ecological network identifier and node identifier can be found in the above description, and will not be repeated here for the sake of brevity.

在一些实施例中，公网服务器设备可以包括第一功能集群。该第一功能集群可以是一个新的功能集群。该第一功能集群可以包括服务端设备的公网地址信息。在一些实施例中，第一功能集群可以包括以下中的一种或多种：服务端设备的公网地址信息、服务端设备的生态网络标识和服务端设备的节点标识。例如，第一功能集群中包括服务端设备的公网地址信息。又例如，第一功能集群中包括服务端设备的公网地址信息和服务端设备的生态网络标识。又例如，第一功能集群中包括服务端设备的公网地址信息和服务端设备的节点标识。又例如，第一功能集群中包括服务端设备的公网地址信息、服务端设备的生态网络标识和服务端设备的节点标识。In some embodiments, the public network server device may include a first functional cluster. The first functional cluster may be a new functional cluster. The first functional cluster may include the public network address information of the server device. In some embodiments, the first functional cluster may include one or more of the following: the public network address information of the server device, the ecological network identifier of the server device, and the node identifier of the server device. For example, the first functional cluster includes the public network address information of the server device. For another example, the first functional cluster includes the public network address information of the server device and the ecological network identifier of the server device. For another example, the first functional cluster includes the public network address information of the server device and the node identifier of the server device. For another example, the first functional cluster includes the public network address information of the server device, the ecological network identifier of the server device, and the node identifier of the server device.

在一些实施例中，第一功能集群可以包括设备列表信息(或节点列表信息)。该设备列表信息中可以包括以下信息中的一种或多种：一个或多个服务端设备的公网地址信息、一个或多个服务端设备的生态网络标识、一个或多个服务端设备的节点标识。In some embodiments, the first functional cluster may include device list information (or node list information). The device list information may include one or more of the following information: public network address information of one or more server devices, ecological network identification of one or more server devices, and node identification of one or more server devices.

在一些实施例中，第一功能集群中还可以包括以下信息中的一种或多种：公网服务器设备的公网地址信息、公网服务器设备的生态网络标识、公网服务器设备的节点标识。In some embodiments, the first functional cluster may also include one or more of the following information: public network address information of the public network server device, an ecological network identifier of the public network server device, and a node identifier of the public network server device.

通过设置第一功能集群，使得其他设备可以安全地获取第一功能集群中的信息，保证第一功能集群中信息的安全性。例如，配置设备可以从第一功能集群中获取以下信息中的一种或多种：服务端设备的公网地址信息、服务端设备的生态网络标识和服务端设备的节点标识。又例如，配置设备可以从第一功能集群中获取以下信息中的一种或多种：公网服务器设备的公网地址信息、公网服务器设备的生态网络标识和公网服务器设备的节点标识。By setting the first functional cluster, other devices can safely obtain information in the first functional cluster, ensuring the security of information in the first functional cluster. For example, the configuration device can obtain one or more of the following information from the first functional cluster: the public network address information of the server device, the ecological network identifier of the server device, and the node identifier of the server device. For another example, the configuration device can obtain one or more of the following information from the first functional cluster: the public network address information of the public network server device, the ecological network identifier of the public network server device, and the node identifier of the public network server device.

在一些实施例中，配置设备在从第一功能集群中获取信息时，可以获取第一功能集群中的所有信息，也可以仅获取第一功能集群中的部分信息。例如，配置设备可以仅获取设备的公网地址信息。又例如，配置设备可以获取第一功能集群中部分服务端设备的相关信息。In some embodiments, when the configuration device obtains information from the first functional cluster, it may obtain all the information in the first functional cluster, or may only obtain part of the information in the first functional cluster. For example, the configuration device may only obtain the public network address information of the device. For another example, the configuration device may obtain relevant information of some server-side devices in the first functional cluster.

在一些实施例中，客户端设备可以从第一功能集群中获取服务端设备的公网地址信息。客户端设备可以获取第一功能集群中的所有服务端设备的公网地址信息，也可以获取第一功能集群中部分服务端设备的公网地址信息。In some embodiments, the client device may obtain the public network address information of the server device from the first functional cluster. The client device may obtain the public network address information of all server devices in the first functional cluster, or may obtain the public network address information of some server devices in the first functional cluster.

表1示出了第一功能集群的一种示例。Table 1 shows an example of the first functional cluster.

表1
Table 1

其中，节点列表(node list)可以包括一个或多个服务端设备的相关信息。NodeStruct可以包括以下信息中的一种或多种：node ID、fabric ID和IP地址字符串(address string)。node ID为服务端设备的node ID，fabric ID为服务端设备的fabric ID，IP address string可以包括公网服务器设备为服务端设备分配的公网地址和/或端口号。The node list may include relevant information of one or more server devices. NodeStruct may include one or more of the following information: node ID, fabric ID, and IP address string. The node ID is the node ID of the server device, the fabric ID is the fabric ID of the server device, and the IP address string may include the public network address and/or port number assigned by the public network server device to the server device.

在一些实施例中，第一功能集群中还可以包括第一指示信息，该第一指示信息用于指示公网地址信息的类型。公网地址信息的类型包括静态公网地址信息和动态公网地址信息。也就是说，第一指示信息可用于指示第一功能集群中的公网地址信息为静态公网地址信息还是动态公网地址信息。In some embodiments, the first functional cluster may further include first indication information, where the first indication information is used to indicate the type of the public network address information. The type of the public network address information includes static public network address information and dynamic public network address information. That is, the first indication information may be used to indicate whether the public network address information in the first functional cluster is static public network address information or dynamic public network address information.

在一些实施例中，第一指示信息可用于指示公网服务器设备的公网地址信息的类型，或者，也可用于指示服务端设备的公网地址信息的类型。In some embodiments, the first indication information may be used to indicate the type of public network address information of the public network server device, or may also be used to indicate the type of public network address information of the server device.

表2示出了第一功能集群的另一种示例。表2与表1的区别在于，增加了第一指示信息，即Static IP。Table 2 shows another example of the first functional cluster. The difference between Table 2 and Table 1 is that the first indication information, namely Static IP, is added.

表2
Table 2

如果静态IP(Static IP)为true，则表示公网IP地址(如服务端设备的公网IP地址)属于静态地址；如果Static IP为false，则表示公网IP地址(如服务端设备的公网IP地址)属于动态地址。If Static IP is true, it means that the public IP address (such as the public IP address of the server device) is a static address; if Static IP is false, it means that the public IP address (such as the public IP address of the server device) is a dynamic address.

在一些实施例中，根据第一指示信息指示的公网服务器的类型，可以调整客户端设备获取服务端设备的公网地址信息的方式。例如，如果第一指示信息指示服务端设备的公网地址信息为静态地址信息，则客户端设备可以从配置设备或公网服务器设备获取服务端设备的公网地址信息。又例如，如果第一指示信息指示服务端设备的公网地址信息为动态地址信息，则客户端设备可以从公网服务器设备获取服务端设备的公网地址信息。In some embodiments, the manner in which the client device obtains the public network address information of the server device can be adjusted according to the type of the public network server indicated by the first indication information. For example, if the first indication information indicates that the public network address information of the server device is static address information, the client device can obtain the public network address information of the server device from the configuration device or the public network server device. For another example, if the first indication information indicates that the public network address information of the server device is dynamic address information, the client device can obtain the public network address information of the server device from the public network server device.

由前文的描述可知，本申请实施例的方案不仅可以实现客户端设备与服务端设备之间的直接连接，还能保证通信过程的安全性。另外，在实现安全通信的过程中，可以复用现有的协议规范，可以降低实现的复杂度。As described above, the solution of the embodiment of the present application can not only realize the direct connection between the client device and the server device, but also ensure the security of the communication process. In addition, in the process of realizing secure communication, the existing protocol specifications can be reused, which can reduce the complexity of implementation.

为了便于理解，下面结合两个示例，对本申请实施例的方案进行详细介绍。需要说明的是，以下两个示例仅是为了便于理解，对本申请实施例进行的说明，不应对本申请实施例造成限定。For ease of understanding, the following two examples are combined to introduce the scheme of the embodiment of the present application in detail. It should be noted that the following two examples are only for ease of understanding, and the description of the embodiment of the present application should not limit the embodiment of the present application.

示例一描述的是客户端设备从公网服务器设备获取服务端设备的公网地址信息的方案，示例二描述的是客户端设备从配置设备获取服务端设备的公网地址信息的方案。Example 1 describes a solution in which a client device obtains the public network address information of a server device from a public network server device, and Example 2 describes a solution in which a client device obtains the public network address information of a server device from a configuration device.

示例一Example 1

图8示出了配置设备获取公网服务器设备的公网IP地址的流程。FIG. 8 shows a process of configuring a device to obtain a public network IP address of a public network server device.

参见图8，在步骤S810，运营商为公网服务器设备分配公网IP地址。公网服务器设备在开箱后，可以连接运营商网络，运营商网络可以为公网服务器设备分配公网IP地址。8, in step S810, the operator allocates a public IP address to the public network server device. After unpacking, the public network server device can be connected to the operator network, and the operator network can allocate a public IP address to the public network server device.

在步骤S820，配置设备将公网服务器设备配置到其生态中，并为公网服务器设备下发操作证书，与公网服务器设备建立本地安全连接。In step S820, the configuration device configures the public network server device into its ecosystem, issues an operation certificate to the public network server device, and establishes a local secure connection with the public network server device.

在步骤S830，公网服务器设备可以定义一个新的功能集群。该功能集群可用于存储公网服务器设备的公网IP地址信息。例如，公网服务器设备可以定义一个名为PublicIP的cluster，其属性为公网IPv6地址。该功能集群可以为表1所示的功能集群，也可以为表2所示的功能集群。In step S830, the public network server device may define a new functional cluster. The functional cluster may be used to store the public network IP address information of the public network server device. For example, the public network server device may define a cluster named PublicIP, whose attribute is the public network IPv6 address. The functional cluster may be the functional cluster shown in Table 1, or the functional cluster shown in Table 2.

在步骤S840，配置设备与公网服务器设备建立安全连接后，可以向公网服务器设备发送请求消息，该请求消息用于请求公网服务器设备的公网IP地址。In step S840, after the configuration device establishes a secure connection with the public network server device, it may send a request message to the public network server device, where the request message is used to request the public network IP address of the public network server device.

在步骤S850，公网服务器设备接收到配置设备发来的请求消息后，可以向配置设备发送公网服务器设备的公网IP地址。In step S850, after receiving the request message sent by the configuration device, the public network server device may send the public network IP address of the public network server device to the configuration device.

在步骤S860，配置设备存储公网服务器设备的公网IP地址与公网服务器设备的Fabric ID和公网服务器设备的Node ID之间的对应关系。In step S860, the configuration device stores the correspondence between the public IP address of the public network server device and the Fabric ID and Node ID of the public network server device.

图9示出了客户端设备从配置设备获取公网服务器设备的公网IP地址的流程。FIG. 9 shows a process of a client device acquiring a public network IP address of a public network server device from a configuration device.

参见图9，在步骤S910，配置设备将客户端设备配置到自己的生态中，并为客户端设备下发操作证书，与客户端设备建立本地安全连接。配置设备在配置客户端时，可以采用本地连接的方式。9, in step S910, the configuration device configures the client device into its own ecosystem, issues an operation certificate to the client device, and establishes a local secure connection with the client device. When configuring the client, the configuration device may use a local connection method.

在步骤S920，配置设备存储公网服务器设备的公网IP地址与公网服务器设备的Fabric ID和公网服务器设备的Node ID之间的对应关系。In step S920, the configuration device stores the correspondence between the public IP address of the public network server device and the Fabric ID and Node ID of the public network server device.

在步骤S930，客户端设备向配置设备发送请求消息，该请求消息用于请求公网服务器设备的相关信息。如该请求消息可用于请求获取以下信息中的一种或多种：公网服务器设备的公网IP地址、公网服务器设备的Fabric ID、公网服务器设备的Node ID。In step S930, the client device sends a request message to the configuration device, and the request message is used to request relevant information of the public network server device. For example, the request message can be used to request to obtain one or more of the following information: the public network IP address of the public network server device, the Fabric ID of the public network server device, and the Node ID of the public network server device.

在步骤S940，配置设备向客户端设备发送响应消息。该响应消息中可以包括以下信息中的一种或多种：公网服务器设备的公网IP地址、公网服务器设备的Fabric ID、公网服务器设备的Node ID。In step S940, the configuration device sends a response message to the client device. The response message may include one or more of the following information: the public network IP address of the public network server device, the Fabric ID of the public network server device, and the Node ID of the public network server device.

在步骤S950，客户端设备根据该响应消息，建立与公网服务器设备之间的连接。In step S950, the client device establishes a connection with the public network server device according to the response message.

图10示出了公网服务器设备为服务端设备分配公网IP地址的流程。图10与图2之间的区别在于，图10中增加了公网服务器设备为服务端设备分配公网IP地址的步骤。图10中未详细描述的内容可以参见图2的描述。Figure 10 shows a process of allocating a public IP address to a server device by a public network server device. The difference between Figure 10 and Figure 2 is that Figure 10 adds a step of allocating a public IP address to a server device by a public network server device. For contents not described in detail in Figure 10, please refer to the description of Figure 2.

参见图10，在步骤S1010，配置设备可以与公网服务器设备建立连接，公网服务器设备可以为配置设备分配IP地址。Referring to FIG. 10 , in step S1010 , the configuration device may establish a connection with a public network server device, and the public network server device may allocate an IP address to the configuration device.

在步骤S1020，配置设备可以将服务端设备配置到自己的生态网络中，通过该生态网络向服务端设备下发操作证书，并配置服务端设备入网。In step S1020, the configuration device may configure the server device into its own ecological network, issue an operation certificate to the server device through the ecological network, and configure the server device to access the network.

在步骤S1030，服务端设备与公网服务器设备建立连接。在一些实施例中，公网服务器设备可以为服务器设备分配IP地址。In step S1030, the server device establishes a connection with the public network server device. In some embodiments, the public network server device can allocate an IP address to the server device.

在步骤S1040，公网服务器设备可以为服务端设备分配公网IP地址，并将服务端设备的公网IP地址、服务端设备的Fabric ID和服务端设备的Node ID存储到相关的功能集群中。In step S1040, the public network server device can allocate a public network IP address to the server device, and store the public network IP address of the server device, the Fabric ID of the server device, and the Node ID of the server device in the relevant functional cluster.

在步骤S1050，配置设备与服务端设备建立基于IP地址的连接。在一些实现方式中，配置设备还可以与服务端设备建立本地安全会话通道。In step S1050, the configuration device establishes a connection with the server device based on the IP address. In some implementations, the configuration device may also establish a local secure session channel with the server device.

图11示出了客户端设备与服务端设备建立连接的流程。FIG. 11 shows a process of establishing a connection between a client device and a server device.

参见图11，在步骤S1110，客户端设备可以根据用户的意图，基于公网服务器设备的公网IP地址，与公网服务器设备建立连接。Referring to FIG. 11 , in step S1110 , the client device may establish a connection with the public network server device based on the public network IP address of the public network server device according to the user's intention.

在步骤S1120，客户端设备与公网服务器设备基于操作证书建立安全连接。由于客户端设备和公网服务器设备都是由相同的生态(配置设备的生态)下发的操作证书，且都被分配了Fabric ID和Node ID，客户端设备与公网服务器设备可以通过Fabric ID和Node ID校验操作证书的身份。另外，客户端设备与公网服务器设备可以基于sigma协议，进行密钥交换和共享密钥协商，从而建立安全连接。In step S1120, the client device and the public network server device establish a secure connection based on the operation certificate. Since both the client device and the public network server device are issued by the same ecosystem (the ecosystem of the configuration device) with operation certificates, and are assigned Fabric ID and Node ID, the client device and the public network server device can verify the identity of the operation certificate through Fabric ID and Node ID. In addition, the client device and the public network server device can perform key exchange and shared key negotiation based on the sigma protocol to establish a secure connection.

在步骤S1130，客户端设备可以在该安全连接的基础上，向公网服务器设备发送请求消息。该请求消息用于请求获取服务端设备的公网IP地址信息。例如，客户端设备可以获取公网服务器设备对应的功能集群中的nodelist属性信息，从而获取与公网服务器设备连接的设备的公网IP地址信息。In step S1130, the client device may send a request message to the public network server device based on the secure connection. The request message is used to request to obtain the public network IP address information of the server device. For example, the client device may obtain the nodelist attribute information in the functional cluster corresponding to the public network server device, thereby obtaining the public network IP address information of the device connected to the public network server device.

在步骤S1140，公网服务器设备基于客户端设备发送的请求消息，向客户端设备发送响应消息。该响应消息中包括服务端设备的公网IP地址。In step S1140, the public network server device sends a response message to the client device based on the request message sent by the client device. The response message includes the public network IP address of the server device.

在步骤S1150，客户端设备基于服务端设备的公网IP地址，与服务端设备建立连接。In step S1150, the client device establishes a connection with the server device based on the public IP address of the server device.

由于客户端设备和服务端设备都是由相同的生态(配置设备的生态)下发的操作证书，且都被分配了Fabric ID和Node ID，客户端设备与服务端设备可以通过Fabric ID和Node ID校验操作证书的身份。另外，客户端设备与服务端设备可以基于sigma协议，进行密钥交换和共享密钥协商，从而建立安全连接。Since both the client device and the server device have operation certificates issued by the same ecosystem (the ecosystem of the configuration device) and are assigned Fabric ID and Node ID, the client device and the server device can verify the identity of the operation certificate through Fabric ID and Node ID. In addition, the client device and the server device can perform key exchange and shared key negotiation based on the sigma protocol to establish a secure connection.

在步骤S1160，客户端设备与服务端设备建立连接后，可以访问服务端设备。如客户端设备可以对服务端设备进行控制。In step S1160, after the client device establishes a connection with the server device, the client device can access the server device, for example, the client device can control the server device.

示例二Example 2

图12示出了配置设备从公网服务器设备获取服务端设备的公网IP地址的流程。FIG. 12 shows a process of configuring a device to obtain a public IP address of a server device from a public network server device.

在步骤S1210，运营商为公网服务器设备分配公网IP地址。公网服务器设备在开箱后，可以连接运营商网络，运营商网络可以为公网服务器设备分配公网IP地址。In step S1210, the operator allocates a public IP address to the public network server device. After unpacking, the public network server device can be connected to the operator network, and the operator network can allocate a public IP address to the public network server device.

在步骤S1220，配置设备将公网服务器设备配置到其生态中，并为公网服务器设备下发操作证书，与公网服务器设备建立本地安全连接。In step S1220, the configuration device configures the public network server device into its ecosystem, issues an operation certificate to the public network server device, and establishes a local secure connection with the public network server device.

在步骤S1230，配置设备向公网服务器设备发送请求消息，该请求消息用于请求获取功能集群上的服务端设备的公网IP地址列表信息。In step S1230, the configuration device sends a request message to the public network server device, where the request message is used to request to obtain public network IP address list information of the server-side devices on the functional cluster.

在步骤S1240，公网服务器设备向配置设备发送响应消息，该响应消息包括一个或多个服务端设备的公网IP地址信息。该服务端设备可以为与公网服务器设备连接的设备。In step S1240, the public network server device sends a response message to the configuration device, and the response message includes public network IP address information of one or more server devices. The server device may be a device connected to the public network server device.

在步骤S1250，配置设备存储服务端设备的公网IP地址、服务端设备的Fabric ID和服务端设备的Node ID之间的对应关系。In step S1250, configure the correspondence between the public IP address of the device storage service client device, the Fabric ID of the server device, and the Node ID of the server device.

配置设备在获取到服务端设备的公网IP地址后，可以向客户端设备发送服务端设备的公网IP地址。After the configuration device obtains the public IP address of the server device, it can send the public IP address of the server device to the client device.

图13示出了客户端设备与服务端设备建立连接的流程。FIG. 13 shows a process of establishing a connection between a client device and a server device.

参见图13，在步骤S1310，客户端设备与服务端设备建立连接。 Referring to FIG. 13 , in step S1310 , the client device establishes a connection with the server device.

在步骤S1320，客户端设备与服务端设备建立连接后，可以访问服务端设备。如客户端设备可以对服务端设备进行控制。In step S1320, after the client device establishes a connection with the server device, the client device can access the server device, for example, the client device can control the server device.

上文结合图1至图13，详细描述了本申请的方法实施例，下面结合图14至图18，详细描述本申请的装置实施例。应理解，方法实施例的描述与装置实施例的描述相互对应，因此，未详细描述的部分可以参见前面方法实施例。The method embodiment of the present application is described in detail above in conjunction with Figures 1 to 13, and the device embodiment of the present application is described in detail below in conjunction with Figures 14 to 18. It should be understood that the description of the method embodiment corresponds to the description of the device embodiment, so the part not described in detail can refer to the previous method embodiment.

图14是本申请实施例提供的一种客户端设备的示意性框图。图14所示的客户端设备1400可以为上文描述的任意一种客户端设备。该客户端设备1400可以包括建立单元1410。Fig. 14 is a schematic block diagram of a client device provided in an embodiment of the present application. The client device 1400 shown in Fig. 14 can be any of the client devices described above. The client device 1400 can include an establishing unit 1410.

建立单元1410，用于基于公网地址信息，与服务端设备建立连接，所述公网地址信息包括所述客户端设备的公网地址信息和/或所述服务端设备的公网地址信息。The establishing unit 1410 is used to establish a connection with the server device based on the public network address information, where the public network address information includes the public network address information of the client device and/or the public network address information of the server device.

在一些实施例中，所述服务端设备的公网地址信息由公网服务器设备配置。In some embodiments, the public network address information of the server device is configured by a public network server device.

在一些实施例中，所述服务端设备的公网地址信息基于所述公网服务器设备的公网地址生成。In some embodiments, the public network address information of the server device is generated based on the public network address of the public network server device.

在一些实施例中，所述客户端设备还包括：获取单元，用于从所述公网服务器设备获取所述服务端设备的公网地址信息。In some embodiments, the client device further includes: an acquisition unit, configured to acquire the public network address information of the server device from the public network server device.

在一些实施例中，在所述客户端设备从所述公网服务器设备获取所述服务端设备的公网地址信息之前，所述获取单元还用于：从配置设备获取所述公网服务器设备的公网地址信息；所述建立单元还用于：基于所述公网服务器设备的公网地址信息，建立与所述公网服务器设备的连接。In some embodiments, before the client device obtains the public network address information of the server device from the public network server device, the acquisition unit is also used to: obtain the public network address information of the public network server device from the configuration device; the establishment unit is also used to: establish a connection with the public network server device based on the public network address information of the public network server device.

在一些实施例中，所述客户端设备还包括：获取单元，用于从配置设备获取所述服务端设备的公网地址信息。In some embodiments, the client device further includes: an acquisition unit, configured to acquire the public network address information of the server device from a configuration device.

在一些实施例中，所述服务端设备的公网地址信息由所述配置设备从所述公网服务器设备获取。In some embodiments, the public network address information of the server device is obtained by the configuration device from the public network server device.

在一些实施例中，所述客户端设备处于配置设备的生态网络中，所述客户端设备还包括：接收单元，用于接收所述配置设备通过所述生态网络发送的针对所述客户端设备的第一信息，所述第一信息用于建立所述客户端设备与所述公网服务器设备之间的安全连接，或所述第一信息用于建立所述客户端设备与所述服务端设备之间的安全连接；其中，所述第一信息包括以下中的一种或多种：操作证书、生态网络标识和节点标识。In some embodiments, the client device is in an ecological network of a configuration device, and the client device further includes: a receiving unit, for receiving first information for the client device sent by the configuration device through the ecological network, the first information being used to establish a secure connection between the client device and the public network server device, or the first information being used to establish a secure connection between the client device and the server device; wherein the first information includes one or more of the following: an operation certificate, an ecological network identifier, and a node identifier.

在一些实施例中，所述服务端设备的公网地址信息包含在公网服务器设备的第一功能集群中。In some embodiments, the public network address information of the server device is included in a first functional cluster of public network server devices.

在一些实施例中，所述第一功能集群中还包括以下中的一种或多种：所述服务端设备的生态网络标识、所述服务端设备的节点标识。In some embodiments, the first functional cluster further includes one or more of the following: an ecological network identifier of the server-side device and a node identifier of the server-side device.

在一些实施例中，所述第一功能集群包括设备列表信息，所述设备列表信息中包括以下信息中的一种或多种：一个或多个服务端设备的公网地址信息、一个或多个服务端设备的生态网络标识、一个或多个服务端设备的节点标识。In some embodiments, the first functional cluster includes device list information, and the device list information includes one or more of the following information: public network address information of one or more server devices, ecological network identifiers of one or more server devices, and node identifiers of one or more server devices.

在一些实施例中，所述第一功能集群中还包括第一指示信息，所述第一指示信息用于指示所述服务端设备的公网地址信息的类型，所述公网地址信息的类型包括静态公网地址信息和动态公网地址信息。In some embodiments, the first functional cluster also includes first indication information, and the first indication information is used to indicate the type of public network address information of the server device, and the type of the public network address information includes static public network address information and dynamic public network address information.

在一些实施例中，所述第一功能集群中还包括以下信息中的一种或多种：所述公网服务器设备的公网地址信息、所述公网服务器设备的生态网络标识和所述公网服务器设备的节点标识。In some embodiments, the first functional cluster also includes one or more of the following information: public network address information of the public network server device, an ecological network identifier of the public network server device, and a node identifier of the public network server device.

图15是本申请实施例提供的一种配置设备的示意性框图。图15所示的配置设备1500可以为上文描述的任意一种配置设备。该配置设备1500可以包括发送单元1510。FIG15 is a schematic block diagram of a configuration device provided in an embodiment of the present application. The configuration device 1500 shown in FIG15 may be any of the configuration devices described above. The configuration device 1500 may include a sending unit 1510 .

发送单元1510，用于向客户端设备发送服务端设备的公网地址信息，所述服务端设备的公网地址信息用于建立所述客户端设备和所述服务端设备之间的连接。The sending unit 1510 is used to send the public network address information of the server device to the client device, and the public network address information of the server device is used to establish a connection between the client device and the server device.

在一些实施例中，所述配置设备还包括：获取单元，用于从所述公网服务器设备获取所述服务端设备的公网地址信息。In some embodiments, the configuration device further includes: an acquisition unit, configured to acquire the public network address information of the server device from the public network server device.

在一些实施例中，所述客户端设备处于所述配置设备的生态网络中，所述配置设备还包括：发送单元，用于通过所述生态网络向所述客户端设备发送针对所述客户端设备的第一信息，所述第一信息用于建立所述客户端设备与所述服务端设备之间的安全连接，或所述第一信息用于建立所述客户端设备与公网服务器设备之间的安全连接；其中，所述第一信息包括以下中的一种或多种：操作证书、生态网络标识和节点标识。 In some embodiments, the client device is in the ecological network of the configuration device, and the configuration device also includes: a sending unit, used to send first information for the client device to the client device through the ecological network, the first information is used to establish a secure connection between the client device and the server device, or the first information is used to establish a secure connection between the client device and a public network server device; wherein the first information includes one or more of the following: an operation certificate, an ecological network identifier, and a node identifier.

在一些实施例中，所述公网服务器设备处于所述配置设备的生态网络中，所述配置设备还包括：发送单元，用于通过所述生态网络向所述公网服务器设备发送针对所述公网服务器设备的第二信息，所述第二信息用于建立所述公网服务器设备与所述客户端设备之间的安全连接；其中，所述第二信息包括以下中的一种或多种：操作证书、生态网络标识和节点标识。In some embodiments, the public network server device is in the ecological network of the configuration device, and the configuration device also includes: a sending unit, used to send second information for the public network server device to the public network server device through the ecological network, and the second information is used to establish a secure connection between the public network server device and the client device; wherein the second information includes one or more of the following: an operation certificate, an ecological network identifier, and a node identifier.

在一些实施例中，所述服务端设备处于所述配置设备的生态网络中，所述配置设备还包括：发送单元，用于通过所述生态网络向所述服务端设备发送针对所述服务端设备的第三信息，所述第三信息用于建立所述服务端设备与所述客户端设备之间的安全连接；其中，所述第三信息包括以下中的一种或多种：操作证书、生态网络标识和节点标识。In some embodiments, the server device is in the ecological network of the configuration device, and the configuration device also includes: a sending unit, used to send third information for the server device to the server device through the ecological network, and the third information is used to establish a secure connection between the server device and the client device; wherein the third information includes one or more of the following: an operation certificate, an ecological network identifier, and a node identifier.

在一些实施例中，所述配置设备还包括：发送单元，用于向所述客户端设备发送公网服务器设备的公网地址信息，所述公网服务器设备的公网地址信息用于建立所述公网服务器设备与所述客户端设备之间的连接。In some embodiments, the configuration device further includes: a sending unit, configured to send public network address information of a public network server device to the client device, wherein the public network address information of the public network server device is used to establish a connection between the public network server device and the client device.

在一些实施例中，所述第一功能集群中还包括第一指示信息，所述第一指示信息用于指示所述服务端设备中的公网地址信息的类型，所述公网地址信息的类型包括静态公网地址信息和动态公网地址信息。In some embodiments, the first functional cluster also includes first indication information, and the first indication information is used to indicate the type of public network address information in the server device, and the type of public network address information includes static public network address information and dynamic public network address information.

图16是本申请实施例提供的一种公网服务器设备的示意性框图。图16所示的公网服务器设备1600可以为上文描述的任意一种公网服务器设备。该公网服务器设备1600可以包括发送单元1610。FIG16 is a schematic block diagram of a public network server device provided in an embodiment of the present application. The public network server device 1600 shown in FIG16 can be any of the public network server devices described above. The public network server device 1600 can include a sending unit 1610.

发送单元1610，用于发送服务端设备的公网地址信息，所述服务端设备的公网地址信息用于建立所述客户端设备和所述服务端设备之间的连接。The sending unit 1610 is used to send the public network address information of the server device, and the public network address information of the server device is used to establish a connection between the client device and the server device.

在一些实施例中，所述服务端设备的公网地址信息由所述公网服务器设备配置。In some embodiments, the public network address information of the server device is configured by the public network server device.

在一些实施例中，所述发送单元用于：向所述客户端设备发送所述服务端设备的公网地址信息。In some embodiments, the sending unit is used to: send the public network address information of the server device to the client device.

在一些实施例中，所述发送单元还用于：向配置设备发送所述公网服务器设备的公网地址信息，所述公网服务器设备的公网地址信息用于建立所述公网服务器设备与所述客户端设备之间的连接。In some embodiments, the sending unit is further used to: send public network address information of the public network server device to the configuration device, and the public network address information of the public network server device is used to establish a connection between the public network server device and the client device.

在一些实施例中，所述公网服务器设备处于所述配置设备的生态网络中，所述公网服务器设备还包括：接收单元，用于接收所述配置设备通过所述生态网络发送的针对所述公网服务器设备的第二信息，所述第二信息用于建立所述公网服务器设备与所述客户端设备之间的安全连接；其中，所述第二信息包括以下中的一种或多种：操作证书、生态网络标识和节点标识。In some embodiments, the public network server device is in the ecological network of the configuration device, and the public network server device also includes: a receiving unit, used to receive second information for the public network server device sent by the configuration device through the ecological network, and the second information is used to establish a secure connection between the public network server device and the client device; wherein the second information includes one or more of the following: an operation certificate, an ecological network identifier, and a node identifier.

在一些实施例中，所述发送单元用于：向配置设备发送所述服务端设备的公网地址信息。In some embodiments, the sending unit is used to: send the public network address information of the server device to the configuration device.

在一些实施例中，所述服务端设备的公网地址信息包含在所述公网服务器设备的第一功能集群中。In some embodiments, the public network address information of the server device is included in the first functional cluster of the public network server device.

图17是本申请实施例提供的一种服务端设备的示意性框图。图17所示的服务端设备1700可以为上文描述的任意一种服务端设备。该服务端设备1700可以包括建立单元1710。FIG17 is a schematic block diagram of a server device provided in an embodiment of the present application. The server device 1700 shown in FIG17 can be any server device described above. The server device 1700 can include an establishing unit 1710.

建立单元1710，用于基于公网地址信息，与客户端设备建立连接，所述公网地址信息包括所述客户端设备的公网地址信息和/或所述服务端设备的公网地址信息。 The establishing unit 1710 is used to establish a connection with the client device based on the public network address information, where the public network address information includes the public network address information of the client device and/or the public network address information of the server device.

在一些实施例中，所述服务端设备处于配置设备的生态网络中，所述服务端设备还包括：接收单元，用于接收所述配置设备通过所述生态网络发送的针对所述服务端设备的第三信息，所述第三信息用于建立所述服务端设备与所述客户端设备之间的安全连接；其中，所述第三信息包括以下中的一种或多种：操作证书、生态网络标识和节点标识。In some embodiments, the server device is in the ecological network of the configuration device, and the server device also includes: a receiving unit, used to receive third information for the server device sent by the configuration device through the ecological network, and the third information is used to establish a secure connection between the server device and the client device; wherein the third information includes one or more of the following: an operation certificate, an ecological network identifier, and a node identifier.

图18是本申请实施例的通信装置的示意性结构图。图18中的虚线表示该单元或模块为可选的。该装置1800可用于实现上述方法实施例中描述的方法。装置1800可以是芯片、客户端设备、服务端设备、配置设备或公网服务器设备。FIG18 is a schematic structural diagram of a communication device according to an embodiment of the present application. The dotted lines in FIG18 indicate that the unit or module is optional. The device 1800 may be used to implement the method described in the above method embodiment. The device 1800 may be a chip, a client device, a server device, a configuration device, or a public network server device.

装置1800可以包括一个或多个处理器1810。该处理器1810可支持装置1800实现前文方法实施例所描述的方法。该处理器1810可以是通用处理器或者专用处理器。例如，该处理器可以为中央处理单元(central processing unit，CPU)。或者，该处理器还可以是其他通用处理器、数字信号处理器(digital signal processor，DSP)、专用集成电路(application specific integrated circuit，ASIC)、现成可编程门阵列(field programmable gate array，FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。The device 1800 may include one or more processors 1810. The processor 1810 may support the device 1800 to implement the method described in the above method embodiment. The processor 1810 may be a general-purpose processor or a special-purpose processor. For example, the processor may be a central processing unit (CPU). Alternatively, the processor may also be other general-purpose processors, digital signal processors (DSP), application specific integrated circuits (ASIC), field programmable gate arrays (FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. A general-purpose processor may be a microprocessor or the processor may also be any conventional processor, etc.

装置1800还可以包括一个或多个存储器1820。存储器1820上存储有程序，该程序可以被处理器1810执行，使得处理器1810执行前文方法实施例所描述的方法。存储器1820可以独立于处理器1810也可以集成在处理器1810中。The apparatus 1800 may further include one or more memories 1820. The memory 1820 stores a program, which can be executed by the processor 1810, so that the processor 1810 executes the method described in the above method embodiment. The memory 1820 may be independent of the processor 1810 or integrated in the processor 1810.

装置1800还可以包括收发器1830。处理器1810可以通过收发器1830与其他设备或芯片进行通信。例如，处理器1810可以通过收发器1830与其他设备或芯片进行数据收发。The apparatus 1800 may further include a transceiver 1830. The processor 1810 may communicate with other devices or chips through the transceiver 1830. For example, the processor 1810 may transmit and receive data with other devices or chips through the transceiver 1830.

本申请实施例还提供一种计算机可读存储介质，用于存储程序。该计算机可读存储介质可应用于本申请实施例提供的设备中，并且该程序使得计算机执行本申请各个实施例中的由设备执行的方法。The embodiment of the present application also provides a computer-readable storage medium for storing a program. The computer-readable storage medium can be applied to the device provided in the embodiment of the present application, and the program enables a computer to execute the method executed by the device in each embodiment of the present application.

本申请实施例还提供一种计算机程序产品。该计算机程序产品包括程序。该计算机程序产品可应用于本申请实施例提供的设备中，并且该程序使得计算机执行本申请各个实施例中的由设备执行的方法。The embodiment of the present application also provides a computer program product. The computer program product includes a program. The computer program product can be applied to the device provided in the embodiment of the present application, and the program enables the computer to execute the method executed by the device in each embodiment of the present application.

本申请实施例还提供一种计算机程序。该计算机程序可应用于本申请实施例提供的设备中，并且该计算机程序使得计算机执行本申请各个实施例中的由设备执行的方法。The embodiments of the present application also provide a computer program. The computer program can be applied to the device provided in the embodiments of the present application, and the computer program enables a computer to execute the method executed by the device in each embodiment of the present application.

应理解，本申请中术语“系统”和“网络”可以被可互换使用。另外，本申请使用的术语仅用于对本申请的具体实施例进行解释，而非旨在限定本申请。本申请的说明书和权利要求书及所述附图中的术语“第一”、“第二”、“第三”和“第四”等是用于区别不同对象，而不是用于描述特定顺序。此外，术语“包括”和“具有”以及它们任何变形，意图在于覆盖不排他的包含。It should be understood that the terms "system" and "network" in this application can be used interchangeably. In addition, the terms used in this application are only used to explain the specific embodiments of the present application, and are not intended to limit the present application. The terms "first", "second", "third" and "fourth" in the specification and claims of this application and the accompanying drawings are used to distinguish different objects, rather than to describe a specific order. In addition, the terms "including" and "having" and any of their variations are intended to cover non-exclusive inclusions.

在本申请的实施例中，提到的“指示”可以是直接指示，也可以是间接指示，还可以是表示具有关联关系。举例说明，A指示B，可以表示A直接指示B，例如B可以通过A获取；也可以表示A间接指示B，例如A指示C，B可以通过C获取；还可以表示A和B之间具有关联关系。In the embodiments of the present application, the "indication" mentioned can be a direct indication, an indirect indication, or an indication of an association relationship. For example, A indicates B, which can mean that A directly indicates B, for example, B can be obtained through A; it can also mean that A indirectly indicates B, for example, A indicates C, B can be obtained through C; it can also mean that there is an association relationship between A and B.

在本申请实施例中，“与A相应的B”表示B与A相关联，根据A可以确定B。但还应理解，根据A确定B并不意味着仅仅根据A确定B，还可以根据A和/或其它信息确定B。In the embodiment of the present application, "B corresponding to A" means that B is associated with A, and B can be determined according to A. However, it should be understood that determining B according to A does not mean determining B only according to A, and B can also be determined according to A and/or other information.

在本申请实施例中，术语“对应”可表示两者之间具有直接对应或间接对应的关系，也可以表示两者之间具有关联关系，也可以是指示与被指示、配置与被配置等关系。In the embodiments of the present application, the term "corresponding" may indicate that there is a direct or indirect correspondence between the two, or an association relationship between the two, or a relationship of indication and being indicated, configuration and being configured, etc.

本申请实施例中，“预定义”或“预配置”可以通过在设备(例如，包括客户端设备、配置设备、服务端设备和公网服务器设备)中预先保存相应的代码、表格或其他可用于指示相关信息的方式来实现，本申请对于其具体的实现方式不做限定。比如预定义可以是指协议中定义的。In the embodiments of the present application, "pre-definition" or "pre-configuration" can be implemented by pre-saving corresponding codes, tables or other methods that can be used to indicate relevant information in devices (for example, including client devices, configuration devices, server devices and public network server devices), and the present application does not limit the specific implementation method. For example, pre-definition can refer to what is defined in the protocol.

本申请实施例中，所述“协议”可以指通信领域的标准协议，例如可以包括LTE协议、NR协议以及应用于未来的通信系统中的相关协议，本申请对此不做限定。In the embodiments of the present application, the “protocol” may refer to a standard protocol in the communication field, for example, it may include an LTE protocol, an NR protocol, and related protocols used in future communication systems, and the present application does not limit this.

本申请实施例中术语“和/或”，仅仅是一种描述关联对象的关联关系，表示可以存在三种关系，例如，A和/或B，可以表示：单独存在A，同时存在A和B，单独存在B这三种情况。另外，本文中字符“/”，一般表示前后关联对象是一种“或”的关系。In the embodiments of the present application, the term "and/or" is only a description of the association relationship of the associated objects, indicating that there can be three relationships. For example, A and/or B can represent: A exists alone, A and B exist at the same time, and B exists alone. In addition, the character "/" in this article generally indicates that the associated objects before and after are in an "or" relationship.

在本申请的各种实施例中，上述各过程的序号的大小并不意味着执行顺序的先后，各过程的执行顺序应以其功能和内在逻辑确定，而不应对本申请实施例的实施过程构成任何限定。In various embodiments of the present application, the size of the serial numbers of the above-mentioned processes does not mean the order of execution. The execution order of each process should be determined by its function and internal logic, and should not constitute any limitation on the implementation process of the embodiments of the present application.

在本申请所提供的几个实施例中，应该理解到，所揭露的系统、装置和方法，可以通过其它的方式实现。例如，以上所描述的装置实施例仅仅是示意性的，例如，所述单元的划分，仅仅为一种逻辑功能划分，实际实现时可以有另外的划分方式，例如多个单元或组件可以结合或者可以集成到另一个系统，或一些特征可以忽略，或不执行。另一点，所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口，装置或单元的间接耦合或通信连接，可以是电性，机械或其它的形式。In the several embodiments provided in the present application, it should be understood that the disclosed systems, devices and methods can be implemented in other ways. For example, the device embodiments described above are only schematic. For example, the division of the units is only a logical function division. There may be other division methods in actual implementation, such as multiple units or components can be combined or integrated into another system, or some features can be ignored or not executed. Another point is that the mutual coupling or direct coupling or communication connection shown or discussed can be through some interfaces, indirect coupling or communication connection of devices or units, which can be electrical, mechanical or other forms.

所述作为分离部件说明的单元可以是或者也可以不是物理上分开的，作为单元显示的部件可以是或者也可以不是物理单元，即可以位于一个地方，或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is, they may be located in one place or distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.

另外，在本申请各个实施例中的各功能单元可以集成在一个处理单元中，也可以是各个单元单独物理存在，也可以两个或两个以上单元集成在一个单元中。In addition, each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.

在上述实施例中，可以全部或部分地通过软件、硬件、固件或者其任意组合来实现。当使用软件实现时，可以全部或部分地以计算机程序产品的形式实现。所述计算机程序产品包括一个或多个计算机指令。在计算机上加载和执行所述计算机程序指令时，全部或部分地产生按照本申请实施例所述的流程或功能。所述计算机可以是通用计算机、专用计算机、计算机网络、或者其他可编程装置。所述计算机指令可以存储在计算机可读存储介质中，或者从一个计算机可读存储介质向另一个计算机可读存储介质传输，例如，所述计算机指令可以从一个网站站点、计算机、服务器或数据中心通过有线(例如同轴电缆、光纤、数字用户线(digital subscriber line，DSL))或无线(例如红外、无线、微波等)方式向另一个网站站点、计算机、服务器或数据中心进行传输。所述计算机可读存储介质可以是计算机能够读取的任何可用介质或者是包含一个或多个可用介质集成的服务器、数据中心等数据存储设备。所述可用介质可以是磁性介质，(例如，软盘、硬盘、磁带)、光介质(例如，数字通用光盘(digital video disc，DVD))或者半导体介质(例如，固态硬盘(solid state disk，SSD))等。In the above embodiments, it can be implemented in whole or in part by software, hardware, firmware or any combination thereof. When implemented by software, it can be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on a computer, the process or function described in the embodiment of the present application is generated in whole or in part. The computer can be a general-purpose computer, a special-purpose computer, a computer network, or other programmable device. The computer instructions can be stored in a computer-readable storage medium, or transmitted from one computer-readable storage medium to another computer-readable storage medium. For example, the computer instructions can be transmitted from a website site, computer, server or data center by wired (e.g., coaxial cable, optical fiber, digital subscriber line (digital subscriber line, DSL)) or wireless (e.g., infrared, wireless, microwave, etc.) mode to another website site, computer, server or data center. The computer-readable storage medium can be any available medium that can be read by a computer or a data storage device such as a server or data center that includes one or more available media integrated. The available medium may be a magnetic medium (e.g., a floppy disk, a hard disk, a magnetic tape), an optical medium (e.g., a digital video disc (DVD)), or a semiconductor medium (e.g., a solid state disk (SSD)), etc.

以上所述，仅为本申请的具体实施方式，但本申请的保护范围并不局限于此，任何熟悉本技术领域的技术人员在本申请揭露的技术范围内，可轻易想到变化或替换，都应涵盖在本申请的保护范围之内。因此，本申请的保护范围应以所述权利要求的保护范围为准。 The above is only a specific implementation of the present application, but the protection scope of the present application is not limited thereto. Any person skilled in the art who is familiar with the present technical field can easily think of changes or substitutions within the technical scope disclosed in the present application, which should be included in the protection scope of the present application. Therefore, the protection scope of the present application should be based on the protection scope of the claims.

Claims

A method for establishing a connection, characterized by comprising:

The client device establishes a connection with the server device based on the public network address information, where the public network address information includes the public network address information of the client device and/or the public network address information of the server device.

The method according to claim 1 is characterized in that the public network address information of the server device is configured by a public network server device.

The method according to claim 1 is characterized in that the public network address information of the server-side device is generated based on the public network address of the public network server device.

The method according to any one of claims 1 to 3, characterized in that the method further comprises:

The client device obtains the public network address information of the server device from the public network server device.

The method according to claim 4 is characterized in that before the client device obtains the public network address information of the server device from the public network server device, the method further comprises:

The client device obtains the public network address information of the public network server device from the configuration device;

The client device establishes a connection with the public network server device based on the public network address information of the public network server device.

The client device obtains the public network address information of the server device from the configuration device.

The method according to claim 6 is characterized in that the public network address information of the server device is obtained by the configuration device from the public network server device.

The method according to any one of claims 1 to 7, wherein the client device is in an ecological network of a configuration device, and the method further comprises:

The client device receives first information sent by the configuration device, where the first information is used to establish a secure connection between the client device and the public network server device, or the first information is used to establish a secure connection between the client device and the server device;

The first information includes one or more of the following: an operation certificate, an ecological network identifier, and a node identifier.

The method according to any one of claims 1-8 is characterized in that the public network address information of the server-side device is included in the first functional cluster of the public network server device.

The method according to claim 9 is characterized in that the first functional cluster also includes one or more of the following: an ecological network identifier of the server-side device and a node identifier of the server-side device.

The method according to claim 9 or 10 is characterized in that the first functional cluster also includes first indication information, and the first indication information is used to indicate the type of public network address information of the server device, and the type of public network address information includes static public network address information and dynamic public network address information.

A method for establishing a connection, characterized by comprising:

The configuration device sends the public network address information of the server device to the client device, and the public network address information of the server device is used to establish a connection between the client device and the server device.

The method according to claim 12 is characterized in that the public network address information of the server device is configured by a public network server device.

The method according to claim 13, characterized in that the method further comprises:

The configuration device obtains the public network address information of the server device from the public network server device.

The method according to claim 12 is characterized in that the public network address information of the server-side device is generated based on the public network address of the public network server device.

The method according to any one of claims 12 to 15, wherein the client device is in an ecological network of the configuration device, and the method further comprises:

The configuration device sends first information for the client device to the client device through the ecological network, where the first information is used to establish a secure connection between the client device and the server device, or the first information is used to establish a secure connection between the client device and a public network server device;

The method according to any one of claims 12 to 16, characterized in that the public network server device is in the ecological network of the configuration device, and the method further comprises:

The configuration device sends second information for the public network server device to the public network server device through the ecological network, where the second information is used to establish a secure connection between the public network server device and the client device;

The second information includes one or more of the following: an operation certificate, an ecological network identifier, and a node identifier.

The method according to any one of claims 12 to 17, wherein the server device is in an ecological network of the configuration device, and the method further comprises:

The configuration device sends third information for the server device to the server device through the ecological network, where the third information is used to establish a secure connection between the server device and the client device;

The third information includes one or more of the following: an operation certificate, an ecological network identifier, and a node identifier.

The method according to any one of claims 12 to 18, characterized in that the method further comprises:

The configuration device sends public network address information of a public network server device to the client device, and the public network address information of the public network server device is used to establish a connection between the public network server device and the client device.

The method according to any one of claims 12-19 is characterized in that the public network address information of the server-side device is contained in a first functional cluster of the public network server device.

The method according to claim 20 is characterized in that the first functional cluster also includes one or more of the following: an ecological network identifier of the server-side device and a node identifier of the server-side device.

The method according to claim 20 or 21 is characterized in that the first functional cluster also includes first indication information, and the first indication information is used to indicate the type of public network address information in the server-side device, and the type of public network address information includes static public network address information and dynamic public network address information.

A method for establishing a connection, characterized by comprising:

The public network server device sends the public network address information of the server device, and the public network address information of the server device is used to establish a connection between the client device and the server device.

The method according to claim 23 is characterized in that the public network address information of the server device is configured by the public network server device.

The method according to claim 23 is characterized in that the public network address information of the server-side device is generated based on the public network address of the public network server device.

The method according to any one of claims 23 to 25, characterized in that the public network server device sends the public network address information of the server device, including:

The public network server device sends the public network address information of the server device to the client device.

The method according to claim 26, characterized in that the method further comprises:

The public network server device sends the public network address information of the public network server device to the configuration device, and the public network address information of the public network server device is used to establish a connection between the public network server device and the client device.

The method according to claim 27, characterized in that the public network server device is in the ecological network of the configuration device, and the method further comprises:

The public network server device receives second information for the public network server device sent by the configuration device through the ecological network, where the second information is used to establish a secure connection between the public network server device and the client device;

The method according to claim 23, characterized in that the public network server device sends the public network address information of the server device, including:

The public network server device sends the public network address information of the server device to the configuration device.

The method according to any one of claims 23-29 is characterized in that the public network address information of the server-side device is included in the first functional cluster of the public network server device.

The method according to claim 30 is characterized in that the first functional cluster also includes one or more of the following: an ecological network identifier of the server-side device and a node identifier of the server-side device.

The method according to claim 30 or 31 is characterized in that the first functional cluster also includes first indication information, and the first indication information is used to indicate the type of public network address information in the server-side device, and the type of public network address information includes static public network address information and dynamic public network address information.

A method for establishing a connection, characterized by comprising:

The server device establishes a connection with the client device based on the public network address information, where the public network address information includes the public network address information of the client device and/or the public network address information of the server device.

The method according to claim 33 is characterized in that the public network address information of the server device is configured by a public network server device.

The method according to claim 33 is characterized in that the public network address information of the server-side device is generated based on the public network address of the public network server device.

The method according to any one of claims 33 to 35, characterized in that the server device is in an ecological network of a configuration device, and the method further comprises:

The server device receives third information for the server device sent by the configuration device through the ecological network, wherein the third information is used to establish a secure connection between the server device and the client device;

The method according to any one of claims 33-36 is characterized in that the public network address information of the server-side device is contained in the first functional cluster of the public network server device.

The method according to claim 37 is characterized in that the first functional cluster also includes one or more of the following: an ecological network identifier of the server-side device and a node identifier of the server-side device.

The method according to claim 37 or 38 is characterized in that the first functional cluster also includes first indication information, and the first indication information is used to indicate the type of public network address information in the server-side device, and the type of public network address information includes static public network address information and dynamic public network address information.

A client device, comprising:

An establishing unit is used to establish a connection with a server device based on public network address information, wherein the public network address information includes the public network address information of the client device and/or the public network address information of the server device.

The client device according to claim 40 is characterized in that the public network address information of the server device is configured by a public network server device.

The client device according to claim 40 is characterized in that the public network address information of the server device is generated based on the public network address of the public network server device.

The client device according to any one of claims 40 to 42, characterized in that the client device further comprises:

The acquisition unit is used to acquire the public network address information of the server device from the public network server device.

The client device according to claim 43, characterized in that before the client device obtains the public network address information of the server device from the public network server device,

The acquisition unit is further used to: acquire the public network address information of the public network server device from the configuration device;

The establishing unit is further configured to establish a connection with the public network server device based on the public network address information of the public network server device.

The acquisition unit is used to acquire the public network address information of the server device from the configuration device.

The client device according to claim 45 is characterized in that the public network address information of the server device is obtained by the configuration device from the public network server device.

The client device according to any one of claims 40 to 46, wherein the client device is in an ecological network of a configuration device, and the client device further comprises:

A receiving unit, configured to receive first information for the client device sent by the configuration device through the ecological network, wherein the first information is used to establish a secure connection between the client device and the public network server device, or the first information is used to establish a secure connection between the client device and the server device;

The client device according to any one of claims 40-47 is characterized in that the public network address information of the server device is included in the first functional cluster of the public network server device.

The client device according to claim 48 is characterized in that the first functional cluster also includes one or more of the following: the ecological network identifier of the server device and the node identifier of the server device.

The client device according to claim 48 or 49 is characterized in that the first functional cluster also includes first indication information, and the first indication information is used to indicate the type of public network address information of the server device, and the type of public network address information includes static public network address information and dynamic public network address information.

A configuration device, comprising:

The sending unit is used to send the public network address information of the server device to the client device, and the public network address information of the server device is used to establish a connection between the client device and the server device.

The configuration device according to claim 51 is characterized in that the public network address information of the server device is configured by a public network server device.

The configuration device according to claim 52, characterized in that the configuration device further comprises:

The configuration device according to claim 51 is characterized in that the public network address information of the server-side device is generated based on the public network address of the public network server device.

The configuration device according to any one of claims 51 to 54, characterized in that the client device is in an ecological network of the configuration device, and the configuration device further comprises:

A sending unit, configured to send first information for the client device to the client device through the ecological network, wherein the first information is used to establish a secure connection between the client device and the server device, or the first information is used to establish a secure connection between the client device and a public network server device;

The configuration device according to any one of claims 51 to 55, characterized in that the public network server device is in the ecological network of the configuration device, and the configuration device further comprises:

A sending unit, configured to send second information for the public network server device to the public network server device through the ecological network, wherein the second information is used to establish a secure connection between the public network server device and the client device;

The configuration device according to any one of claims 51 to 56, characterized in that the server device is in an ecological network of the configuration device, and the configuration device further comprises:

A sending unit, configured to send third information for the server device to the server device through the ecological network, wherein the third information is used to establish a secure connection between the server device and the client device;

The configuration device according to any one of claims 51 to 57, characterized in that the configuration device further comprises:

The sending unit is used to send the public network address information of the public network server device to the client device, and the public network address information of the public network server device is used to establish a connection between the public network server device and the client device.

The configuration device according to any one of claims 51-58 is characterized in that the public network address information of the server-side device is included in the first functional cluster of the public network server device.

The configuration device according to claim 59 is characterized in that the first functional cluster also includes one or more of the following: an ecological network identifier of the server-side device and a node identifier of the server-side device.

The configuration device according to claim 59 or 60 is characterized in that the first functional cluster also includes first indication information, and the first indication information is used to indicate the type of public network address information in the server device, and the type of public network address information includes static public network address information and dynamic public network address information.

A public network server device, characterized by comprising:

The sending unit is used to send the public network address information of the server device, and the public network address information of the server device is used to establish a connection between the client device and the server device.

The public network server device according to claim 62 is characterized in that the public network address information of the server device is configured by the public network server device.

The public network server device according to claim 62 is characterized in that the public network address information of the server device is generated based on the public network address of the public network server device.

The public network server device according to any one of claims 62 to 64, wherein the sending unit is used to:

Send the public network address information of the server device to the client device.

The public network server device according to claim 65, characterized in that the sending unit is also used to:

The public network address information of the public network server device is sent to the configuration device, where the public network address information of the public network server device is used to establish a connection between the public network server device and the client device.

The public network server device according to claim 66, characterized in that the public network server device is in the ecological network of the configuration device, and the public network server device further comprises:

A receiving unit, configured to receive second information for the public network server device sent by the configuration device through the ecological network, wherein the second information is used to establish a secure connection between the public network server device and the client device;

The public network server device according to claim 62, characterized in that the sending unit is used to:

Send the public network address information of the server device to the configuration device.

The public network server device according to any one of claims 62-68 is characterized in that the public network address information of the server-side device is included in the first functional cluster of the public network server device.

The public network server device according to claim 69 is characterized in that the first functional cluster also includes one or more of the following: the ecological network identifier of the server-side device and the node identifier of the server-side device.

The public network server device according to claim 69 or 70 is characterized in that the first functional cluster also includes first indication information, and the first indication information is used to indicate the type of public network address information in the server-side device, and the type of public network address information includes static public network address information and dynamic public network address information.

A server device, comprising:

The establishing unit is used to establish a connection with the client device based on the public network address information, wherein the public network address information includes the public network address information of the client device and/or the public network address information of the server device.

The server device according to claim 72 is characterized in that the public network address information of the server device is configured by a public network server device.

The server device according to claim 72 is characterized in that the public network address information of the server device is generated based on the public network address of the public network server device.

The server device according to any one of claims 72 to 74, characterized in that the server device is in an ecological network of a configuration device, and the server device further comprises:

A receiving unit, configured to receive third information for the server device sent by the configuration device through the ecological network, wherein the third information is used to establish a secure connection between the server device and the client device;

The server device according to any one of claims 72-75 is characterized in that the public network address information of the server device is contained in the first functional cluster of the public network server device.

The server device according to claim 76 is characterized in that the first functional cluster also includes one or more of the following: an ecological network identifier of the server device and a node identifier of the server device.

The server device according to claim 76 or 77 is characterized in that the first functional cluster also includes first indication information, and the first indication information is used to indicate the type of public network address information in the server device, and the type of public network address information includes static public network address information and dynamic public network address information.

A client device, characterized in that it comprises a memory and a processor, wherein the memory is used to store a program, and the processor is used to call the program in the memory to execute the method as described in any one of claims 1-11.

A configuration device, characterized in that it comprises a memory and a processor, wherein the memory is used to store a program, and the processor is used to call the program in the memory to execute the method as described in any one of claims 12-22.

A public network server device, characterized in that it includes a memory and a processor, the memory is used to store programs, and the processor is used to call the program in the memory to execute the method as described in any one of claims 23-32.

A server device, characterized in that it includes a memory and a processor, the memory is used to store programs, and the processor is used to call the program in the memory to execute the method as described in any one of claims 33-39.

A device, characterized in that it includes a processor, which is used to call a program from a memory to execute the method as described in any one of claims 1-39.

A chip, characterized in that it includes a processor for calling a program from a memory so that a device equipped with the chip executes a method as described in any one of claims 1 to 39.

A computer-readable storage medium, characterized in that a program is stored thereon, wherein the program enables a computer to execute the method as described in any one of claims 1-39.

A computer program product, characterized in that it comprises a program, wherein the program enables a computer to execute the method according to any one of claims 1 to 39.

A computer program, characterized in that the computer program enables a computer to execute the method according to any one of claims 1 to 39.