阅读说明：本技术 基于5g电力的鉴权方法及系统 (Authentication method and system based on 5G power ) 是由 朱海龙 张国翊 洪丹轲 张思拓 黄山珂 于 2021-06-19 设计创作，主要内容包括：本发明公开了一种基于5G电力的鉴权方法及系统,通过网关接收用户终端的服务建立请求,其中,所述服务建立请求中携带所述用户终端身份标识的加密数据；所述网关从所述接入请求获取所述身份标识,并判断所述身份标识与存储的身份标识是否一致,若一致,则向服务器发送携带所述服务建立请求的鉴权请求；所述服务器对所述鉴权请求进行鉴权认证,若通过鉴权认证,接收所述用户终端建立服务请求。优点：具有加密策略的身份标识等,对于不符合条件的访问请求,可以拒绝访问,这样具备防攻击的效果,鉴权可靠性高,鉴权效率高。(The invention discloses an authentication method and an authentication system based on 5G electric power.A service establishment request of a user terminal is received through a gateway, wherein the service establishment request carries encrypted data of an identity label of the user terminal; the gateway acquires the identity identifier from the access request, judges whether the identity identifier is consistent with the stored identity identifier or not, and sends an authentication request carrying the service establishment request to a server if the identity identifier is consistent with the stored identity identifier; and the server carries out authentication and certification on the authentication request, and receives the service establishment request of the user terminal if the authentication and certification is passed. The advantages are that: the identity mark with encryption strategy can deny access to the access request which does not meet the condition, thus having the effect of anti-attack, high authentication reliability and high authentication efficiency.)

1. An authentication method based on 5G power, characterized in that the method comprises:

a gateway receives a service establishment request of a user terminal, wherein the service establishment request carries encrypted data of the user terminal identity;

the gateway acquires the identity identifier from the access request, judges whether the identity identifier is consistent with the stored identity identifier or not, and sends an authentication request carrying the service establishment request to a server if the identity identifier is consistent with the stored identity identifier;

and the server carries out authentication and certification on the authentication request, and receives the service establishment request of the user terminal if the authentication and certification is passed.

2. The method of claim 1, wherein the gateway obtains the identity from the access request, and wherein the method comprises:

and the gateway decrypts the encrypted data carried by the user terminal by using an elliptic curve private key to obtain a user certificate, and analyzes the user certificate to obtain the identity of the user terminal.

3. The method of claim 2, wherein determining whether the identity matches a stored identity comprises:

and the gateway analyzes and compares the user certificate with a pre-stored user certificate, and obtains whether the dynamic feature description codes in the analyzed user certificate are consistent or not according to the analysis and comparison result.

4. The method according to any one of claims 1-3, further comprising:

and the server and the user terminal determine a service relationship, and return corresponding service resources to the user terminal through the gateway according to the received service establishment request.

5. The method according to claim 4, wherein the corresponding service resource is returned to the user terminal through the gateway according to the received service establishment request, and the method comprises:

the server analyzes the data type of the request service from the authentication request;

and according to the fact that the data type of the requested service is a text or image type, the elliptic curve private key of the public and private key pair corresponding to the text or image type is used for encrypting the service data and then returning the service data to the user terminal through the gateway.

6. An authentication system based on 5G power, characterized in that the system comprises:

the receiving module is used for receiving a service establishment request of a user terminal by a gateway, wherein the service establishment request carries encrypted data of the user terminal identity;

the extraction module is used for acquiring the identity identifier from the access request by the gateway, judging whether the identity identifier is consistent with the stored identity identifier or not, and if so, sending an authentication request carrying the service establishment request to a server;

and the authentication module is used for carrying out authentication and certification on the authentication request by the server and receiving the service request established by the user terminal if the authentication and certification is passed.

7. An authentication device based on 5G power, characterized in that the device comprises:

the communication bus is used for realizing the connection communication between the processor and the memory;

a memory for storing a computer program;

a processor for executing the computer program to implement the steps of:

a gateway receives a service establishment request of a user terminal, wherein the service establishment request carries encrypted data of the user terminal identity;

the gateway acquires the identity identifier from the access request, judges whether the identity identifier is consistent with the stored identity identifier or not, and sends an authentication request carrying the service establishment request to a server if the identity identifier is consistent with the stored identity identifier;

and the server carries out authentication and certification on the authentication request, and receives the service establishment request of the user terminal if the authentication and certification is passed.

8. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the method according to any one of claims 1-5.

Technical Field

The invention relates to the technical field of data security, in particular to an authentication method and system based on 5G power.

Background

The 5G serving as a network strongly related to a power grid in the future has the overall goals of 'network synergy, good technical use, terminal management, reliable channel, service guarantee, more open platform and acceptable cost', and can be divided into a service access layer, a communication adaptation layer, a network layer, a support system and a safety access system to support digital transformation of the smart power grid. The project takes the 'end-to-end converged network architecture of the 5G-converged smart grid' as a top-level design, and guides each layer of construction from the aspects of 'converged networking, management cooperation, unified safety and standardized systems'. The communication adaptation layer mainly considers the development of an adaptive 5G power terminal and a 5G communication terminal module oriented to ubiquitous service access. The network layer considers the fusion problem of the 5G network and the power communication network and the related high-performance forwarding technology so as to support the high-reliability bearing of the 5G to the power service. The supporting system carries out overall management on 5G and electric power wireless communication, and meanwhile, the research of slice agile management and control technology is used for realizing efficient management of 5G network slices by a power grid enterprise.

In the aspect of a security access system, the project provides related solutions of terminal, network and information security in a systematic manner according to the layering of the network. And finally, construction and development of four large platforms for transformation of the digital power grid are supported. However, the authentication in the prior art does not have an identity identifier of an encryption policy, and the like, cannot reject an access request which does not meet the condition, is easy to be attacked, and has low authentication efficiency and reliability.

In view of the above situation, the present invention provides an authentication method and system based on 5G power, which can effectively improve the prior art to overcome the disadvantages thereof.

Disclosure of Invention

Aiming at the defects of the prior art, the invention provides an authentication method and system based on 5G power, which are used for solving the problems in the prior art, and the specific scheme is as follows:

in a first aspect, the present invention provides an authentication method based on 5G power, including:

a gateway receives a service establishment request of a user terminal, wherein the service establishment request carries encrypted data of the user terminal identity;

the gateway acquires the identity identifier from the access request, judges whether the identity identifier is consistent with the stored identity identifier or not, and sends an authentication request carrying the service establishment request to a server if the identity identifier is consistent with the stored identity identifier;

and the server carries out authentication and certification on the authentication request, and receives the service establishment request of the user terminal if the authentication and certification is passed.

Preferably, the gateway obtains the identity from the access request, and the method includes:

and the gateway decrypts the encrypted data carried by the user terminal by using an elliptic curve private key to obtain a user certificate, and analyzes the user certificate to obtain the identity of the user terminal.

Preferably, the determining whether the identity is consistent with a stored identity includes:

and the gateway analyzes and compares the user certificate with a pre-stored user certificate, and obtains whether the dynamic feature description codes in the analyzed user certificate are consistent or not according to the analysis and comparison result.

Preferably, the method further comprises:

and the server and the user terminal determine a service relationship, and return corresponding service resources to the user terminal through the gateway according to the received service establishment request.

Preferably, the method returns corresponding service resources to the user terminal through the gateway according to the received service establishment request, and includes:

the server analyzes the data type of the request service from the authentication request;

and according to the fact that the data type of the requested service is a text or image type, the elliptic curve private key of the public and private key pair corresponding to the text or image type is used for encrypting the service data and then returning the service data to the user terminal through the gateway.

In a second aspect, the present invention provides an authentication system based on 5G power, the system comprising:

the receiving module is used for receiving a service establishment request of a user terminal by a gateway, wherein the service establishment request carries encrypted data of the user terminal identity;

the extraction module is used for acquiring the identity identifier from the access request by the gateway, judging whether the identity identifier is consistent with the stored identity identifier or not, and if so, sending an authentication request carrying the service establishment request to a server;

and the authentication module is used for carrying out authentication and certification on the authentication request by the server and receiving the service request established by the user terminal if the authentication and certification is passed.

In a third aspect, the present invention provides an authentication device based on 5G power, including:

the communication bus is used for realizing the connection communication between the processor and the memory;

a memory for storing a computer program;

a processor for executing the computer program to implement the steps of:

a gateway receives a service establishment request of a user terminal, wherein the service establishment request carries encrypted data of the user terminal identity;

the gateway acquires the identity identifier from the access request, judges whether the identity identifier is consistent with the stored identity identifier or not, and sends an authentication request carrying the service establishment request to a server if the identity identifier is consistent with the stored identity identifier;

and the server carries out authentication and certification on the authentication request, and receives the service establishment request of the user terminal if the authentication and certification is passed.

In a fourth aspect, the invention provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, performs the method according to the first aspect.

The invention has the beneficial effects that: the invention discloses an authentication method and system based on 5G electric power.A service establishment request of a user terminal is received through a gateway, wherein the service establishment request carries encrypted data of an identity label of the user terminal; the gateway acquires the identity identifier from the access request, judges whether the identity identifier is consistent with the stored identity identifier or not, and sends an authentication request carrying the service establishment request to a server if the identity identifier is consistent with the stored identity identifier; and the server carries out authentication and certification on the authentication request, and receives the service establishment request of the user terminal if the authentication and certification is passed. The advantages are that: the identity mark with encryption strategy can deny access to the access request which does not meet the condition, thus having the effect of anti-attack, high authentication reliability and high authentication efficiency.

Drawings

In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, it is obvious that the drawings in the following description are only some embodiments of the present invention, the embodiments in the drawings do not constitute any limitation to the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.

Fig. 1 is a schematic flow chart of an authentication method based on 5G power according to an embodiment of the present invention.

Fig. 2 is a schematic structural diagram of an embodiment of the authentication system based on 5G power according to the present invention.

Fig. 3 is a schematic structural diagram of an embodiment of the authentication device based on 5G power according to the present invention.

Detailed Description

The technical solution of the present invention will be further described in detail with reference to the accompanying drawings and embodiments, which are preferred embodiments of the present invention. It is to be understood that the described embodiments are merely a subset of the embodiments of the invention, and not all embodiments; it should be noted that the embodiments and features of the embodiments may be combined with each other without conflict. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

The main idea of the technical scheme of the embodiment of the invention is as follows: a gateway receives a service establishment request of a user terminal, wherein the service establishment request carries encrypted data of the user terminal identity; the gateway acquires the identity identifier from the access request, judges whether the identity identifier is consistent with the stored identity identifier or not, and sends an authentication request carrying the service establishment request to a server if the identity identifier is consistent with the stored identity identifier; and the server carries out authentication and certification on the authentication request, and receives the service establishment request of the user terminal if the authentication and certification is passed.

In order to better understand the technical solutions, the technical solutions will be described in detail below with reference to the drawings and specific embodiments.

Example one

An embodiment of the present invention provides an authentication method based on 5G power, as shown in fig. 1, the method may specifically include the following steps:

step S101, the gateway receives a service establishment request of the user terminal.

In the embodiment of the present invention, the service establishment request carries encrypted data of the user terminal identity. The method is exemplarily applied to a service access system comprising a user terminal, a router, a server and a service system, wherein the user terminal can send a service bearer allocation request carrying user information such as equipment identification, address location and the like in a wired or wireless communication mode, and the router and the server sequentially acquire the service bearer allocation request sent by the user terminal and finally access the service system. The execution subject of each step in this embodiment may specifically be various devices accessing the function.

It should be noted that, in this embodiment, an execution subject of each step may specifically be an electronic device of the internet of things device, and may also be other devices that can implement the same or similar functions, for example: mobile phone, personal computer, PAD, etc., which are not limited in this embodiment.

Step S102, the gateway obtains the identity mark from the access request, and judges whether the identity mark is consistent with the stored identity mark, if so, the gateway sends an authentication request carrying the service establishment request to a server.

In the embodiment of the present invention, specifically, the gateway decrypts the encrypted data carried by the user terminal by using an elliptic curve private key to obtain a user certificate, and analyzes the user certificate to obtain the identity of the user terminal; and the gateway analyzes and compares the user certificate with a pre-stored user certificate, obtains whether the dynamic feature description codes in the analyzed user certificate are consistent or not according to the analysis and comparison result, and sends an authentication request carrying the service establishment request to a server if the dynamic feature description codes are consistent.

Step S103, the server carries out authentication and certification to the authentication request, and receives the service request established by the user terminal if the authentication and certification is passed.

In an optional embodiment, the method further includes determining, by the server, a service relationship with the user terminal, and returning, according to the received service establishment request, a corresponding service resource to the user terminal through the gateway. Specifically, after the server establishes a service relationship with the user terminal, the server analyzes the data type of the request service from the authentication request; and the server encrypts the service data by using an elliptic curve private key of a public and private key pair corresponding to the text or image type according to the fact that the data type of the request service is the text or image type, and then returns the service data to the user terminal through the gateway.

Example two

An embodiment of the present invention provides an authentication system based on 5G power, as shown in fig. 2, the system may specifically include the following modules:

and the receiving module is used for receiving the service establishment request of the user terminal by the gateway.

In the embodiment of the present invention, the service establishment request carries encrypted data of the user terminal identity. The method is exemplarily applied to a service access system comprising a user terminal, a router, a server and a service system, wherein the user terminal can send a service bearer allocation request carrying user information such as equipment identification, address location and the like in a wired or wireless communication mode, and the router and the server sequentially acquire the service bearer allocation request sent by the user terminal and finally access the service system. The execution subject of each step in this embodiment may specifically be various devices accessing the function.

It should be noted that, in this embodiment, an execution subject of each step may specifically be an electronic device of the internet of things device, and may also be other devices that can implement the same or similar functions, for example: mobile phone, personal computer, PAD, etc., which are not limited in this embodiment.

And the extraction module is used for acquiring the identity identifier from the access request by the gateway, judging whether the identity identifier is consistent with the stored identity identifier or not, and if so, sending an authentication request carrying the service establishment request to a server.

In the embodiment of the present invention, specifically, the gateway decrypts the encrypted data carried by the user terminal by using an elliptic curve private key to obtain a user certificate, and analyzes the user certificate to obtain the identity of the user terminal; and the gateway analyzes and compares the user certificate with a pre-stored user certificate, obtains whether the dynamic feature description codes in the analyzed user certificate are consistent or not according to the analysis and comparison result, and sends an authentication request carrying the service establishment request to a server if the dynamic feature description codes are consistent.

And the authentication module is used for carrying out authentication and certification on the authentication request by the server and receiving the service request established by the user terminal if the authentication and certification is passed.

In an optional embodiment, the method further includes determining, by the server, a service relationship with the user terminal, and returning, according to the received service establishment request, a corresponding service resource to the user terminal through the gateway. Specifically, after the server establishes a service relationship with the user terminal, the server analyzes the data type of the request service from the authentication request; and the server encrypts the service data by using an elliptic curve private key of a public and private key pair corresponding to the text or image type according to the fact that the data type of the request service is the text or image type, and then returns the service data to the user terminal through the gateway.

EXAMPLE III

An embodiment of the present invention provides an authentication device based on 5G power, as shown in fig. 3, the device may specifically include the following modules:

the communication bus is used for realizing the connection communication between the processor and the memory;

a memory for storing a computer program; the memory may comprise high-speed RAM memory and may also comprise non-volatile memory, such as at least one disk memory. The memory may optionally comprise at least one memory device.

A processor for executing the computer program to implement the steps of:

first, a gateway receives a service establishment request of a user terminal.

In the embodiment of the present invention, the service establishment request carries encrypted data of the user terminal identity. The method is exemplarily applied to a service access system comprising a user terminal, a router, a server and a service system, wherein the user terminal can send a service bearer allocation request carrying user information such as equipment identification, address location and the like in a wired or wireless communication mode, and the router and the server sequentially acquire the service bearer allocation request sent by the user terminal and finally access the service system. The execution subject of each step in this embodiment may specifically be various devices accessing the function.

It should be noted that, in this embodiment, an execution subject of each step may specifically be an electronic device of the internet of things device, and may also be other devices that can implement the same or similar functions, for example: mobile phone, personal computer, PAD, etc., which are not limited in this embodiment.

Then, the gateway acquires the identity mark from the access request, judges whether the identity mark is consistent with the stored identity mark, and sends an authentication request carrying the service establishment request to a server if the identity mark is consistent with the stored identity mark.

In the embodiment of the present invention, specifically, the gateway decrypts the encrypted data carried by the user terminal by using an elliptic curve private key to obtain a user certificate, and analyzes the user certificate to obtain the identity of the user terminal; and the gateway analyzes and compares the user certificate with a pre-stored user certificate, obtains whether the dynamic feature description codes in the analyzed user certificate are consistent or not according to the analysis and comparison result, and sends an authentication request carrying the service establishment request to a server if the dynamic feature description codes are consistent.

And finally, the server carries out authentication and certification on the authentication request, and receives the service request established by the user terminal if the authentication and certification is passed.

In an optional embodiment, the method further includes determining, by the server, a service relationship with the user terminal, and returning, according to the received service establishment request, a corresponding service resource to the user terminal through the gateway. Specifically, after the server establishes a service relationship with the user terminal, the server analyzes the data type of the request service from the authentication request; and the server encrypts the service data by using an elliptic curve private key of a public and private key pair corresponding to the text or image type according to the fact that the data type of the request service is the text or image type, and then returns the service data to the user terminal through the gateway.

The processor in this embodiment may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware in a processor or instructions in the form of software. The processor described above may be a general purpose processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components. The various methods, steps and logic blocks disclosed in the embodiments of the present invention may be implemented or performed. The processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with the embodiments of the present invention may be directly implemented by a hardware processor, or may be implemented by a combination of hardware and software modules in the processor. The software module may be located in ram, flash memory, rom, prom, or eprom, registers, etc. storage media as is well known in the art. The storage medium is located in a memory, and a processor reads information in the memory and completes the steps of the method in combination with hardware of the processor.

Example four

An embodiment of the present invention provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the authentication method based on 5G power.

In summary, the authentication method and system based on 5G power provided in the embodiments of the present invention receive a target service bearer allocation request; analyzing the equipment identifier of the allocation request, and determining the priority of the target service according to the equipment identifier; and performing resource allocation on the target service according to the priority. The advantages are that: under the condition of limited network bandwidth, the network bandwidth of the system is optimally distributed according to the priority requirements of different service types and service quantities, and the response rate of the service and the utilization rate of the whole system resources are improved.

It should be noted that, for simplicity of description, the above-mentioned method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the order of acts, as some steps may occur in other orders or concurrently in accordance with the invention. Further, those skilled in the art should also appreciate that the embodiments described in the specification are exemplary embodiments and that the acts and modules illustrated are not necessarily required to practice the invention.

The above embodiments may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, the above-described embodiments may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. The procedures or functions described in accordance with the embodiments of the present application are generated in whole or in part when the computer program instructions are loaded or executed on a computer. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored on a computer readable storage medium or transmitted from one computer readable storage medium to another computer readable storage medium, for example, the computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center by wire (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that contains one or more collections of available media. The available media may be magnetic media (e.g., floppy disks, hard disks, tapes), optical media (e.g., DVDs), or semiconductor media. The semiconductor medium may be a solid state disk.

Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.

In the foregoing embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.

It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.

In the embodiments provided in the present invention, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.

The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.

In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.

The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a read-only memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.

The present invention has been described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (devices) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.

Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.