CN102377589A - Right management control method and terminal - Google Patents
Right management control method and terminal Download PDFInfo
- Publication number
- CN102377589A CN102377589A CN2010102578268A CN201010257826A CN102377589A CN 102377589 A CN102377589 A CN 102377589A CN 2010102578268 A CN2010102578268 A CN 2010102578268A CN 201010257826 A CN201010257826 A CN 201010257826A CN 102377589 A CN102377589 A CN 102377589A
- Authority
- CN
- China
- Prior art keywords
- manager
- destination node
- commission
- clientage
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The embodiment of the invention provides a right management control method and a terminal. The method comprises the following steps of: configuring the attributes of a target node on a management tree according to information about trust relationships between a trusting manager and a trusted manager, wherein the information about the trust relationships comprises a trusting manager identifier, a trusted manager identifier, the information of the target node, trusted rights and a trust level; receiving an operating request for the target node from a first manager, and judging whether the first manager has operating rights or not according to the configured attributes of the target node; and performing a corresponding operation on the target node according to the operating request if the first manager has the operating rights, otherwise denying the first manager to perform the operation on the target node. The terminal provided by the embodiment of the invention comprises a management tree execution module and an equipment management agent module. By the method, the terminal can determine the trust relationships among a plurality of managers, and perform right management control on a node according to the trust relationships.
Description
Technical field
The embodiment of the invention relates to the communication technology, relates in particular to a kind of method and terminal of realizing rights management control.
Background technology
Open Mobile Alliance (Open Mobile Alliances; Hereinafter to be referred as " OMA ") equipment control (Device Management; Hereinafter to be referred as " DM ") be a kind ofly to download on the terminal from network side through the supervisory instruction of air download technology with manager; And move automatically, and then accomplish the technology of telemanagement such as terminal software and hardware installation and upgrading, parameter configuration, diagnosis by the terminal.
In the OMA DM technology, mainly comprise terminal and DM server.Comprise DM agency and DM management tree in the terminal, the DM management tree is equivalent to the interface that the DM server is managed the terminal, and the DM agency is used to explain and carry out the administration order that the DM server issues.Each node on the DM management tree all has ACL (hereinafter to be referred as " ACL ") attribute separately.
In OMA DM technology; Can there be a plurality of managers in a terminal; One of them manager can give another manager with own administration authority delegable to a node in this terminal; The trustee has then had the administration authority that the consigner entrusted, and can utilize this administration authority that the node in the terminal is managed accordingly.
At present; Carry out the situation of delegable to a plurality of managers at a terminal; The process of rights management control mainly comprises: to the node in the terminal, and setting can be managed this node in the ACL property of this node each manager's information and authority thereof.Such as; Manager 1 has " deletion " authority to node A; Manager 1 will give manager 2 to " deletion " authority delegable of node A, like this, in the ACL property of node A, just set out manager 1 and will have " deletion " authority to this node A with manager 2; When this node A is follow-up when being carried out " deletion " and operate by manager; The terminal can be confirmed whether this manager has to this node A according to the ACL property of this node A and carry out " deletion " operation permission; If have; Then corresponding " deletion " operation is carried out to this node A in the terminal, otherwise refusal is carried out.
In realizing process of the present invention; The inventor finds to exist at least in the prior art following problem: when realizing rights management control; The method that prior art adopts is exactly the manager of record node in the terminal and this manager's authority information, like this, even node exists a plurality of managers and this a plurality of managers to have clientage; The terminal also can only confirm node corresponding which manager and each manager's authority; And can't confirm the clientage between a plurality of managers, also just can't carry out rights management control to node, thereby reduce QoS according to clientage.
Summary of the invention
The embodiment of the invention provides a kind of method and terminal of realizing rights management control, can confirm the clientage between a plurality of managers, according to clientage node is carried out rights management control.
The method of the realization rights management control that the embodiment of the invention provides comprises:
Attribute according to destination node on the clientage information configuration management tree between mandatory administration side and the on commission manager; Said clientage information comprises: mandatory administration square mark, on commission manager sign, the information of destination node, on commission authority and trust grade;
Receive the operation requests of first manager to said destination node, whether said first manager of said determined property who is configured according to this destination node has operating right; If, according to said operation requests said destination node is carried out corresponding operation, otherwise, said first manager refused to said destination node executable operations.
The terminal that the embodiment of the invention provides comprises:
The management tree Executive Module is used for the attribute according to destination node on the clientage information configuration management tree between mandatory administration side and the on commission manager; Said clientage information comprises: mandatory administration square mark, on commission manager sign, the information of destination node, on commission authority and trust grade;
The equipment control proxy module is used to receive the operation requests of first manager to said destination node, and whether said first manager of said determined property who is configured according to said destination node has operating right; If, according to said operation requests said destination node is carried out corresponding operation, otherwise, said first manager refused to said destination node executable operations.
The method and the terminal of the realization rights management control that the embodiment of the invention proposes; Can be according to the attribute of destination node on the clientage information configuration management tree between mandatory administration side and the on commission manager; Specifically comprise mandatory administration square mark, on commission manager sign, the information of destination node, on commission authority in the clientage information and entrust grade; Like this; Just can make the terminal know clientage to a destination node; Promptly which kind of a destination node manager entrust grade to entrust to another manager its which kind of authority with, thereby can carry out corresponding control of authority to this clientage, thereby improved QoS.
Description of drawings
In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art; To do one to the accompanying drawing of required use in embodiment or the description of the Prior Art below introduces simply; Obviously, the accompanying drawing in describing below is some embodiments of the present invention, for those of ordinary skills; Under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the basic flow sheet of the method for the realization rights management control that proposes of the embodiment of the invention;
Fig. 2 is a flow chart of realizing rights management control in the embodiment of the invention 1;
Fig. 3 is the sketch map that utilizes the Delegation subtree configuration clientage of adding in the embodiment of the invention 1;
Fig. 4 is a flow chart of realizing rights management control in the embodiment of the invention 2;
Fig. 5 is a flow chart of realizing rights management control in the embodiment of the invention 3;
Fig. 6 is a kind of structural representation at terminal in the embodiment of the invention;
Fig. 7 is the another kind of structural representation at terminal in the embodiment of the invention 4;
Fig. 8 is the another kind of structural representation at terminal in the embodiment of the invention 5;
Fig. 9 is the another kind of structural representation at terminal in the embodiment of the invention 6;
Figure 10 is the another kind of structural representation at terminal in the embodiment of the invention 7;
Figure 11 is the another kind of structural representation at terminal in the embodiment of the invention 8;
Figure 12 is the another kind of structural representation at terminal in the embodiment of the invention 9;
Figure 13 is the another kind of structural representation at terminal in the embodiment of the invention 10;
Figure 14 is the another kind of structural representation at terminal in the embodiment of the invention 11.
Embodiment
For the purpose, technical scheme and the advantage that make the embodiment of the invention clearer; To combine the accompanying drawing in the embodiment of the invention below; Technical scheme in the embodiment of the invention is carried out clear, intactly description; Obviously, described embodiment is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills are not making the every other embodiment that is obtained under the creative work prerequisite, all belong to the scope of the present invention's protection.
The embodiment of the invention provides a kind of method that realizes rights management control, and referring to Fig. 1, this method comprises:
Step 101: according to the attribute of destination node on the clientage information configuration management tree between mandatory administration side and the on commission manager; Wherein, comprise mandatory administration square mark, on commission manager sign, the information of destination node, on commission authority and trust grade in the clientage information.
Step 102: receive the operation requests of first manager to destination node, whether said determined property first manager who is configured according to this destination node has operating right, if then execution in step 103, otherwise, execution in step 104.
Step 103: according to operation requests destination node is carried out corresponding operation, finish current flow process.
Step 104: refuse first manager to the destination node executable operations.
It is thus clear that; Because in the method for the realization rights management control that the embodiment of the invention proposes; Can be according to the attribute of destination node on the clientage information configuration management tree between mandatory administration side and the on commission manager; Specifically comprise mandatory administration square mark, on commission manager sign, the information of destination node, on commission authority in the clientage information and entrust grade; Like this, just can make the terminal know the clientage to a destination node, promptly which kind of a destination node manager entrust grade to entrust to another manager its which kind of authority with; Thereby can carry out corresponding control of authority to this clientage, thereby improve QoS.
On the management tree at terminal, there are corresponding each manager's the tree structure and the various attributes of corresponding each node, so, and in the realization of the embodiment of the invention, the specific object that is configured of firm order relation information according to actual needs.The difference of the attribute that is configured according to clientage information, specifically can there be following business scenario in the embodiment of the invention:
Business scenario one, under terminal management account number (hereinafter to be referred as " the DMAcc ") management object of management tree; Stored each manager's account; Therefore; Can under this DMAcc management object, add a trust (hereinafter to be referred as " Delegation ") subtree to each manager who relates to the authority trust; The Delegation subtree configuration clientage information of utilize adding, and according to ACL (hereinafter to be referred as " the ACL ") attribute of the clientage information configuration destination node of this Delegation subtree configuration.
Business scenario two, under the DMAcc of management tree management object; Stored each manager's account; Corresponding each manager is reserved with expanding node; Therefore, the expanding node that can under this DMAcc management object, utilize each to relate to the manager that authority entrusts disposes clientage information, and according to the ACL property of the clientage information configuration destination node that disposes in this expanding node.
Business scenario three, on management tree, each destination node of being managed all has the attribute of oneself, therefore, can be in the attribute of destination node direct configuration clientage information.
Lift a specific embodiment respectively to three kinds of business scenarios below and specify the process of carrying out rights management control.
Embodiment 1:
This embodiment 1 is applicable to above-mentioned business scenario one, utilizes the Delegation subtree configuration clientage of adding, and the ACL property of configuration destination node, thereby realizes follow-up rights management control to clientage.Referring to Fig. 2, in the embodiment of the invention 1, realize that the process of rights management control comprises the steps:
Step 201: under the DMAcc of management tree management object, add a Delegation subtree to the manager who relates to the authority trust.
Step 202: with the clientage information configuration between mandatory administration side and the on commission manager on the Delegation subtree of being added.
In above-mentioned steps, can add corresponding to mandatory administration side when adding the Delegation subtree, also can add corresponding on commission manager, can also all add mandatory administration side and on commission manager; Accordingly; Clientage information can be configured on the Delegation subtree of mandatory administration side; Also can be configured on commission manager's the Delegation subtree, can also clientage information be configured in respectively on the Delegation subtree of mandatory administration side on the Delegation subtree with on commission manager.
Clientage information between mandatory administration side and the on commission manager specifically can comprise: mandatory administration square mark, on commission manager sign, the information of destination node, on commission authority and trust grade.
About clientage information, at first, the information of destination node comprises following at least a: the generic resource identifier of destination node (being designated hereinafter simply as " URI "), management object sign (hereinafter to be referred as " MOI ") or MOI and particular sections point value.
Secondly, on commission authority representes mandatory administration side has entrusted on commission manager with which kind of authority of oneself to destination node.The value of on commission authority can conformance with standard ACL value literary style.Such as, mandatory administration side ServerA has entrusted on commission manager ServerB with " Get " and " Delete " authority, and so, the value of on commission authority is " Get=ServerB&Delete=ServerB ".
Once more, entrusting grade is to control and be provided with based on the rights management of clientage in order to realize, is used to reflect mandatory administration side and the have degree of on commission manager to institute's scope of authority.Entrust grade to be arranged to: the full trust, expression mandatory administration side is after entrusting on commission manager with an authority, and this mandatory administration side has this authority no longer.Entrust grade also can be arranged to: share and entrust, expression mandatory administration side is after entrusting on commission manager with an authority, and this mandatory administration side still has this authority.
At last, in order further to improve the effect of carrying out rights management control based on clientage, the clientage information between mandatory administration side and the on commission manager can further include: trust comes into force time started and/or entrust the effective duration.Wherein, entrust the time started of coming into force to be used to control and entrust the time point that comes into force, thereby make mandatory administration can reach the operating position of controlling institute's scope of authority better.Wherein, entrust the effective duration to be used for the authority that the terminal can be reclaimed mandatory administration side voluntarily and entrusted away, make on commission manager no longer continue to have on commission authority.
Can be through Delegation subtree configuration clientage information referring to shown in Figure 3.Can further reserve the expanding node shown in Fig. 3 on the Delegation subtree, so that when the content enhancing that clientage information comprises, can be through the content of this expanding node record enhancing.
Step 203: when timing arrival trust comes into force the time started, on management tree, find destination node.
If the information of destination node is the URI of this destination node in the clientage information, so, directly find the destination node of the correspondence on the management tree in this step according to this URI.
If the information of destination node is MOI in the clientage information, so, because the common corresponding one or more subtrees of MOI, therefore, in this step the root node that on management tree, finds subtree that should MOI.
If the information of destination node is MOI and particular sections point value in the clientage information, then at first on management tree, find each subtree that should MOI, find the root node of subtree then with this particular sections point value from this each subtree.
Step 204:, revise the ACL value of the destination node that is found according to mandatory administration square mark, on commission manager sign, on commission authority and trust grade.
If entrusting grade be full the trust, so, the process of revising the ACL value of the destination node that is found comprises: the corresponding authority of using mandatory administration side in the ACL value of the destination node that on commission authority covering found.Such as; Mandatory administration side ServerA will entrust on commission manager ServerB entirely to " Get " and " Delete " authority of node 1; The value of on commission authority is " Get=ServerB&Delete=ServerB "; So, in the ACL of the node that is found 1 value, comprised the authority " Get=ServerA&Delete=ServerA " of mandatory administration side ServerA originally to this node; Entrusting grade be under the full situation of entrusting, and use " Get=ServerB&Delete=ServerB " covers " Get=ServerA&Delete=ServerA " in the ACL value of this node 1.Thereby make mandatory administration side ServerA no longer continue to have " Get " and " Delete " authority to this node 1.Further, no longer continue to have this authority in order to ensure mandatory administration side ServerA, also further " Get " of corresponding A CL value and " Delete " authority are added the label of getting rid of this mandatory administration side ServerA.
If entrust grade to entrust for sharing, so, the process of revising the ACL value of the destination node that is found comprises: in the ACL of the node that is found 1 value, add on commission authority.Such as; Mandatory administration side ServerA will share " Get " and " Delete " authority of node 1 and entrust on commission manager ServerB; The value of on commission authority is " Get=ServerB&Delete=ServerB ", so, and in the ACL of the node that is found 1 value; Originally comprised the authority " Get=ServerA&Delete=ServerA " of mandatory administration side ServerA to this node 1; Entrusting grade for sharing under the situation of entrusting, still keep " Get=ServerA&Delete=ServerA ", in the ACL value, add again simultaneously " Get=ServerB&Delete=ServerB ".Thereby make mandatory administration side ServerA and on commission manager ServerB all have " Get " and " Delete " authority to this node 1.
Step 205: the terminal receives the operation requests of a manager (being designated as " manager 1 ") to a destination node (being designated as " node 1 ").
Step 206: the terminal judges according to node 1 current ACL value whether manager 1 has operating right, if then execution in step 207, otherwise, execution in step 208.
Step 207: according to operation requests node 1 is carried out corresponding operation, finish current flow process.
Step 208: 1 pair of node 1 executable operations of refusal manager.
Entrust the effective duration if comprise in the clientage information that disposes on the Delegation subtree; So; After above-mentioned steps 204 is revised the ACL value of the destination node that is found; Above-mentioned flow process shown in Figure 2 can further include: when the finish time of effective duration arrive is entrusted in timing, the ACL value of the said destination node that finds reverted to revise preceding ACL value.
In the embodiment of the invention 1; Can be through disposing the clientage information between mandatory administration side and the on commission manager in the Delegation subtree of adding on the management tree; And the ACL value of modifying target node, like this, just can make the terminal know clientage to a destination node; Promptly a destination node manager has entrusted to another manager with its which kind of authority, thereby can carry out corresponding control of authority to this clientage.Such as, entrust grade can realize full trust and shared entrust of mandatory administration side through being provided with, thereby increased the flexibility of rights management control greatly on commission manager, optimized service feature.
Embodiment 2:
This embodiment 2 is applicable to above-mentioned business scenario two; Utilize the expanding node of reserving under the DMAcc management object to dispose clientage information; And according to the ACL value of this clientage information modifying target node, thereby realize follow-up rights management control to clientage.Referring to Fig. 4, in the embodiment of the invention 2, realize that the process of rights management control comprises the steps:
Step 401: under the DMAcc of management tree management object, utilize the manager's who relates to the authority trust expanding node to dispose the clientage information between mandatory administration side and the on commission manager.
Particularly, can be in the corresponding expanding node value in mandatory administration side and/or be configured in the corresponding expanding node value of on commission manager with the clientage information configuration.
Entrust the content of relation information and act on identical in the content of entrusting relation information in this step and effect and the above-mentioned steps 202.
The content that step 402~407 are described is identical with the content that step 203~208 are described.
In the expanding node value under the DMAcc management object; If comprising, the clientage information of configuration entrusts the effective duration; So; Revise the ACL value of the destination node that is found in above-mentioned steps 402 after, above-mentioned flow process shown in Figure 4 may further include: when timing arrives the finish time of entrusting the effective duration, the ACL value of the said destination node that finds is reverted to the preceding ACL value of modification.
In the embodiment of the invention 2; Can dispose the clientage information between mandatory administration side and the on commission manager through the expanding node of reserving under the DMAcc management object; And, like this, just can make the terminal know clientage to a destination node according to this clientage information modification ACL value; Promptly a destination node manager has entrusted to another manager with its which kind of authority, thereby can carry out corresponding control of authority to this clientage.Such as, entrust grade can realize full trust and shared entrust of mandatory administration side through being provided with, thereby increased the flexibility of rights management control greatly on commission manager, optimized service feature.
Embodiment 3:
This embodiment 3 is applicable to above-mentioned business scenario three, utilizes the newly-increased attribute of destination node to dispose clientage information, thereby realizes follow-up rights management control to clientage.Referring to Fig. 5, in the embodiment of the invention 3, realize that the process of rights management control comprises the steps:
Step 501: after mandatory administration side will entrust on commission manager to the operating right of destination node, mandatory administration side generated the certificate of authority of the clientage information between mandatory administration side and the on commission manager that stores.
In this step, the clientage information in the certificate of authority can comprise: mandatory administration square mark, on commission manager sign, the information of destination node, on commission authority and trust grade.
Wherein, entrust grade specifically can for: entrust entirely, share and entrust or son is entrusted.When entrusting grade to be the son trust; On commission manager's sign comprises the on commission manager's sign of the on commission manager's sign of the first order and the second level; After expression mandatory administration side entrusts to the on commission manager of the first order with authority, allow the on commission manager of this first order that this authority is continued to entrust to the on commission manager in the second level.
And further, the clientage information in the certificate of authority can also comprise: entrust the time started and/or entrust the effective duration of coming into force.
In the present embodiment 3, on commission authority, complete entrust, share and entrust, entrust description corresponding in the effect that comes into force the time started and entrust the effective duration and associated description and the above-mentioned steps 202 identical.
Step 502: mandatory administration side sends to the terminal with the certificate of authority.
Step 503: the terminal is configured in the certificate of authority in the newly-increased attribute of destination node on the management tree.
Such as, mandatory administration side ServerA will entrust on commission manager ServerB to " Get " and " Delete " authority of destination node 1, and so, the certificate of authority just is configured in the newly-increased attribute of destination node 1 on the management tree.
Step 504: the terminal receives the operation requests of a manager (being designated as " manager 1 ") to a destination node (being designated as " node 1 ").
Step 505: the terminal judges according to the certificate of authority in node 1 attribute whether manager 1 has operating right, if having, then execution in step 506, otherwise, execution in step 507.
In this step, the trust in the certificate of authority come into force time started, mandatory administration square mark, on commission manager sign, on commission authority and entrust grade can be used for judging whether manager 1 has operating right.Process such as a kind of judgement comprises the steps:
Step 5051: judge the current time whether after trust comes into force the time started, if then execution in step 5052, otherwise, direct execution in step 507.
Step 5052: judge according to mandatory administration square mark, on commission manager sign, on commission authority and trust grade whether manager 1 has operating right, if having, execution in step 506, otherwise, execution in step 507.
If entrusting grade is full the trust; So; Concrete deterministic process comprises in this step: identify to judge whether manager 1 is on commission manager according on commission manager, if then judge according on commission authority whether intra vires said operation requests; If, confirm that then manager 1 has operating right;
If entrusting grade entrusts for sharing; So; Concrete deterministic process comprises in this step: identify to judge whether manager 1 is any among mandatory administration side and the on commission manager according to mandatory administration square mark and on commission manager, if then judge according on commission authority whether intra vires said operation requests; If, confirm that then manager 1 has operating right;
If entrusting grade is that son is entrusted; So; Concrete deterministic process comprises in this step: identify to judge whether manager 1 is the on commission manager in the second level according to the on commission manager in the second level, if then judge according on commission authority whether intra vires said operation requests; If, confirm that then manager 1 has operating right.
Step 506: according to operation requests node 1 is carried out corresponding operation, finish current flow process.
Step 507: 1 pair of node 1 executable operations of refusal manager.
Entrust the effective duration if comprise in the certificate of authority; So; After above-mentioned steps 503 is configured in the certificate of authority in the newly-increased attribute of destination node on the management tree; Above-mentioned flow process shown in Figure 5 further comprises: when timing arrives the finish time of entrusting the effective duration, and this certificate of authority of deletion from the attribute of this destination node.
In the embodiment of the invention 3; Can utilize the newly-increased attribute of destination node on the management tree to dispose the clientage information of certificate of authority mode; Like this; Just can make the terminal know the clientage to a destination node, promptly a destination node manager has entrusted to another manager with its which kind of authority, thereby can carry out corresponding control of authority to this clientage.Such as, entrust grade can realize that mandatory administration side entrusts and shared the trust on commission manager's full trust, son through being provided with, thereby increased the flexibility of rights management control greatly, optimized service feature.
Need to prove; The mode of adding the Delegation subtree among the embodiment 1 has just been added a branch on the management tree at terminal; Just utilized the original expanding node well of just reserving under the DMAcc management object among the embodiment 2, embodiment 3 has just utilized the newly-increased attribute of destination node, therefore; All less to the change of terminal original structure, be easy to realize.
Further, in embodiments of the invention 1 to embodiment 3, can control and entrust the time point that comes into force through the trust that is provided with time started of coming into force, thereby make mandatory administration can reach the operating position of controlling institute's scope of authority better.In addition; Through the effective duration of trust that is provided with; The terminal can be automatically returns to the preceding ACL value of modification with the ACL value of destination node among embodiment 1 and the embodiment 2, and among the embodiment 3, the terminal can be deleted the certificate of authority in the destination node attribute automatically; Carry out authority trust authority before thereby can both make follow-up limiting operation return to mandatory administration side, thereby realized that mandatory administration side's safety reclaims the authority of being entrusted away this destination node.
In embodiments of the invention 1 to embodiment 3; Can carry out the processing of each step in the above-mentioned flow chart by the terminal; Perhaps, also can carry out the processing of each step by the control appliance that the terminal connects, understandable; The connected mode of terminal and control appliance includes but not limited to wired connection mode or wireless connections mode, and concrete wired connection mode or wireless connections mode are not construed as limiting the invention.
The embodiment of the invention has also proposed a kind of terminal.Referring to Fig. 6, this terminal comprises:
Management tree Executive Module 601 is used for the attribute according to destination node on the clientage information configuration management tree between mandatory administration side and the on commission manager; Wherein, comprise mandatory administration square mark, on commission manager sign, the information of destination node, on commission authority and trust grade in the clientage information;
Equipment control proxy module 602 is used to receive the operation requests of first manager to destination node, and whether said determined property first manager who is configured according to destination node has operating right; If, according to operation requests destination node is carried out corresponding operation, otherwise, first manager refused to the destination node executable operations.
It is thus clear that; Because the terminal that the embodiment of the invention proposes can be according to the attribute of destination node on the clientage information configuration management tree between mandatory administration side and the on commission manager; Specifically comprise mandatory administration square mark, on commission manager sign, the information of destination node, on commission authority in the clientage information and entrust grade; Like this, just can make the terminal know the clientage to a destination node, promptly which kind of a destination node manager entrust grade to entrust to another manager its which kind of authority with; Thereby can carry out corresponding control of authority to this clientage, thereby improve QoS.
The terminal that the embodiment of the invention proposes can be applied to above-mentioned three kinds of business scenarios, and idiographic flow is referring to above-mentioned method embodiment.
The concrete structure and the function of each module when terminal equipment is applied to above-mentioned business scenario one or business scenario two at first, are described:
Optional; Referring to Fig. 7; In inventive embodiments 4, said management tree Executive Module 601 comprises the first management tree Executive Module 701, and this first management tree Executive Module 701 is used under the terminal management Account Administration object of management tree; Perhaps add the trust subtree corresponding to mandatory administration side, the clientage information configuration between mandatory administration side and the on commission manager is entrusted on subtree at this corresponding on commission manager; And according to entrusting the said clientage information that disposes on the subtree, the configuration management tree goes up the ACL attribute of destination node.
Optional; Referring to Fig. 8; In inventive embodiments 5; Said management tree Executive Module 601 comprises the second management tree Executive Module 801, and this second management tree Executive Module 801 is used under the terminal management Account Administration object of management tree, with the clientage information configuration between said mandatory administration side and the on commission manager in the corresponding expanding node value in this mandatory administration side or be configured in the corresponding expanding node value of on commission manager; And according to the said clientage information that disposes in this expanding node value, the configuration management tree goes up the ACL attribute of destination node.
Optional, referring to Fig. 7 and Fig. 9, in the embodiment of the invention 6; Can also comprise modified module 901 in the first management tree Executive Module 701; Referring to Fig. 8 and Figure 10, in the embodiment of the invention 7, also may further include modified module 1001 in the second management tree Executive Module 801; In the modified module 901 of Fig. 9 and the modified module 1001 of Figure 10 at least one can be used for the information according to said clientage information destination node; On management tree, find destination node,, revise the ACL value of the destination node that is found according to mandatory administration square mark, on commission manager sign, on commission authority and trust grade in the said clientage information;
Correspondingly,
Referring to Fig. 9, in the embodiment of the invention 6, said equipment control proxy module 602 also comprises judge module 902; Referring to Figure 10; In the embodiment of the invention 7; Said equipment control proxy module 602 also comprises judge module 1002, and at least one in said judge module 902 and the judge module 1002 can judge whether first manager has operating right according to the current ACL value of destination node.
Optional, referring to Fig. 9 and Figure 11, in the embodiment of the invention 8, also comprise Executive Module 1101 in the modified module 901 in the first management tree Executive Module 701; Referring to Figure 10 and Figure 12; In the embodiment of the invention 9; Also comprise Executive Module 1201 in the modified module 1001 in the second management tree Executive Module 801; In Executive Module 1101 and the Executive Module 1201 at least one can be used for coming into force time started and/or when entrusting effective duration when said clientage information further comprises trust; Trust according in the said clientage information comes into force the time started, arrives the ACL value of carrying out the destination node that said modification finds when this trust comes into force the time started; According to the effective duration of trust in the said clientage information; After the ACL value of the destination node that said modification is found; Further when arrive entrusting the finish time of effective duration, the ACL value of said destination node is reverted to the ACL value before revising.
Secondly, the concrete structure and the function of terminal applies each module when above-mentioned business scenario three are described:
Optional; Referring to Figure 13; In the embodiment of the invention 10; Said management tree Executive Module 601 also comprises the 3rd management tree Executive Module 1301, and said the 3rd management tree Executive Module 1301 is used for the certificate of authority that stores the clientage information between mandatory administration side and the on commission manager is configured in the newly-increased attribute of destination node on the management tree;
Correspondingly,
Said equipment control proxy module 602 also comprises the 3rd equipment control proxy module 1302, and said the 3rd equipment control proxy module 1302 is used for according to the mandatory administration square mark of the certificate of authority of destination node, on commission manager sign, on commission authority and entrusts grade to judge whether first manager has operating right.
Optional; Referring to Figure 14; In the embodiment of the invention 11; Said equipment control proxy module 602 also comprises the 4th equipment control proxy module 1402, and said the 4th equipment control proxy module 1402 is used for trust according to the certificate of authority of destination node time started of coming into force and judges whether first manager has operating right.
Referring to Figure 14; No matter whether comprise the 4th equipment control proxy module 1402 in the said equipment control proxy module 602; Can further comprise the 4th management tree Executive Module 1401 in the said management tree Executive Module 601; Said the 4th management tree Executive Module 1401 is used for after the certificate of authority is configured in the attribute of the corresponding destination node on the management tree; During finish time of the effective duration of trust in arriving the certificate of authority, this certificate of authority of deletion from the newly-increased attribute of this destination node.
One of ordinary skill in the art will appreciate that: all or part of step that realizes said method embodiment can be accomplished through the relevant hardware of program command; Aforesaid program can be stored in the computer read/write memory medium; This program the step that comprises said method embodiment when carrying out; And aforesaid storage medium comprises: various media that can be program code stored such as ROM, RAM, magnetic disc or CD.
What should explain at last is: above embodiment is only in order to explaining technical scheme of the present invention, but not to its restriction; Although with reference to previous embodiment the present invention has been carried out detailed explanation, those of ordinary skill in the art is to be understood that: it still can be made amendment to the technical scheme that aforementioned each embodiment put down in writing, and perhaps part technical characterictic wherein is equal to replacement; And these are revised or replacement, do not make the spirit and the scope of the essence disengaging various embodiments of the present invention technical scheme of relevant art scheme.
Claims (17)
1. a method that realizes rights management control is characterized in that, comprising:
Attribute according to destination node on the clientage information configuration management tree between mandatory administration side and the on commission manager; Said clientage information comprises: mandatory administration square mark, on commission manager sign, the information of destination node, on commission authority and trust grade;
Receive the operation requests of first manager to said destination node, whether said first manager of said determined property who is configured according to said destination node has operating right; If, according to said operation requests said destination node is carried out corresponding operation, otherwise, said first manager refused to said destination node executable operations.
2. the method for realization rights management control according to claim 1 is characterized in that,
This method further comprises: under the terminal management Account Administration object of said management tree; Add the trust subtree corresponding to said mandatory administration side and/or corresponding to said on commission manager, with the clientage information configuration between said mandatory administration side and the on commission manager on said trust subtree;
Said attribute according to destination node on the clientage information configuration management tree between mandatory administration side and the on commission manager comprises: according to the said clientage information that disposes on the said trust subtree, dispose the ACL attribute of said the above destination node of management tree.
3. the method for realization rights management control according to claim 1 is characterized in that,
This method further comprises: under the terminal management Account Administration object of said management tree, with the clientage information configuration between said mandatory administration side and the on commission manager in the corresponding expanding node value in said mandatory administration side and/or be configured in the corresponding expanding node value of said on commission manager;
Said attribute according to destination node on the clientage information configuration management tree between mandatory administration side and the on commission manager comprises: according to the said clientage information that disposes in the said expanding node value, dispose the ACL attribute of said the above destination node of management tree.
4. according to the method for claim 2 or 3 described realization rights management controls, it is characterized in that,
Said on commission authority is described according to the semantic grammar of ACL.
5. according to the method for claim 2 or 3 described realization rights management controls, it is characterized in that,
This method further comprises: the information according to destination node described in the said clientage information, find said destination node on said management tree;
The ACL attribute that said configuration management tree goes up destination node comprises: according to the said mandatory administration square mark in the said clientage information, said on commission manager's sign, said on commission authority and said trust grade, revise the ACL value of said destination node;
Whether said said determined property first manager who is configured according to destination node has operating right to comprise: judge according to the current ACL value of said destination node whether said first manager has operating right.
6. the method for realization rights management control according to claim 5 is characterized in that,
Said trust grade is full the trust; The ACL value of then said modifying target node comprises: use said on commission authority to cover the corresponding authority of mandatory administration side described in the ACL value of said destination node;
Perhaps,
Said trust grade is entrusted for sharing; The ACL value of then said modifying target node comprises: in the ACL value of said destination node, add said on commission authority.
7. the method for realization rights management according to claim 5 control is characterized in that said clientage information further comprises: entrust the time started and/or entrust the effective duration of coming into force;
If comprising entrusting comes into force the time started, arrive the ACL value of carrying out described modifying target node when this trust comes into force the time started;
Entrust the effective duration if comprise; Further comprising after the ACL value of said modifying target node: when the finish time of effective duration arrive is entrusted in timing, the ACL value of said destination node is reverted to the ACL value before revising.
8. the method for realization rights management control according to claim 5; It is characterized in that; The information of said destination node comprises following at least a: the generic resource identifier of said destination node, management object sign or management object sign and particular sections point value;
If be the management object sign, then saidly comprise: on said management tree, find root node subtree that should the management object sign in the step that finds said destination node on the management tree;
If be management object sign and particular sections point value; Then saidly finding the step of said destination node to comprise on the said management tree: on said management tree, to find each subtree of corresponding said management object sign, and from said each subtree, find the root node of subtree with said particular sections point value.
9. the method for realization rights management control according to claim 1 is characterized in that,
Said attribute according to destination node on the clientage information configuration management tree between mandatory administration side and the on commission manager comprises: the certificate of authority that will store the clientage information between said mandatory administration side and the on commission manager is configured in the newly-increased attribute of said the above destination node of management tree;
Whether said said first manager of said determined property who is configured according to destination node has operating right to comprise: confirm according to the said mandatory administration square mark in the said certificate of authority, said on commission manager's sign, said on commission authority and said trust grade whether said first manager has operating right.
10. the method for realization rights management control according to claim 9 is characterized in that,
Said trust grade is full the trust; Then saidly judge whether first manager has operating right to comprise: identify according to said on commission manager and judge whether said first manager is on commission manager; If; Then judge according to said on commission authority whether intra vires said operation requests; If, confirm that then said first manager has operating right;
Perhaps,
Said trust grade is entrusted for sharing; Then saidly judge whether first manager has operating right to comprise: identify according to said mandatory administration square mark and said on commission manager and judge whether said first manager is any among mandatory administration side and the on commission manager; If; Then judge according to said on commission authority whether intra vires said operation requests; If, confirm that then said first manager has operating right;
Perhaps,
Said trust grade is that son is entrusted, and said on commission manager's sign comprises the on commission manager's sign of the on commission manager's sign of the first order and the second level; Then saidly judge whether first manager has operating right to comprise: identify according to the on commission manager in the said second level and judge whether said first manager is the on commission manager in the second level; If; Then judge according to said on commission authority whether intra vires said operation requests; If, confirm that then said first manager has operating right.
11. the method according to claim 9 or 10 described realization rights management controls is characterized in that said clientage information comprises that further trust comes into force the time started; Then saidly judge whether first manager has operating right further to comprise: whether confirm after said trust comes into force the time started according to the current time whether said first manager has operating right;
And/or,
Said clientage information further comprises entrusts the effective duration; Then, the certificate of authority further comprises after being configured in the newly-increased attribute of destination node on the management tree: when timing arrives the finish time of said effective duration of trust, and this certificate of authority of deletion from the said newly-increased attribute of said destination node.
12. a terminal is characterized in that, comprising:
The management tree Executive Module; Be used for the attribute according to destination node on the clientage information configuration management tree between mandatory administration side and the on commission manager, said clientage information comprises: mandatory administration square mark, on commission manager sign, the information of destination node, on commission authority and trust grade;
The equipment control proxy module is used to receive the operation requests of first manager to said destination node, and whether said first manager of said determined property who is configured according to said destination node has operating right; If, according to said operation requests said destination node is carried out corresponding operation, otherwise, said first manager refused to said destination node executable operations.
13. terminal according to claim 12 is characterized in that, said management tree Executive Module comprises following at least a module at least:
The first management tree Executive Module; Be used under the terminal management Account Administration object of said management tree; Add the trust subtree corresponding to said mandatory administration side and/or corresponding to said on commission manager, with the clientage information configuration between said mandatory administration side and the on commission manager on said trust subtree; And, dispose the ACL attribute of said the above destination node of management tree according to the said clientage information that disposes on the said trust subtree;
The second management tree Executive Module; Be used under the terminal management Account Administration object of said management tree, with the clientage information configuration between said mandatory administration side and the on commission manager in the corresponding expanding node value in said mandatory administration side and/or be configured in the corresponding expanding node value of said on commission manager; And, dispose the ACL attribute of said the above destination node of management tree according to the said clientage information that disposes in the said expanding node value.
14. terminal according to claim 13 is characterized in that,
In the said first management tree Executive Module and the second management tree Executive Module at least one also comprises modified module; Said modified module is used for the information according to destination node described in the said clientage information; On said management tree, find said destination node; According to mandatory administration square mark described in the said clientage information, said on commission manager's sign, said on commission authority and said trust grade, revise the ACL value of said destination node;
Correspondingly,
Said equipment control proxy module also comprises judge module, and said judge module is used for judging according to the current ACL value of said destination node whether said first manager has operating right.
15. terminal according to claim 14 is characterized in that,
Also comprise Executive Module in the said modified module; Said Executive Module is used for entrusting when coming into force the time started and/or entrusting effective duration when said clientage information further comprises; Trust according in the said clientage information comes into force the time started, arrives the ACL value of carrying out the said destination node of said modification when said trust comes into force the time started; According to the effective duration of trust in the said clientage information; After the ACL value of the said destination node of said modification; Further when timing arrives effective duration of said trust, the said ACL value of said destination node is reverted to the ACL value before revising.
16. terminal according to claim 12 is characterized in that,
Said management tree Executive Module also comprises the 3rd management tree Executive Module, and said the 3rd management tree Executive Module is used for the certificate of authority that stores the clientage information between said mandatory administration side and the on commission manager is configured in the newly-increased attribute of said the above destination node of management tree;
Correspondingly,
Said equipment control proxy module also comprises the 3rd equipment control proxy module, and said the 3rd equipment control proxy module is used for judging according to the said mandatory administration square mark of the said certificate of authority of said destination node, said on commission manager's sign, said on commission authority and said trust grade whether said first manager has operating right.
17. terminal according to claim 16 is characterized in that,
Said equipment control proxy module also comprises the 4th equipment control proxy module, and said the 4th equipment control proxy module is used for trust according to the said certificate of authority of said destination node time started of coming into force and judges whether said first manager has operating right;
And/or,
Said management tree Executive Module also comprises the 4th management tree Executive Module; Said the 4th management tree Executive Module is used for after the said certificate of authority is configured in the newly-increased attribute of said the above destination node of management tree; When timing arrives the finish time of the effective duration of trust in the certificate of authority, the said certificate of authority of deletion from the newly-increased attribute of said destination node.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010257826.8A CN102377589B (en) | 2010-08-12 | 2010-08-12 | Right management control method and terminal |
| CN201410333745.XA CN104079437B (en) | 2010-08-12 | 2010-08-12 | Realize the method and terminal of rights management control |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010257826.8A CN102377589B (en) | 2010-08-12 | 2010-08-12 | Right management control method and terminal |
Related Child Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410333745.XA Division CN104079437B (en) | 2010-08-12 | 2010-08-12 | Realize the method and terminal of rights management control |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102377589A true CN102377589A (en) | 2012-03-14 |
| CN102377589B CN102377589B (en) | 2014-12-24 |
Family
ID=45795611
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010257826.8A Active CN102377589B (en) | 2010-08-12 | 2010-08-12 | Right management control method and terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102377589B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103870724A (en) * | 2012-12-12 | 2014-06-18 | 财团法人资讯工业策进会 | Main management device, agent management device, electronic device and authorization management method |
| CN104604295A (en) * | 2012-09-07 | 2015-05-06 | Lg电子株式会社 | Method for managing access right of terminal to resource by server in wireless communication system, and device for same |
| CN106302496A (en) * | 2016-08-25 | 2017-01-04 | 深圳前海弘稼科技有限公司 | A kind of cultivation box trustship method and device |
| CN106302492A (en) * | 2016-08-23 | 2017-01-04 | 唐山新质点科技有限公司 | A kind of access control method and system |
| CN112653581A (en) * | 2020-12-16 | 2021-04-13 | 中国联合网络通信集团有限公司 | Terminal management method and management system thereof |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101043752A (en) * | 2007-02-02 | 2007-09-26 | 华为技术有限公司 | Method, mobile terminal and system for voice calling continuity capability management |
| CN101330350A (en) * | 2007-06-21 | 2008-12-24 | 华为技术有限公司 | Method for transmitting data adapting load bandwidth, receive processing method and apparatus |
| CN101505549A (en) * | 2008-02-04 | 2009-08-12 | 华为技术有限公司 | Configuration method and apparatus for terminal equipment |
| CN101582874A (en) * | 2008-05-12 | 2009-11-18 | 华为技术有限公司 | Method for management operation to appearance content, a server and a terminal |
| WO2010015198A1 (en) * | 2008-08-06 | 2010-02-11 | 华为技术有限公司 | Management method, server and system for condition based uri selection |
| CN101677441A (en) * | 2008-09-18 | 2010-03-24 | 深圳华为通信技术有限公司 | Method, device and system of authorization control |
-
2010
- 2010-08-12 CN CN201010257826.8A patent/CN102377589B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101043752A (en) * | 2007-02-02 | 2007-09-26 | 华为技术有限公司 | Method, mobile terminal and system for voice calling continuity capability management |
| CN101330350A (en) * | 2007-06-21 | 2008-12-24 | 华为技术有限公司 | Method for transmitting data adapting load bandwidth, receive processing method and apparatus |
| CN101505549A (en) * | 2008-02-04 | 2009-08-12 | 华为技术有限公司 | Configuration method and apparatus for terminal equipment |
| CN101582874A (en) * | 2008-05-12 | 2009-11-18 | 华为技术有限公司 | Method for management operation to appearance content, a server and a terminal |
| WO2010015198A1 (en) * | 2008-08-06 | 2010-02-11 | 华为技术有限公司 | Management method, server and system for condition based uri selection |
| CN101677441A (en) * | 2008-09-18 | 2010-03-24 | 深圳华为通信技术有限公司 | Method, device and system of authorization control |
Non-Patent Citations (2)
| Title |
|---|
| OPEN MOBILE ALLIANCE: "《OMA Device Management Tree and Description》", 2 June 2006, article "OMA Device Management Tree and Description" * |
| 郝涛: "《西安电子科技大学硕士学位论文》", 1 March 2009, article "OMA设备管理的研究与实现" * |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104604295A (en) * | 2012-09-07 | 2015-05-06 | Lg电子株式会社 | Method for managing access right of terminal to resource by server in wireless communication system, and device for same |
| CN104604295B (en) * | 2012-09-07 | 2018-08-14 | Lg电子株式会社 | For in a wireless communication system by server management of terminal to the method and its equipment of the access rights of resource |
| CN103870724A (en) * | 2012-12-12 | 2014-06-18 | 财团法人资讯工业策进会 | Main management device, agent management device, electronic device and authorization management method |
| CN103870724B (en) * | 2012-12-12 | 2017-03-01 | 财团法人资讯工业策进会 | Main managing device, proxy management device, electronic installation and authorization management method |
| CN106302492A (en) * | 2016-08-23 | 2017-01-04 | 唐山新质点科技有限公司 | A kind of access control method and system |
| CN106302496A (en) * | 2016-08-25 | 2017-01-04 | 深圳前海弘稼科技有限公司 | A kind of cultivation box trustship method and device |
| CN112653581A (en) * | 2020-12-16 | 2021-04-13 | 中国联合网络通信集团有限公司 | Terminal management method and management system thereof |
| CN112653581B (en) * | 2020-12-16 | 2023-03-24 | 中国联合网络通信集团有限公司 | Terminal management method and management system thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102377589B (en) | 2014-12-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102947797B (en) | The online service using directory feature extending transversely accesses and controls | |
| CN102917346B (en) | Security policy management system and method for Android-based application program during operation | |
| CN108370328B (en) | Management method and device of NFV MANO policy descriptor | |
| EP3337219B1 (en) | Carrier configuration processing method, device and system, and computer storage medium | |
| CN111552936B (en) | Cross-system access right control method and system based on scheduling mechanism level | |
| CN109474508B (en) | VPN networking method, VPN networking system, VPN master node equipment and VPN master node medium | |
| CN104079437A (en) | Method and terminal for achieving authority management and control | |
| CN102377589A (en) | Right management control method and terminal | |
| CN109587233A (en) | Cloudy Container Management method, equipment and computer readable storage medium | |
| US20140317704A1 (en) | Method and system for enabling the federation of unrelated applications | |
| KR20140033056A (en) | Automating cloud service reconnections | |
| CN102572832A (en) | Secure sharing method and mobile terminal | |
| CN109195157B (en) | Application management method and device and terminal | |
| WO2014150753A2 (en) | Method and system for restricting the operation of applications to authorized domains | |
| CN109240837A (en) | A kind of construction method of general cloud storage service API | |
| CN101330500B (en) | Control method for accessing authority of equipment management | |
| CN108881460B (en) | Method and device for realizing unified monitoring of cloud platform | |
| CN115599302A (en) | Data writing method, device, equipment and storage medium | |
| CN103778379A (en) | Managing application execution and data access on a device | |
| EP3197183A1 (en) | Method for managing application resources and registered node in m2m | |
| EP3197207A1 (en) | Method for managing application resources and registered node in m2m | |
| CN114691355A (en) | Cloud platform construction method, electronic equipment and computer readable storage medium | |
| CN104506520A (en) | MIPS (Million Instructions Per Second) platform Web access strategy control method | |
| CN104253834A (en) | Method, mobile terminal, and system for controlling mobile application data copying | |
| CN111061723B (en) | Workflow realization method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 518129 Building 2, B District, Bantian HUAWEI base, Longgang District, Shenzhen, Guangdong. Patentee after: Huawei terminal (Shenzhen) Co.,Ltd. Address before: 518129 Building 2, B District, Bantian HUAWEI base, Longgang District, Shenzhen, Guangdong. Patentee before: HUAWEI DEVICE Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20181225 Address after: 523808 Southern Factory Building (Phase I) Project B2 Production Plant-5, New Town Avenue, Songshan Lake High-tech Industrial Development Zone, Dongguan City, Guangdong Province Patentee after: HUAWEI DEVICE Co.,Ltd. Address before: 518129 Building 2, B District, Bantian HUAWEI base, Longgang District, Shenzhen, Guangdong. Patentee before: Huawei terminal (Shenzhen) Co.,Ltd. |