阅读说明：本技术 三维模型数据的传输方法、服务器和用户终端 (Three-dimensional model data transmission method, server and user terminal ) 是由 杨雪峰 吴佳力 冯新源 于 2020-04-27 设计创作，主要内容包括：本发明公开了一种三维模型数据的传输方法、服务器和用户终端,其中,三维模型数据的传输方法包括：接收来自第一用户终端的三维模型数据的请求消息,其中,请求消息中携带有第一用户终端的标识信息以及第一用户终端具备的访问权限；根据访问权限,确定第一用户终端能够访问的三维模型数据的至少一个目标分段数据；获取至少一个目标分段数据对应的分段密钥；基于分段密钥和第一用户终端的标识信息,生成授权信息；将授权信息和加密的目标分段数据发送给第一用户终端。基于上述方式,第一用户终端只能获取到与其访问权限对应的部分三维模型数据,避免了三维模型数据被泄漏给无权限人员,提高三维模型数据的安全性。(The invention discloses a transmission method of three-dimensional model data, a server and a user terminal, wherein the transmission method of the three-dimensional model data comprises the following steps: receiving a request message of three-dimensional model data from a first user terminal, wherein the request message carries identification information of the first user terminal and access authority possessed by the first user terminal; determining at least one target segment data of the three-dimensional model data which can be accessed by the first user terminal according to the access authority; acquiring a segmentation key corresponding to at least one target segment data; generating authorization information based on the segment key and the identification information of the first user terminal; and transmitting the authorization information and the encrypted target segment data to the first user terminal. Based on the mode, the first user terminal can only obtain part of three-dimensional model data corresponding to the access authority of the first user terminal, the three-dimensional model data are prevented from being leaked to persons without authority, and the safety of the three-dimensional model data is improved.)

1. A method for transmitting three-dimensional model data is applied to a server, and the method comprises the following steps:

receiving a request message of three-dimensional model data from a first user terminal, wherein the request message carries identification information of the first user terminal and access authority possessed by the first user terminal;

determining at least one target segment data of the three-dimensional model data which can be accessed by the first user terminal according to the access authority;

acquiring a segmentation key corresponding to the at least one target segment data; wherein the segment key is used to decrypt the encrypted target segment data;

generating authorization information based on the segment key and the identification information of the first user terminal;

and sending the authorization information and the encrypted target segment data to the first user terminal.

2. The method of claim 1, wherein prior to receiving the request message for the three-dimensional model data from the first user terminal, the method further comprises:

receiving the three-dimensional model data uploaded by a second user terminal;

carrying out lightweight conversion on the three-dimensional model data to obtain lightweight three-dimensional data;

dividing the lightweight three-dimensional data into a plurality of segmented data according to a predetermined rule;

respectively encrypting each segment data by using a segment key, wherein the segment keys used for encrypting different segment data are different;

and storing each encrypted segment data and the segment key corresponding to each segment data.

3. The method of claim 2, wherein dividing the lightweight three-dimensional data into a plurality of pieces of segmented data according to a predetermined rule comprises: and at least dividing triangular plate data, geometric data, bill of material BOM data, product manufacturing information PMI data and parameter data of the lightweight three-dimensional data into one segment data respectively.

4. The method of claim 3, wherein the target segment data comprises at least one of: triangle data, geometric data, bill of material (BOM) data, Product Manufacturing Information (PMI) data and parameter data.

5. The method according to any one of claims 2 to 4, wherein encrypting each segment data comprises:

and encrypting different sections of data by adopting different encryption algorithms.

6. The method according to any of claims 1 to 4, wherein generating authorization information based on the segment key and the identification information of the first user terminal comprises:

signing information to be signed to obtain signature information, wherein the information to be signed comprises: identification information of the first user terminal, or identification information of the first user terminal and the segment key;

and taking the segmentation key, the signature information and a public key of the server as the authorization information.

7. The method according to any of claims 1 to 4, wherein sending the authorization information to the first user terminal comprises:

and encrypting the authorization information by using the public key of the first user terminal, and sending the encrypted authorization information to the first user terminal.

8. A method for acquiring three-dimensional model data is applied to a user terminal, and the method comprises the following steps:

sending a request message of three-dimensional model data to a server, wherein the request message carries identification information of the user terminal and access authority possessed by the user terminal;

receiving authorization information and encrypted target segment data returned by the server, wherein the target segment data is at least part of the three-dimensional model data;

authenticating the authorization information based on the identification information of the user terminal, and acquiring a segmentation key of the target segment data after the authentication is passed;

and decrypting the encrypted target segment data by using the segment key to obtain the target segment data.

9. The method of claim 8, wherein the target segmentation data comprises at least one of the following three-dimensional model data: triangle data, geometric data, bill of material (BOM) data, Product Manufacturing Information (PMI) data and parameter data.

10. The method of claim 8,

the authorization information includes: the segment key and the signature information;

authenticating the authorization information based on the identification information of the user terminal, including: and verifying the signature of the signature information based on the identification information of the user terminal.

11. The method according to any one of claims 8 to 10,

the received authorization information is encrypted authorization information;

before authenticating the authorization information based on the identification information of the user terminal, the method further includes: and decrypting the encrypted authorization information by using the public key of the user terminal.

12. A server, comprising:

the system comprises a first receiving module, a second receiving module and a third receiving module, wherein the first receiving module is used for receiving a request message of three-dimensional model data from a first user terminal, and the request message carries identification information of the first user terminal and access authority possessed by the first user terminal;

a determining module, configured to determine, according to the access right, at least one target segment data of the three-dimensional model data that can be accessed by the first user terminal;

an obtaining module, configured to obtain a segment key corresponding to the at least one target segment data; wherein the segment key is used to decrypt the encrypted target segment data;

a generation module, configured to generate authorization information based on the segment key and the identification information of the first user terminal;

a sending module, configured to send the authorization information and the encrypted target segment data to the first user terminal.

13. The server of claim 12, further comprising:

the second receiving module is used for receiving the three-dimensional model data uploaded by the second user terminal;

the light weight module is used for carrying out light weight conversion on the three-dimensional model data to obtain light weight three-dimensional data;

a dividing module for dividing the lightweight three-dimensional data into a plurality of segmented data according to a predetermined rule;

the first encryption module is used for respectively encrypting each piece of segment data by using a segment key, wherein the segment keys used for encrypting different piece of segment data are different;

and the storage module is used for storing each encrypted segment data and the segment key corresponding to each segment data.

14. The server according to claim 13, wherein the first encryption module encrypts each segment data, and includes:

and encrypting different sections of data by adopting different encryption algorithms.

15. The server according to any one of claims 12 to 14, wherein the generating module generates the authorization information, including:

signing information to be signed to obtain signature information, wherein the information to be signed comprises: identification information of the first user terminal, or identification information of the first user terminal and the segment key;

and taking the segmentation key, the signature information and a public key of the server as the authorization information.

16. The server according to any one of claims 12 to 14, further comprising: and the second encryption module is used for encrypting the authorization information by using the public key of the first user terminal before the sending module sends the authorization information to the first user terminal.

17. A user terminal, comprising:

the sending module is used for sending a request message of the three-dimensional model data to a server, wherein the request message carries identification information of the user terminal and access authority possessed by the user terminal;

the receiving module is used for receiving the authorization information returned by the server and encrypted target segment data, wherein the target segment data is at least part of the three-dimensional model data;

an obtaining module, configured to authenticate the authorization information based on the identification information of the user terminal, and obtain a segment key of the target segment data after the authentication is passed;

and the decryption module is used for decrypting the encrypted target segment data by using the segment key to obtain the target segment data.

18. The user terminal of claim 17,

the authorization information includes: the segment key and the signature information;

the obtaining module authenticates the authorization information based on the identification information of the user terminal, and the method comprises the following steps: and verifying the signature of the signature information based on the identification information of the user terminal.

19. The user terminal according to claim 17 or 18,

the authorization information received by the receiving module is encrypted authorization information;

the decryption module is further configured to decrypt the encrypted authorization information using the public key of the user terminal before the obtaining module authenticates the authorization information based on the identification information of the user terminal.

20. A server, comprising: memory, processor and computer program stored on the memory and executable on the processor, which computer program, when executed by the processor, carries out the steps of the method according to any one of claims 1 to 7.

21. A user terminal, comprising: memory, processor and computer program stored on the memory and executable on the processor, which computer program, when executed by the processor, carries out the steps of the method according to any one of claims 8 to 11.

22. A computer-readable storage medium, having a computer program stored thereon, which when executed by a processor, implements:

the steps of the method of any one of claims 1 to 7; or

The steps of the method of any one of claims 8 to 11.

Technical Field

The present invention relates to the field of communications, and in particular, to a method, a server, and a user terminal for transmitting three-dimensional model data.

Background

With the development of industrial internet and the popularization of Model Based Definition (MBD) application, more and more enterprises take three-dimensional data as knowledge carriers for cooperation, popularization, training, service and maintenance inside and outside the enterprises. However, the three-dimensional model data, especially the geometry, Bill of Material (BOM), model parameters, Product and Manufacturing Information (PMI), etc. in the three-dimensional model data describe the precise Information of the model, and is the core intellectual property of the enterprise. Enterprises worry about intellectual property loss in the cooperation process, so that a method is urgently needed, which not only can meet the deepened application of three-dimensional data of the enterprises, but also can ensure the safety of accurate data of three-dimensional models.

One solution of the prior art is: after the three-dimensional data provider receives the hardware information of the user equipment, the three-dimensional data is subjected to whole file encryption according to the hardware information, and then an authorization certificate generated after the decryption key and the model authorization content are encrypted is issued to the user. The safety problem of preventing the three-dimensional model data from being illegally copied is well solved.

In the scheme, the three-dimensional model data cannot be used when being copied to other equipment, but the authorized hardware equipment can view all the data of the three-dimensional model. For example, a parts supplier who performs 3D printing on three-dimensional data can also see PMI data of a three-dimensional model, but the actual 3D printing process does not need the PMI data. Therefore, by adopting the scheme provided by the related technology, the core data of the three-dimensional model can be leaked to unauthorized persons, so that the core data of the three-dimensional model can be imitated.

Disclosure of Invention

The embodiment of the invention aims to provide a transmission method of three-dimensional model data, a server and a user terminal so as to prevent the three-dimensional model data from being leaked to unauthorized persons.

In a first aspect, a method for transmitting three-dimensional model data is provided, and is applied to a server, and the method includes: receiving a request message of three-dimensional model data from a first user terminal, wherein the request message carries identification information of the first user terminal and access authority possessed by the first user terminal; determining at least one target segment data of the three-dimensional model data which can be accessed by the first user terminal according to the access authority; acquiring a segmentation key corresponding to the at least one target segment data; wherein the segment key is used to decrypt the encrypted target segment data; generating authorization information based on the segment key and the identification information of the first user terminal; and sending the authorization information and the encrypted target segment data to the first user terminal.

In a second aspect, a method for acquiring three-dimensional model data is provided, which is applied to a user terminal, and the method includes: sending a request message of three-dimensional model data to a server, wherein the request message carries identification information of the user terminal and access authority possessed by the user terminal; receiving authorization information and encrypted target segment data returned by the server, wherein the target segment data is at least part of the three-dimensional model data; authenticating the authorization information based on the identification information of the user terminal, and acquiring a segmentation key of the target segment data after the authentication is passed; and decrypting the encrypted target segment data by using the segment key to obtain the target segment data.

In a third aspect, a server is provided, including: the system comprises a first receiving module, a second receiving module and a third receiving module, wherein the first receiving module is used for receiving a request message of three-dimensional model data from a first user terminal, and the request message carries identification information of the first user terminal and access authority possessed by the first user terminal; a determining module, configured to determine, according to the access right, at least one target segment data of the three-dimensional model data that can be accessed by the first user terminal; an obtaining module, configured to obtain a segment key corresponding to the at least one target segment data; wherein the segment key is used to decrypt the encrypted target segment data; a generation module, configured to generate authorization information based on the segment key and the identification information of the first user terminal; a sending module, configured to send the authorization information and the encrypted target segment data to the first user terminal.

In a fourth aspect, a user terminal is provided, which includes: the sending module is used for sending a request message of the three-dimensional model data to a server, wherein the request message carries identification information of the user terminal and access authority possessed by the user terminal; the receiving module is used for receiving the authorization information returned by the server and encrypted target segment data, wherein the target segment data is at least part of the three-dimensional model data; an obtaining module, configured to authenticate the authorization information based on the identification information of the user terminal, and obtain a segment key of the target segment data after the authentication is passed; and the decryption module is used for decrypting the encrypted target segment data by using the segment key to obtain the target segment data.

In a fifth aspect, a server is provided, including: memory, processor and computer program stored on the memory and executable on the processor, the computer program, when executed by the processor, implementing the steps of the method according to the first aspect

In a sixth aspect, there is provided a user terminal comprising a processor, a memory and a computer program stored on the memory and executable on the processor, the computer program, when executed by the processor, implementing the steps of the method according to the second aspect.

In a seventh aspect, a computer-readable storage medium is provided, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method according to the first or second aspect.

In the embodiment of the invention, when a server receives a request message of three-dimensional model data of a first user terminal, target segment data which can be accessed by the first user terminal is determined according to the access authority of the first user terminal, and the encrypted target segment data and authorization information generated according to identification information of the first user terminal and a segment key are sent to the first user terminal, so that the first user terminal can only obtain part of three-dimensional model data corresponding to the access authority of the first user terminal, the three-dimensional model data is prevented from being leaked to persons without authority, in addition, the authorization information is generated according to the identification information of the first user terminal, only the first user terminal can obtain the segment key, the encrypted target segment data is decrypted by using the segment key, and the three-dimensional model data is prevented from being stolen by illegal equipment.

Drawings

The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the invention and not to limit the invention. In the drawings:

fig. 1 is a schematic flow chart of a method for transmitting three-dimensional model data according to an embodiment of the present invention;

fig. 2 is a schematic flow chart of a method for acquiring three-dimensional model data according to an embodiment of the present invention;

fig. 3 is another schematic flow chart of a method for transmitting three-dimensional model data according to an embodiment of the present invention;

fig. 4 is a schematic structural diagram of a server according to an embodiment of the present invention;

fig. 5 is a schematic structural diagram of a user terminal according to an embodiment of the present invention;

fig. 6 is a schematic structural diagram of a server according to an embodiment of the present invention;

fig. 7 is a schematic structural diagram of a user terminal according to an embodiment of the present invention.

Detailed Description

The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

According to the technical scheme of the invention, the user Terminal can be Terminal equipment, Mobile Terminal (Mobile Terminal), Mobile user equipment and the like, and can communicate with the server through a network (including a wired network and a wireless network). Mobile terminals and mobile user equipment include, but are not limited to, mobile phones and computers with mobile terminals, such as mobile devices that may be portable, pocket, hand-held, computer-included, or vehicle-mounted, and terminal equipment includes, but is not limited to, notebooks, desktop computers (desktops), laptop computers (laptops), and the like. The present embodiment is not particularly limited.

The technical solutions provided by the embodiments of the present invention are described in detail below with reference to the accompanying drawings.

Fig. 1 is a schematic flow chart of a method for transmitting three-dimensional model data according to an embodiment of the present invention, where the method may be executed by a server. In other words, the method may be performed by software or hardware installed on the server. As shown in fig. 1, the method may include the following steps.

S110, receiving a request message of three-dimensional model data from a first user terminal, wherein the request message carries identification information of the first user terminal and access authority possessed by the first user terminal.

In a specific application, the access right possessed by the first user terminal may be provided by the three-dimensional model data provider to the requester, and the requester may send the request message at the first user terminal according to the access right.

S112, determining at least one target segment data of the three-dimensional model data which can be accessed by the first user terminal according to the access authority.

In the embodiment of the present invention, for a three-dimensional model data, the server may perform segment storage, and after receiving the request message in S110, the server may determine at least one target segment data of the three-dimensional model data that can be accessed by the first user terminal according to the access right carried in the request message.

In one possible implementation manner, before S110, the three-dimensional model data provider may upload the three-dimensional model data to the server, and the server divides the uploaded three-dimensional model data into a plurality of segment data, and encrypts and stores each segment data. Therefore, in this possible implementation manner, before S110, the method may further include: receiving the three-dimensional model data uploaded by a second user terminal; carrying out lightweight conversion on the three-dimensional model data to obtain lightweight three-dimensional data; dividing the lightweight three-dimensional data into a plurality of segmented data according to a predetermined rule; respectively encrypting each segment data by using a segment key, wherein the segment keys used for encrypting different segment data are different; and storing each encrypted segment data and the segment key corresponding to each segment data. Through the possible implementation mode, a three-dimensional model data provider can upload three-dimensional model data through the second user terminal, the server performs light-weight processing on the three-dimensional model data after receiving the three-dimensional model data, divides the three-dimensional data after the light-weight processing into a plurality of segment data, and encrypts each segment data by using different segment keys, so that the storage space occupied by the three-dimensional model data can be reduced, and each segment data is encrypted by using different segment keys, so that a requester obtaining the segment key of a certain segment data can only decrypt the corresponding segment data, but cannot decrypt other segment data, and the safety of the data is ensured.

In the possible implementation manner, when performing the lightweight conversion on the three-dimensional model data, the three-dimensional model data may be divided into triangle piece data and geometric data. For example, in the light weight conversion, triangular plate data is grouped according to the curved surface of a three-dimensional model, and then triangular plate data of the same curved surface of the model is associated with geometric information data, wherein the geometric information comprises geometric information of a corresponding curved surface and geometric information of a curve related to the boundary contour of the curved surface. The geometric information of the curved surface refers to data information describing the shape of the curved surface. For example: the geometric information of the plane comprises a point on the plane, the normal vector direction of the plane and the like; the geometric information of the cylindrical surface comprises a point on the central axis of the cylinder, the vector of the central axis direction, the radius and the like. The geometric information of the curve refers to data information describing the shape of the curve. For example: the starting point position and the end point position of the straight line segment; the center position of the arc, two vectors defining the plane of the arc, an arc start angle, an arc stop angle and a radius.

In addition, in lightweight files can also be defined: (1) bill of material (BOM) data structures, such as the hierarchical relationship of three-dimensional models; (2) product Manufacturing Information (PMI) data structures such as dimensions, behavioral tolerances, roughness, welds, benchmarks, and conformance data; (3) and parameter data, wherein the parameters comprise parameters of materials, mass, gravity center, rotational inertia and the like of the three-dimensional model. When the weight is converted, firstly, bill of material (BOM) data, Product Manufacturing Information (PMI) data and parameter data of the three-dimensional model data are obtained, and then the three-dimensional model data are converted into structured data in a weight file and are kept in the weight file.

In one possible implementation, dividing the lightweight three-dimensional data into a plurality of pieces of segmented data according to a predetermined rule includes: and at least dividing triangular plate data, geometric data, bill of material BOM data, product manufacturing information PMI data and parameter data of the lightweight three-dimensional data into one segment data respectively. In a specific application, the predetermined rule may be a segmentation rule used by the server by default according to the three-dimensional model data, or the three-dimensional model data provider control server may divide the three-dimensional model data according to the predetermined rule. And the server determines at least one target section data of triangular plate data, geometric data, bill of material (BOM) data, Product Manufacturing Information (PMI) data and parameter data of the three-dimensional model data which can be accessed by the first user terminal according to the access authority carried in the request message.

In the above possible implementation manner, when encrypting each piece of segment data, each piece of segment data may generate a different segment key correspondingly, and therefore, in this possible implementation manner, encrypting each piece of segment data includes: and encrypting different sections of data by adopting different encryption algorithms. For example, the triangle data is encrypted by CTR (Counter) algorithm in AES-128(Advanced Encryption Standard) to generate a segment key corresponding to the triangle data, and the PMI data is encrypted by CBC (Cipher Block Chaining) algorithm in AES-256 to generate a segment key corresponding to the PMI data. Different encryption algorithms are adopted to encrypt each segment data, so that important segment data can be prevented from being cracked, and the safety of the data is improved.

S114, obtaining a segmentation key corresponding to the at least one target segment data; wherein the segment key is used to decrypt the encrypted target segment data.

In this embodiment of the present invention, after determining at least one target segment data of the three-dimensional model data that can be accessed by the first user terminal in S112, the server may obtain a segment key corresponding to each target segment data according to a correspondence between the stored segment data and the segment key. Each segment key decrypts the corresponding encrypted target segment data, for example, the triangle data key decrypts the triangle data in the three-dimensional model data, and the PMI data key decrypts the PMI data in the three-dimensional model data.

S116, generating authorization information based on the segment key and the identification information of the first user terminal.

In the embodiment of the present invention, the server may generate the authorization information according to the segment key corresponding to the three-dimensional model data that the first user terminal can access in S114 and the identification information of the first user terminal carried by the request information in S110.

In one possible implementation manner, the identification information of the first user terminal, or the identification information of the first user terminal and the segment key may be signed, and the authorization information may be generated according to a signed result. Therefore, in this possible implementation, generating authorization information based on the segment key and the identification information of the first user terminal includes: signing information to be signed to obtain signature information, wherein the information to be signed comprises: identification information of the first user terminal, or identification information of the first user terminal and the segment key; and taking the segmentation key, the signature information and a public key of the server as the authorization information. Through the possible implementation mode, the server signs the identification information or the identification information and the segmented key to determine the signature information, the identity of the requester can be identified through the identification information of the first user terminal, and the segmented key, the signature information and the public key of the server are used as authorization information, so that tampering and counterfeiting of data can be avoided, and the integrity of data transmission is ensured.

S118, the authorization information and the encrypted target segment data are sent to the first user terminal.

In the embodiment of the present invention, the server may establish a download link with the first user terminal, and the first user terminal downloads the authorization information and the encrypted target segment data through the download link.

In one possible implementation manner, the server may encrypt the authorization information and send the encrypted authorization information to the first user terminal. Thus, sending the authorization information to the first user terminal comprises: and encrypting the authorization information by using the public key of the first user terminal, and sending the encrypted authorization information to the first user terminal. Through the possible implementation mode, the three-dimensional data requester can decrypt the authorization information through the public key of the first user terminal and access the authorization information, so that the security of the authorization information in the transmission process is ensured.

Fig. 2 is a flowchart illustrating a method for acquiring three-dimensional model data according to an embodiment of the present invention, where the method 200 may be executed by a user terminal. In other words, the method may be performed by software or hardware installed on the user terminal. As shown in fig. 2, the method may include the following steps.

S210, sending a request message of the three-dimensional model data to a server, wherein the request message carries identification information of the user terminal and access authority possessed by the user terminal.

In the embodiment of the present invention, the access right that the user terminal has may be provided by the three-dimensional model data provider to the requestor, and the manner of providing the access right includes, but is not limited to, sharing the network link generated by the segment key corresponding to the access right in the server to the requestor. The requester can request the three-dimensional model data from the server according to the access right, and send the identification information of the user terminal and the access right of the user terminal.

S212, receiving authorization information and encrypted target segment data returned by the server, wherein the target segment data is at least part of the three-dimensional model data.

In the embodiment of the present invention, after the user terminal sends the request message in S210 to the server, the server returns the authorization information and the encrypted target segment data to the user terminal according to the request message, and the user terminal may obtain at least part of the authorization information and the encrypted three-dimensional model data.

In a possible implementation manner, the three-dimensional model data includes triangle data, geometric data, bill of material BOM data, product manufacturing information PMI data and parameter data, the server divides the three-dimensional model data into a plurality of segment data, and the user terminal can obtain at least part of the segment data according to the access right. Thus, in this possible implementation, the target segmentation data comprises at least one of the following three-dimensional model data: triangle data, geometric data, bill of material (BOM) data, Product Manufacturing Information (PMI) data and parameter data.

S214, the authorization information is authenticated based on the identification information of the user terminal, and after the authentication is passed, the segment key of the target segment data is obtained.

In the embodiment of the present invention, the three-dimensional model data requester authenticates the authorization information acquired in S212 through the identification information of the user terminal, and if the authentication is passed, acquires the segment key of the target segment data, and if the authentication is not passed, refuses to use the three-dimensional model data. For the authentication method of the authorization information, the identification information of the user terminal may be compared with the identification information check code in the authorization information, and whether the authentication passes or not may be determined based on the result of the comparison.

In one possible implementation, the authorization information includes: segment key and signature information; authenticating the authorization information based on the identification information of the user terminal, including: and verifying the signature of the signature information based on the identification information of the user terminal. Through the possible implementation mode, the three-dimensional model data requester checks the signature information in the authorization information through the identification information of the user terminal, and the authorization information is determined to be acquired, so that confidentiality, integrity and non-repudiation in authorization information transmission can be guaranteed, and authenticity of identities of all parties communicating the authorization information is guaranteed.

S216, the encrypted target segment data is decrypted by using the segment key, and the target segment data is obtained.

In the embodiment of the invention, the three-dimensional model data requester decrypts the encrypted target segment data by using the segment key in the authorization information, and displays the decrypted three-dimensional model data with the access right.

In one possible implementation manner, the authorization information received in S214 is encrypted authorization information, and the user terminal needs to decrypt the authorization information. Therefore, in this possible implementation, before authenticating the authorization information based on the identification information of the user terminal, the method further includes: and decrypting the encrypted authorization information by using the public key of the user terminal. Through the possible implementation mode, the authorization information can be prevented from being acquired by an unauthorized terminal, and the security of the authorization information is ensured.

The technical solution provided by the embodiment of the present invention is described below by taking data transmission between a three-dimensional model provider, a server, and a three-dimensional model requester in an internet environment as an example. When data transmission is carried out among a three-dimensional model provider, a server and a three-dimensional model requester under the environment of the Internet, the method comprises the following specific implementation steps:

step a, a three-dimensional model provider uploads three-dimensional model data to a server through a client and controls the server to encrypt the three-dimensional model data in a segmented mode.

In the embodiment of the present invention, for the segmented encryption of the three-dimensional model data, the server may use a default segmentation rule to divide the three-dimensional model uploaded by the three-dimensional model provider, or may divide the three-dimensional model data according to the control of the three-dimensional model provider, and encrypt the divided segmented data respectively to obtain the encrypted segmented data and the corresponding segmented key thereof. Therefore, the three-dimensional model provider control server performing the three-dimensional model data segmented encryption may include the steps of:

step a1, the server converts the three-dimensional model data uploaded by the three-dimensional model provider into lightweight three-dimensional data.

In specific application, the server can perform compression, filtration, optimization and other processing on the received three-dimensional model data and convert the three-dimensional model data into light three-dimensional data, so that the file capacity of the three-dimensional model data can be reduced, and the storage space occupied by the three-dimensional model data is reduced.

Step a2, the server divides the light-weighted three-dimensional data, the divided segment data may include triangle data, geometric data, BOM data, PMI data and parameter data of the three-dimensional model data, and for different segment data, different Encryption algorithms may be used for Encryption, for example, the triangle data is encrypted by CTR (Counter mode) algorithm in AES-128(Advanced Encryption Standard), a segment key corresponding to the triangle data is generated, and the PMI data is encrypted by CBC (Cipher Block Chaining) algorithm in AES-256, and a segment key corresponding to the PMI data is generated. Different encryption algorithms are adopted to encrypt each segment data, so that important segment data can be prevented from being cracked, and the safety of the data is improved.

Step a3, storing the encrypted three-dimensional model data and each segment key into a model base and a key base respectively.

And b, providing certain access rights of the three-dimensional model to the three-dimensional model requester by the three-dimensional model provider, wherein the access rights are provided by a mode including but not limited to sharing the network link generated by the segmentation key corresponding to the access rights in the server to the three-dimensional model requester.

And c, the three-dimensional model requester requests the three-dimensional model from the server through the access right provided by the three-dimensional model provider and provides the unique identification of the own specific equipment.

And d, when the server receives a request message of the three-dimensional model requester, wherein the request message carries the unique identifier of the equipment and the access authority of the equipment, acquiring a segment key corresponding to the access authority from the key bank according to the access authority, secondarily encrypting the segment key and the unique identifier of the equipment, and dynamically generating a certificate file according to a result after secondary encryption.

And e, the server establishes a downloading link with the client, the client can download the requested three-dimensional model data which is encrypted in sections and the certificate file which is generated dynamically, and the three-dimensional model requester can check and display the three-dimensional model data according to the data.

In this embodiment of the present invention, after downloading and obtaining three-dimensional model data and a certificate file, a three-dimensional model requester can only display the three-dimensional model data with access rights, fig. 3 is another flow diagram of a method for obtaining three-dimensional model data according to this embodiment of the present invention, and as shown in fig. 3, the obtaining method 300 includes the following steps:

at step e1, the three-dimensional model requester requests the use of three-dimensional model data.

In the embodiment of the invention, the three-dimensional model requester firstly starts the authentication of the unique equipment identifier, compares the unique equipment identifier with the unique equipment identifier check code in the downloaded certificate file, and determines whether the authentication passes or not based on the compared result. If the authentication is not passed, the three-dimensional model is refused to be used, and the three-dimensional model requester cannot check the three-dimensional model data; and if the authentication is passed, the next step is carried out.

Step e2, acquiring the triangular plate data key from the certificate file, decrypting the triangular plate data key through the unique equipment identifier, and decrypting the triangular plate data of the three-dimensional model by using the decrypted key;

acquiring a PMI data key from the certificate file, decrypting the PMI data key through the unique equipment identifier, and decrypting the PMI data of the three-dimensional model by using the decrypted key;

acquiring a BOM data key from the certificate file, decrypting the BOM data key through the unique equipment identifier, and decrypting BOM data of the three-dimensional model by using the decrypted key;

acquiring a parameter data key from the certificate file, decrypting the parameter data key through the unique equipment identifier, and decrypting the parameter data of the three-dimensional model by using the decrypted key;

and e3, displaying the decrypted three-dimensional model data of the related access right.

In the embodiment of the invention, the three-dimensional model provider provides some access rights of the three-dimensional model data to the requester, the three-dimensional model requester can only view and display the three-dimensional data corresponding to the rights, but cannot view the three-dimensional model data without access rights, the three-dimensional model data can be prevented from being leaked to persons without the rights, the certificate file needs the unique equipment identifier for decryption, only the equipment appointed by the three-dimensional model requester can acquire the three-dimensional model data, the data is invalid after being copied, the three-dimensional model data is prevented from being illegally stolen, and the safety of the three-dimensional model data is ensured.

Fig. 4 is a schematic structural diagram of a server according to an embodiment of the present invention, and as shown in fig. 4, the server 500 includes: a first receiving module 510, configured to receive a request message of three-dimensional model data from a first user terminal, where the request message carries identification information of the first user terminal and an access right possessed by the first user terminal;

a determining module 520, configured to determine at least one target segment data of the three-dimensional model data that can be accessed by the first user terminal according to the access right.

In one possible implementation, the server 500 further includes: and the second receiving module is used for receiving the three-dimensional model data uploaded by the second user terminal. And the light weight module is used for carrying out light weight conversion on the three-dimensional model data to obtain light weight three-dimensional data. A dividing module for dividing the lightweight three-dimensional data into a plurality of segmented data according to a predetermined rule. The first encryption module is used for respectively encrypting each segment data by using segment keys, wherein the segment keys used for encrypting different segment data are different from each other. In this possible implementation manner, the encrypting each piece of segment data by the first encrypting module includes: and encrypting different sections of data by adopting different encryption algorithms. And the storage module is used for storing each encrypted segment data and the segment key corresponding to each segment data.

An obtaining module 530, configured to obtain a segment key corresponding to the at least one target segment data; wherein the segment key is used to decrypt the encrypted target segment data.

A generating module 540, configured to generate authorization information based on the segment key and the identification information of the first user terminal.

In one possible implementation manner, the generating module 540 generates the authorization information, including: signing information to be signed to obtain signature information, wherein the information to be signed comprises: identification information of the first user terminal, or identification information of the first user terminal and the segment key; and taking the segmentation key, the signature information and a public key of the server as the authorization information.

A sending module 550, configured to send the authorization information and the encrypted target segment data to the first user terminal.

In one possible implementation, the server 500 further includes: and the second encryption module is used for encrypting the authorization information by using the public key of the first user terminal before the sending module sends the authorization information to the first user terminal.

The user terminal provided by the embodiment of the present invention can implement each process implemented by the user terminal in the method embodiment of fig. 1, and achieve the same effect to avoid repetition, which is not described herein again.

Fig. 5 is a schematic structural diagram of a user terminal according to an embodiment of the present invention, and as shown in fig. 5, the user terminal 600 includes: a sending module 610, configured to send a request message of three-dimensional model data to a server, where the request message carries identification information of the user terminal and an access right possessed by the user terminal.

A receiving module 620, configured to receive authorization information and encrypted target segment data returned by the server, where the target segment data is at least part of the three-dimensional model data.

An obtaining module 630, configured to authenticate the authorization information based on the identification information of the user terminal, and obtain the segment key of the target segment data after the authentication is passed.

In one possible implementation, the authorization information includes: the segment key and the signature information; the obtaining module 630 authenticates the authorization information based on the identification information of the user terminal, including: and verifying the signature of the signature information based on the identification information of the user terminal.

A decryption module 640, configured to decrypt the encrypted target segment data by using the segment key to obtain the target segment data.

In a possible implementation manner, the authorization information received by the receiving module 630 is encrypted authorization information; the decryption module 640 is further configured to decrypt the encrypted authorization information by using the public key of the user terminal before the obtaining module authenticates the authorization information based on the identification information of the user terminal.

The user terminal provided by the embodiment of the present invention can implement each process implemented by the user terminal in the method embodiment of fig. 2, and achieve the same effect to avoid repetition, which is not described herein again.

Referring to fig. 6, fig. 6 is a structural diagram of a server according to an embodiment of the present invention, which can implement various details of the method 100 and achieve the same effect. As shown in fig. 6, the server 700 includes: a processor 701, a transceiver 702, a memory 703, a user interface 704 and a bus interface, wherein:

in this embodiment of the present invention, the server 700 further includes: a computer program stored in the memory 703 and executable on the processor 701, the computer program when executed by the processor 701 implementing the steps of:

receiving a request message of three-dimensional model data from a first user terminal, wherein the request message carries identification information of the first user terminal and access authority possessed by the first user terminal;

determining at least one target segment data of the three-dimensional model data which can be accessed by the first user terminal according to the access authority;

acquiring a segmentation key corresponding to the at least one target segment data; wherein the segment key is used to decrypt the encrypted target segment data;

generating authorization information based on the segment key and the identification information of the first user terminal;

and sending the authorization information and the encrypted target segment data to the first user terminal.

In fig. 6, the bus architecture may include any number of interconnected buses and bridges, with one or more processors, represented by processor 701, and various circuits, represented by memory 703, being linked together. The bus architecture may also link together various other circuits such as peripherals, voltage regulators, power management circuits, and the like, which are well known in the art, and therefore, will not be described any further herein. The bus interface provides an interface. The transceiver 702 may be a number of elements including a transmitter and a receiver that provide a means for communicating with various other apparatus over a transmission medium. The user interface 704 may also be an interface capable of interfacing with a desired device for different user devices, including but not limited to a keypad, display, speaker, microphone, joystick, etc.

The processor 701 is responsible for managing the bus architecture and general processing, and the memory 703 may store data used by the processor 701 in performing operations.

The server 700 can implement the processes implemented by the server in the method 100, and achieve the same effect to avoid repetition, which is not described herein again.

Fig. 7 is a block diagram of a user terminal according to another embodiment of the present invention. The user terminal 800 shown in fig. 7 includes: at least one processor 801, memory 802, at least one network interface 804, and a user interface 803. The various components in the user terminal 800 are coupled together by a bus system 805. It is understood that the bus system 805 is used to enable communications among the components connected. The bus system 805 includes a power bus, a control bus, and a status signal bus in addition to a data bus. For clarity of illustration, however, the various buses are labeled as bus system 805 in fig. 7.

The user interface 803 may include, among other things, a display, a keyboard, or a pointing device (e.g., a mouse, trackball, touch pad, or touch screen, among others.

It will be appreciated that the memory 802 in embodiments of the invention may be either volatile memory or nonvolatile memory, or may include both volatile and nonvolatile memory. The non-volatile Memory may be a Read-Only Memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an Electrically Erasable PROM (EEPROM), or a flash Memory. Volatile Memory can be Random Access Memory (RAM), which acts as external cache Memory. By way of illustration and not limitation, many forms of RAM are available, such as Static random access memory (Static RAM, SRAM), Dynamic Random Access Memory (DRAM), Synchronous Dynamic random access memory (Synchronous DRAM, SDRAM), Double Data Rate Synchronous Dynamic Random Access Memory (DDRSDRAM), Enhanced Synchronous SDRAM (ESDRAM), Sync Link DRAM (SLDRAM), and Direct Rambus RAM (DRRAM). The memory 802 of the subject systems and methods described in connection with the embodiments of the invention is intended to comprise, without being limited to, these and any other suitable types of memory.

In some embodiments, memory 802 stores the following elements, executable modules or data structures, or a subset thereof, or an expanded set thereof: an operating system 8021 and application programs 8022.

The operating system 8021 includes various system programs, such as a framework layer, a core library layer, a driver layer, and the like, and is used for implementing various basic services and processing hardware-based tasks. The application program 8022 includes various application programs, such as a Media Player (Media Player), a Browser (Browser), and the like, for implementing various application services. A program implementing a method according to an embodiment of the present invention may be included in application program 8022.

In this embodiment of the present invention, the user terminal 800 further includes: a computer program stored on the memory 802 and executable on the processor 801, the computer program when executed by the processor 8801 performs the steps of: sending a request message of three-dimensional model data to a server, wherein the request message carries identification information of the user terminal and access authority possessed by the user terminal; receiving authorization information and encrypted target segment data returned by the server, wherein the target segment data is at least part of the three-dimensional model data; authenticating the authorization information based on the identification information of the user terminal, and acquiring a segmentation key of the target segment data after the authentication is passed; and decrypting the encrypted target segment data by using the segment key to obtain the target segment data.

The methods disclosed in the embodiments of the present invention described above may be implemented in the processor 801 or implemented by the processor 801. The processor 801 may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware or instructions in the form of software in the processor 801. The Processor 801 may be a general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic device, or discrete hardware components. The various methods, steps and logic blocks disclosed in the embodiments of the present invention may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in connection with the embodiments of the present invention may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor. The software modules may reside in ram, flash memory, rom, prom, or eprom, registers, among other computer-readable storage media known in the art. The computer readable storage medium is located in the memory 802, and the processor 801 reads the information in the memory 802, and combines the hardware to complete the steps of the method. In particular, the computer readable storage medium has stored thereon a computer program which, when executed by the processor 801, implements the steps of the method 200 as described above.

It is to be understood that the embodiments described herein may be implemented in hardware, software, firmware, middleware, microcode, or any combination thereof. For a hardware implementation, the Processing units may be implemented within one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DSPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), general purpose processors, controllers, micro-controllers, microprocessors, other electronic units designed to perform the functions described herein, or a combination thereof.

For a software implementation, the techniques described in this disclosure may be implemented with modules (e.g., procedures, functions, and so on) that perform the functions described in this disclosure. The software codes may be stored in a memory and executed by a processor. The memory may be implemented within the processor or external to the processor.

The user terminal 800 is capable of implementing the processes implemented by the user terminal in the method 200, and for avoiding repetition, the details are not described here.

An embodiment of the present invention further provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the computer program implements each process of the method 100, the method 200, or the method 400, and can achieve the same technical effect, and in order to avoid repetition, the computer program is not described herein again. The computer-readable storage medium may be a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk.

It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.

Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal (such as a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.

While the present invention has been described with reference to the embodiments shown in the drawings, the present invention is not limited to the embodiments, which are illustrative and not restrictive, and it will be apparent to those skilled in the art that various changes and modifications can be made therein without departing from the spirit and scope of the invention as defined in the appended claims.