CN100490387C - Token-based fine granularity access control system and method for application server - Google Patents
Token-based fine granularity access control system and method for application server Download PDFInfo
- Publication number
- CN100490387C CN100490387C CNB2004101034711A CN200410103471A CN100490387C CN 100490387 C CN100490387 C CN 100490387C CN B2004101034711 A CNB2004101034711 A CN B2004101034711A CN 200410103471 A CN200410103471 A CN 200410103471A CN 100490387 C CN100490387 C CN 100490387C
- Authority
- CN
- China
- Prior art keywords
- token
- check result
- access control
- access
- cache table
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
A fine grain access control system based on taken in an applied server includes: a service unit for accessing resource/ability in the applied server, a service agent unit composed of codes securing safety, a system resource/ability unit including various message resources network resources, database resources and other resource/abilities an access control unit orderly connected by an access control detector, a system safety controller and safety strategic management device, a token and data storage unit composed of a buffer storage list for examined result, access limitation token list, a master token list, a token index list and other safety control lists, which finishs the fine grain access control based on tokens.
Description
Technical field
The present invention relates to a kind of fine granularity access control system and its implementation that is used for application server, belong to network communications technology field based on token.
Background technology
Next generation network is a kind of layering, open architecture of adopting, based on packet-switch technology, can the while support voice, the novel UNE of multimedia services such as video, data, text and image.The major technique advantage of next generation network is to adopt open agreement or api interface between each network entity, and the general layout of the telecommunications network sealing that helps breaking traditions realizes the fusion between multiple heterogeneous network.
Application server is a kind of service providing system towards next generation network, and its major function is: service logic execution environment is provided.Service operation is in service execution environment, and service execution environment operates on the computer platform.In the present invention, one of professional expression provides the application program of service for the client, and the client here is the people, or other program.The charge information of booking on the services package purse rope that business can provide, inquiry stock information, inquiry business, set up in many ways multimedia conferencing, positional information of mobile subscriber etc. is provided.
Along with development of internet technology and online increase day by day of using, increasing business and transaction are undertaken by computer network, information security issues such as the thing followed is divulged a secret, hacker show especially day by day to the influence of e-commerce and e-government, and the safety of current information system has become the focus of industry and user's concern.
Information security technology includes: all many-sides such as cryptographic technique, authentication, access control, intrusion detection, risk analysis and assessment.In actual applications, these safe practices are supported mutually and are cooperated, solve information security issue separately in a certain respect.But at present, the emphasis that people pay close attention to is cryptographic technique, authentication, intrusion detection etc., access control technology not due attention.In fact, access control technology is indispensable safety measure in the information safety system, is the important component part in the application server safety precautions, and is all significant to the safety of protection host hardware system and application software system.
Access control technology originates from the seventies, is mainly used in the granted access of shared data on the management mainframe system at that time.Along with the development of computer technology and application and development, particularly network application, the thought of this technology and method are applied to the every field of information system rapidly.In the evolution in 30 years, multiple important access control technology has successively appearred, and its elementary object all is to prevent that the disabled user from entering the illegal use to system resource of system and validated user.For this reason, access control is prerequisite with the authenticating user identification usually, and implements various access control policies on this basis and control and the behavior of standard validated user in system.
Access control system generally includes: main body (subject): the masters of sending visit or accessing operation requirement; Object (object): the data object of program that main body is called or desire access; Secure access strategy: the set of rule of decision principal access object.
At present, widely accepted main flow access control technology mainly contains autonomous access control, force access control and based on three kinds of role's access control, introduce it below respectively.
Autonomous access control (DAC, Discretionary Access Control) basic thought is: the access rights to object that the main body in the system can independently have it are authorized other main body whole or in part.Its implementation generally is to set up system's access control matrix.Traditional autonomous access control safety protective capability is limited.Although DAC has been achieved (for example UNIX) in many systems, yet the deadly defect of DAC is: the access right of authorizing can transmit.To be difficult to control in case access right passes, the management of access right is difficulty quite, can bring serious safety problem; And, no matter use the DAC of any form, the overhead that is brought all be quite expensive, be difficult to payment, moreover efficient is quite inferior, is difficult to satisfy the needs of large-scale application, particularly network application.
Force access control (MAC, Mandatory Access Control) to come from the requirement of information confidentiality and prevent the attack of Trojan Horse and so on, MAC stops direct or indirect illegal invasion by the limited-access that can't avoid.Master/object in the system is all by safety officer (SO, Security Officer) is forced to distribute a fixing security attribute, this security attribute determines whether a main body can visit certain object, and user or consumer process can not change the security attribute of self or other master/object.Force each main body in the access control system all to be awarded a safety certificate, each object then is designated as certain responsive rank.Two crucial rules of access control are: upwards do not read and do not write downwards, promptly information flow can only flow to high safe level from low level security, and the behavior of the acyclic information flow of any violation all is forbidden.
Originally MAC is mainly used in the application of the military, and often is used in combination with DAC, after main body has only the inspection of having passed through DAC and MAC, could visit certain object.Because MAC applied stricter access control to object, thereby can prevent that the program of Trojan Horse and so on from stealing shielded information, MAC also has the prevention ability to the possibility of user's accidental release confidential information simultaneously.But, if user's malice leakage information, still might be powerless; And, because MAC has increased the restrict access that can not avoid, influence the flexibility of system, especially to fine-grained access control, MAC can not meet the demands.On the other hand, though MAC as a kind of multistage access control system, has strengthened the confidentiality of information, can not implement integrity control; Because network information more needs integrality, has influenced the online application of MAC.
Along with developing rapidly of network, the especially rise of Intranet, to the quality proposition requirements at the higher level of access control service, above-mentioned two kinds of access control technologies are difficult to satisfy these requirements.DAC will give or call off a visit a part of right of authority is left individual subscriber for, makes that the keeper is difficult to determine which resource is the access rights that the user has can visit, and is unfavorable for realizing unified global access control.And that MAC too lays particular stress on is secret, considers not enough to other aspects such as manageability of system's continuous operation ability, mandate.Therefore, a kind of access control based on the role (RBAC, Role-Based Access Control) technology appearred after the nineties.
In RBAC, introduced role's key concept.So-called " role " is the set of or a group user executable operation in tissue.The basic thought of RBAC is: license to user's access rights, the role who is taken in a tissue by the user determines usually.For example, the role that comprises of bank has cashier, accountant and loan teller etc.Because their function is different, the access rights that had obviously also have nothing in common with each other.The role that RBAC serves as in tissue according to the user conducts interviews and authorizes control.That is to say that traditional access control directly will be visited subject and object and be interrelated, and RBAC has added the role in the centre, link up subject and object by the role.In RBAC, though user ID is very useful for authentication and record of the audit, what really determine access rights is the role identification of this user's correspondence.RBAC carries out unified management to the mandate of access rights by the keeper, and, authorize regulation to impose on the user, the user can only passively accept, and can not independently determine.The user can not independently pass to other people with access rights.This is a kind of non-from the principal mode access control.At present, though RBAC in some system, begin to be applied,, RBAC still is in developing stage, occurs ripe product as yet, how to use to remain a suitable complicated problems.
Summary of the invention
In view of this, the purpose of this invention is to provide a kind of fine granularity access control system based on token that is used for application server, this system can be rationally, efficiently visit is controlled, and improves the fail safe of application server.
Another object of the present invention provides a kind of access control method that is used for application server, and this method not only can control effectively to various accessing operations, improves security of system; And high efficiency when system is carried out safeguard protection, reduces its influence to system's normal process operation as far as possible.
In order to achieve the above object, the invention provides a kind of fine granularity access control system based on token that is used for application server, this system includes:
Business unit, by provide the application program of service to form for the client, this business unit needs resource and/or the ability in the access application server;
The resource/capability unit is by comprising that at least various file resources, Internet resources, database resource form with other resource and/or ability; It is characterized in that: this system also includes:
The service agent unit is made up of the code that guarantees safety, communicates with access control unit with business unit, resource/capability unit respectively to be connected, and is used for agent service access resources/ability unit;
Access control unit is made up of the access control detector that is linked in sequence, system security controls device and secure policy manager, is used for carrying out when the principal access object fine granularity access control based on token; When wherein the access control detector receives the access request of service agent, in the check result cache table, retrieve the access control check result of this access request earlier; If in the check result cache table, retrieve the check result record corresponding, then the check result record that retrieves is directly returned to service agent with this request; If in the check result cache table, do not retrieve the check result record corresponding with this access request, then access request is sent to the system security controls device, verify by the system security controls device whether this main body has the token of carrying out this object operation and provide the checking result, and will verify that the result returns to service agent and this check result is updated in the check result cache table; Secure policy manager is used for the safe access control strategy of executive system, and regularly removes the check result cache table;
The token and the data storage cell of control visit, include: the access control result's of buffer memory native system check result cache table, preserve the access rights token table of the pairing token of different rights of each object of visit, preserve the main body token table of the token list that main body had, the token concordance list of the main body identification list of token is held in preservation, and other security control tables that comprise the system safety policy definition at least, check result cache table three parts in the connected reference control unit simultaneously wherein, access rights token table, main body token table, token concordance list and other security control tables all only with access control unit in system security controls device and secure policy manager constitute and communicate to connect, be used to cooperate access control unit to finish fine granularity access control based on token.
The token of described control visit and the describing mode of token in the data storage cell and data comprise the data structure or the database list of extending mark language XML or the design of other high level language; The file layout of described token and data comprises internal memory or file or database; Storage mode is centralized and/or distributed.
Described token is the necessary voucher of principal access object, promptly has only when main body possesses specific object is carried out the required token of specific access, and visit can be successful; Otherwise this visit meeting is refused by system; The distribution of described token, preservation and inspection are all managed by systematic unity.
Described token form comprises token sign and system's certificate two parts, and wherein the token sign is a systematic unity character string that distribute, that be used for this token of unique identification; System's certificate is the safety certificate of system's signature, and this certificate format adopts X.509 standard, or can be by other form of sharing based on the software of PKI; X.509, described is the public key infrastructure standard (PKI, public keyinfrastructure) of the form and the relevant verification algorithm of regulation public key certificate, and the system signature in the certificate is generated by this system's special algorithm.
Described fine granularity is the granularity performance of access control, and be embodied in main, two aspects of object: the access control token of this system is to provide respectively according to each authority of each object, to realize the fine granularity control of object visit; This system can be accurate to the method level of object from the service level refinement for the control of main body, the fine granularity control of realization body visit.
Described system security controls device is the core controller of this system's access control, the secure access legitimacy that is used to provide final check and verify function, and comprise at least according to access control check result, the maintenance of upgrading other security performance of check result cache table and management system critical data and carry out function;
Described secure policy manager is used for the safe access control strategy of executive system, and regularly removes the check result cache table; Described safe access control strategy is disposed and is stored in other security control table by system dynamics.
Another object of the present invention is achieved in that a kind of fine-grained access control method based on token that is used for application server, it is characterized in that: comprise following operating procedure:
A, when business loads, the negotiation of application server and the professional control ability that conducts interviews, and according to negotiation result, create new token list for all authorities that this negotiation relates to is called the token generating algorithm and is created new token; According to negotiation result and new token list, this professional main body token table and system's token are carried out initialization then, described main body token table record the token that has of all main bodys that should business; Again according to negotiation result and token list, upgrade access rights token table, described rights token table record to the object needed token that conducts interviews;
B, when Operational Visit system resource and/or ability, professional at first the request of access resources and/or ability is sent to service agent, service agent sends to access request the access control detector again, verifies the legitimacy of this request; The access control detector is retrieved the check result cache table earlier, if retrieve the check result record corresponding with this access request, just this check result is returned to service agent, check once more otherwise this access request is sent to the system security controls device; The system security controls device is checked access rights token table earlier, and this accessing operation is carried out in inquiry needs for which kind of token; The system security controls device is checked main body token table then, checks whether the main body of this access request has the required token of this accessing operation of execution; If have this token, then check result is for allowing visit, if do not have this token, then check result is a denied access, the system security controls device is updated to check result in the check result cache table then, and will verify that the result returns to the access control detector, the access control detector returns to service agent with this result again; If check result is for allowing visit, then service agent is carried out this accessing operation, and execution result is returned to business; If check result is not for allowing visit, then service agent is refused this access request, and will refuse to respond the business that returns to;
C, after the system security controls device is checked visit or check result cache table when full or the check result cache table check result of preserving when expired or during professional the termination, respectively the check result cache table is upgraded.
The operation of described steps A initialization system token further comprises the steps:
During professional each the renewal, repeat the operations of described steps A, this business system associated token is upgraded according to the business after upgrading; Or
During professional the termination, the renewal of system security controls device is also removed the record relevant with this business in check result cache table, access rights token table, main body token table, token concordance list and other security control table.
The token generating algorithm comprises the following steps: described in the described steps A
A1, existing token adopt former token sign, and the new token of creating adopts and can guarantee that the algorithm that the sign of being distributed has a uniqueness distributes the token sign automatically;
A2, create the token summary information, this token summary information is made up of each character field that all main bodys that tactic token identify, this token is described, had to object sign, authority identify;
A3, the token summary information is carried out hash, and adopt and include but not limited to that md5-challenge MD5 (message-digest algorithm 5) or SHA SHA (Secure Hash Algorithm) carry out computing to the token summary information;
A4, the hash operation result is encrypted, produced system signature with system key;
A5, according to the prescribed form of system's certificate, create system's certificate with system signature and system related information;
A6, according to the token form of system regulation, create token with token sign and system's certificate of generating.
Described step B further comprises the steps: based on the operation that token carries out fine granularity control to visit
B1, professional request with access resources and/or ability send to service agent, so that represent business that resource and/or ability are conducted interviews by service agent;
B2, service agent send to the access control detector with access request, verify the legitimacy of this request;
B3, access control detector are retrieved the check result cache table, take corresponding operating according to result for retrieval again;
If B4 hits in the check result cache table, promptly retrieve the check result record corresponding with this access request, just this check result is returned to service agent, jump to step B6;
If B5 does not hit in the check result cache table, promptly do not find the check result record corresponding with this access request, just this access request is sent to the system security controls device and check once more, and its check result is returned to service agent through the access control detector by the system security controls device;
B6, service agent are carried out corresponding operating according to check result: if check result is for allowing visit, then service agent is carried out this accessing operation, and execution result is returned to business; If check result is not for allowing visit, then service agent is refused this access request, and will refuse to respond the business that returns to.
The operation that the system security controls device is checked once more to access request among the described step B5 further comprises the steps:
B51, system security controls device are checked access rights token table, and this accessing operation is carried out in inquiry needs for which kind of token;
B52, system security controls device are checked main body token table, check whether the main body of this access request has the required token of this accessing operation of execution that step B51 retrieves out, take the corresponding subsequent operation according to result for retrieval again;
If B53 has this token, it is the token coupling, then check result is for allowing visit, the system security controls device will allow the check result of visit to be updated in the check result cache table, and the message that is proved to be successful returned to the access control detector, the access control detector returns to service agent with this result again;
If B54 does not have this token, promptly token does not match, and then check result is a denied access, and the system security controls device is updated to the check result of denied access in the check result cache table; And the message of authentication failed returned to the access control detector, the access control detector returns to service agent with this result again.
The operation that described step C upgrades the check result cache table further comprises the steps:
The result that C1, system security controls device will be checked at every turn is updated in the check result cache table, and stamps the current time and stab;
C2, when the content of check result cache table storage is full, by the check result record of secure policy manager according to buffer memory in the system safety strategy deletion check result cache table;
C3, secure policy manager are regularly removed the expired check result record of buffer memory in the check result cache table according to the system security management strategy;
C4, when a business is terminated, the system security controls device is with all check result full scale clearances relevant with this business in the check result cache table.
Advantage of the present invention and effect are:
(1) in the access control system of application server, is provided with the service agent that is used to represent Operational Visit resource and/or ability.In application server, business can be write by the third party, and service agent then is that application server self provides.By the introducing of service agent, to resource conduct interviews control and actual resource access operations all be by guarantee safety entity---service agent is finished, improved the fail safe of system.
(2) also be provided with in the access control system of application server and independently finish access control detector and the system security controls device of access request being examined inspection respectively, service agent only need be operated according to the check result that the access control detector returns.Therefore, realize the safety inspection of access request and separating of accessing operation itself, improved the fail safe and the maintainability of system.
(3) system of the present invention is provided with the check result cache table that is used to preserve the access control check result, and, inquire about the simple to operate, efficient of this check result cache table, improved the judging efficiency of this access control system greatly.This system also is provided with the secure policy manager that is used for the executive system dynamic-configuration, and the dynamic configurability of security strategy, the flexibility that has improved system.
(4) the present invention adopts the method for visit being carried out fine granularity control based on token.The introducing of token has at first been satisfied the requirement of control visit, the fail safe that has improved system; Secondly, token can significantly reduce the space requirement of this access control system itself.
What (5) the present invention adopted carries out the timing update mechanism to the check result cache table, has realized dynamically upgrading in time of check result cache table, has improved the hit rate of check result cache table, and then improves the speed of secure access search operaqtion; Can also guarantee the true and reliable property of data in the check result cache table, guarantee the safety of system.
Description of drawings
Fig. 1 is that the structure of access control system of the present invention is formed schematic diagram.
Fig. 2 is a token form schematic diagram of the present invention.
Fig. 3 is an access control method operating process block diagram of the present invention.
Fig. 4 is a token generating algorithm flow diagram of the present invention.
Fig. 5 of the present inventionly carries out fine granularity control method operating process block diagram based on token to visit.
Fig. 6 is that the system security controls device among the present invention is checked access request, and check result is returned to the operating process block diagram of access control detector.
Fig. 7 the present invention is based on token interacting message figure in the fine granularity control procedure is carried out in visit.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, the present invention is described in further detail below in conjunction with accompanying drawing.
The present invention is a kind of fine granularity access control system and its implementation based on token that is used for application server.This access control system and method must satisfy in the next generation network application server for the following requirement of access control: at first, application server is that the business in the next generation network is carried out platform, access control system must application server in the visit each time of any main object can both control effectively, thereby the fail safe of the system of assurance; And, wish that application server can provide fine-grained access control ability.In addition, application server will provide from enterprise-level to the carrier-class service to the user, therefore, require the operations of the control visit of this access control system that higher operating efficiency must be arranged, so that reduce the efficient of the every business of system's normal process and meet consumers' demand as far as possible.At last, this access control system must be guaranteed safety and the reliable operation of self.
Referring to Fig. 1, the present invention is a kind of fine granularity access control system based on token that is used for application server, and this system includes:
By the business unit 101 that the application program that service is provided for the client is formed, this business unit 101 needs resource and/or the ability in the access application server;
By the system resource/ability unit 130 that comprises that at least various file resources, Internet resources, database resource and other resource and/or ability are formed;
By the access control unit 110 that the access control detector that is linked in sequence, system security controls device and secure policy manager are formed, be used for when the principal access object, carrying out fine granularity access control based on token;
The token concordance list of holding the main body identification list of token by the access control result of buffer memory native system, check result cache table, the access rights token table of preserving the pairing token of different rights of each object of visit, the main body token table of preserving the token list that main body was had, preservation to improve access control efficient, and the token and the data storage cell 120 of the control visit formed of other security control tables that comprise the system safety policy definition at least, be used to cooperate access control unit to finish fine granularity access control based on token; Check result cache table three parts in the connected reference control unit simultaneously wherein, access rights token table, main body token table, token concordance list and other security control tables all only with access control unit in system security controls device and secure policy manager constitute and communicate to connect.The token in this token and the data storage cell 120 and the describing mode of data include but not limited to the data structure or the database list of extending mark language XML or the design of other high level language; The file layout of token and data comprises internal memory or file or database at least; Storage mode is centralized and/or distributed.
Be used to receive and check the access control detector of the access request of service agent, at first check the legitimacy of this access request: if in the check result cache table, retrieve the check result record corresponding with this access request according to the check result cache table, then this check result record shows whether this time visit is legal, and the check result record that retrieves is directly returned to service agent; If in the check result cache table, do not retrieve the check result record corresponding, then access request is transmitted to the system security controls device and proceeds to check, and the checking result of system security controls device is returned to service agent with this access request; Simultaneously this check result is updated in the check result cache table.
Can provide the final inspection result of secure access legitimacy as the system security controls device of system's access control core, and safeguard other safety function of executive system; That is to say, when the access control detector is retrieved less than the pairing check result of this access request record from the check result cache table, will come this time of final decision visit whether legal by the system security controls device; The system security controls device can also be according to the access control check result check result cache table that upgrades in time, and the management system critical data etc.
Secure policy manager is used for the safe access control strategy that executive system is kept at other security control table and dynamically disposes, and regularly removes check result cache table etc.
The present invention is based on the access control system of token, so-called token is the main object necessary a kind of voucher that conducts interviews, and main body only possesses carries out the required token of specific access to specific object, and visit can be successful, otherwise this visit meeting is refused by system.
Referring to Fig. 2, the form of token of the present invention is specific: be made up of token sign (Token ID) and system's certificate two parts.Wherein the token sign is a systematic unity character string that distribute, that be used for this token of unique identification; System's certificate is the safety certificate (Certificate) of system signature, employing can by other based on the software of PKI share X.509 or other certificate format, the system signature in the certificate is generated by this system's special algorithm.
Fine-grained access control characteristic of the present invention is mainly reflected in two aspects: the first, and the access control token of this system is to provide respectively by each authority of each object, has realized the fine granularity control of object visit; The second, this system can be accurate to the method level of object from the service level refinement for the control of main body, has realized the fine granularity control of principal access.
Referring to Fig. 3, the fine-grained access control method based on token that the present invention is used for application server comprises three operating procedures:
A, load or upgrade or when stopping, earlier system's token is carried out initialization in business;
B, in the process of Operational Visit system resource and/or ability, based on token safety inspection control is carried out in visit;
C, after the system security controls device is checked visit or check result cache table when full or the check result cache table check result of preserving when expired or during professional the termination, respectively the check result cache table is upgraded.
Specifically describe this three steps below in conjunction with accompanying drawing.
Wherein the operation of steps A initialization system token further comprises the steps:
The negotiation of A1, application server and the professional control ability that conducts interviews;
A2, according to negotiation result, create new token list for all authorities that this negotiation relates to, call the token generating algorithm and create new token; Referring to Fig. 4, specify the operating procedure of token generating algorithm:
(A21) existing token adopts former token sign, and the new token system of creating adopts the algorithm that can guarantee the sign uniqueness of being distributed to distribute the token sign automatically;
(A22) create the token summary information, this token summary information is made up of each character field that all main bodys that tactic token identify, this token is described, had to object sign, authority identify;
(A23) the token summary information is carried out hash, system adopts MD5 or SHA or other hashing algorithm that the token summary information is carried out computing;
(A24) with system key the hash operation result is encrypted, produced system signature;
(A25) according to the prescribed form of system's certificate, create system's certificate with system signature and system related information;
(A26) according to the token form of system's regulation, create token with system's certificate of token sign and generation.
A3, according to the new token list of negotiation result and generation, this professional main body token table is carried out initialization, described main body token table record the token that has of all main bodys that should business;
A4, according to the token list of negotiation result and generation, in the token concordance list, insert or upgrade the token index data, so that the main body identification record that will hold each token is in the record of each token correspondence; And find the corresponding main body token table of this sign according to the main body that writes down in token concordance list sign, renewal has had the main body token table of the business of this token then;
A5, according to the token list of negotiation result and generation, upgrade access rights token table, this rights token table record to the object needed token that conducts interviews;
When A6, professional each the renewal, repeat the operation of above-mentioned steps A1~A5, this business system associated token is upgraded according to the business after upgrading;
When A7, the professional termination, the renewal of system security controls device is also removed the record relevant with this business in check result cache table, access rights token table, main body token table, token concordance list and other security control table.
Referring to Fig. 5, specify step B carries out fine granularity control to visit based on token operating procedure:
B1, professional request with access resources and/or ability send to service agent, so that represent business that resource and/or ability are conducted interviews by service agent;
B2, service agent send to the access control detector with access request, to verify the legitimacy of this request;
B3, access control detector are retrieved the check result cache table, take corresponding operating according to result for retrieval again;
If B4 hits in the check result cache table, promptly retrieve the check result record corresponding with this access request, just this check result is returned to service agent, jump to step B6;
If B5 does not hit in the check result cache table, promptly do not find the check result record corresponding with this access request, just this access request is sent to the system security controls device and check once more, and its check result is returned to service agent through the access control detector by the system security controls device;
B6, service agent are carried out corresponding operating according to check result: if check result is for allowing visit, then service agent is carried out this accessing operation, and execution result is returned to business; If check result is not for allowing visit, then service agent is refused this access request, and will refuse to respond the business that returns to.
Referring to Fig. 6, specify the operation that the system security controls device is checked once more to access request among the above-mentioned steps B5:
(B51) the system security controls device is checked access rights token table, and this accessing operation is carried out in inquiry needs for which kind of token;
(B52) the system security controls device is checked main body token table, checks whether the main body of this access request has the required token of this accessing operation of execution that step B51 retrieves out, takes corresponding operating according to result for retrieval again;
(B53) if having this token, it is the token coupling, then check result is for allowing visit, the system security controls device will allow the check result of visit to be updated in the check result cache table, and the message that is proved to be successful returned to the access control detector, the access control detector returns to service agent with this result again;
(B54) if do not have this token, promptly token does not match, and then check result is a denied access, and the system security controls device is updated to the check result of denied access in the check result cache table; And the message of authentication failed returned to the access control detector, the access control detector returns to service agent with this result again.
Fig. 7 adopts the form of interacting message figure that system of the present invention is illustrated based on the processing procedure of the fine granularity access control of token, and the implication of each step is consistent with Fig. 5 and Fig. 6 among the figure, repeats no more.
The operation that step C of the present invention upgrades the check result cache table comprises the steps:
The result that C1, system security controls device will be checked at every turn is updated in the check result cache table, and stamps the current time and stab;
C2, when the content of check result cache table storage is full, by the check result record of secure policy manager according to buffer memory in the system safety strategy deletion check result cache table;
C3, secure policy manager are regularly removed the expired check result record of buffer memory in the check result cache table according to the system security management strategy;
C4, when a business is terminated, the system security controls device is with all check result full scale clearances relevant with this business in the check result cache table.
Claims (12)
1, a kind of fine granularity access control system based on token that is used for application server includes:
Business unit, by provide the application program of service to form for the client, this business unit needs resource and/or the ability in the access application server;
The resource/capability unit is by comprising that at least various file resources, Internet resources, database resource form with other resource and/or ability; It is characterized in that: this system also includes:
The service agent unit is made up of the code that guarantees safety, communicates with access control unit with business unit, resource/capability unit respectively to be connected, and is used for agent service access resources/ability unit;
Access control unit is made up of the access control detector that is linked in sequence, system security controls device and secure policy manager, is used for carrying out when the principal access object fine granularity access control based on token; When wherein the access control detector receives the access request of service agent, in the check result cache table, retrieve the access control check result of this access request earlier; If in the check result cache table, retrieve the check result record corresponding, then the check result record that retrieves is directly returned to service agent with this request; If in the check result cache table, do not retrieve the check result record corresponding with this access request, then access request is sent to the system security controls device, verify by the system security controls device whether this main body has the token of carrying out this object operation and provide the checking result, and will verify that the result returns to service agent and this check result is updated in the check result cache table; Secure policy manager is used for the safe access control strategy of executive system, and regularly removes the check result cache table;
The token and the data storage cell of control visit, include: the access control result's of buffer memory native system check result cache table, preserve the access rights token table of the pairing token of different rights of each object of visit, preserve the main body token table of the token list that main body had, the token concordance list of the main body identification list of token is held in preservation, and other security control tables that comprise the system safety policy definition at least, check result cache table three parts in the connected reference control unit simultaneously wherein, access rights token table, main body token table, token concordance list and other security control tables all only with access control unit in system security controls device and secure policy manager constitute and communicate to connect, be used to cooperate access control unit to finish fine granularity access control based on token.
2, access control system according to claim 1 is characterized in that: the token of described control visit and the describing mode of token in the data storage cell and data comprise the data structure or the database list of extending mark language XML or the design of other high level language; The file layout of described token and data comprises internal memory or file or database; Storage mode is centralized and/or distributed.
3, access control system according to claim 1 and 2 is characterized in that: described token is the necessary voucher of principal access object, promptly has only when main body possesses specific object is carried out the required token of specific access, and visit can be successful; Otherwise this visit meeting is refused by system; The distribution of described token, preservation and inspection are all managed by systematic unity.
4, access control system according to claim 1 and 2 is characterized in that: described token form comprises token sign and system's certificate two parts, and wherein the token sign is a systematic unity character string that distribute, that be used for this token of unique identification; System's certificate is the safety certificate of system's signature, and this certificate format adopts X.509 standard, or can be by other form of sharing based on the software of PKI; X.509, described is the PKI system foundation structure standard of the form and the relevant verification algorithm of regulation public key certificate, and the system signature in the certificate is generated by this system's special algorithm.
5, access control system according to claim 1, it is characterized in that: described fine granularity is the granularity performance of access control, be embodied in main, two aspects of object: the access control token of this system is to provide respectively according to each authority of each object, to realize the fine granularity control of object visit; This system can be accurate to the method level of object from the service level refinement for the control of main body, the fine granularity control of realization body visit.
6, access control system according to claim 1, it is characterized in that: described system security controls device is the core controller of this system's access control, the secure access legitimacy that is used to provide final check and verify function, and comprise at least according to access control check result, the maintenance of upgrading other security performance of check result cache table and management system critical data and carry out function;
Described secure policy manager is used for the safe access control strategy of executive system, and regularly removes the check result cache table; Described safe access control strategy is disposed and is stored in other security control table by system dynamics.
7, a kind of fine-grained access control method based on token that is used for application server is characterized in that: comprise following operating procedure:
A, when business loads, the negotiation of application server and the professional control ability that conducts interviews, and according to negotiation result, create new token list for all authorities that this negotiation relates to is called the token generating algorithm and is created new token; According to negotiation result and new token list, this professional main body token table and system's token are carried out initialization then, described main body token table record the token that has of all main bodys that should business; Again according to negotiation result and token list, upgrade access rights token table, described rights token table record to the object needed token that conducts interviews;
B, when Operational Visit system resource and/or ability, professional at first the request of access resources and/or ability is sent to service agent, service agent sends to access request the access control detector again, verifies the legitimacy of this request; The access control detector is retrieved the check result cache table earlier, if retrieve the check result record corresponding with this access request, just this check result is returned to service agent, check once more otherwise this access request is sent to the system security controls device; The system security controls device is checked access rights token table earlier, and this accessing operation is carried out in inquiry needs for which kind of token; The system security controls device is checked main body token table then, checks whether the main body of this access request has the required token of this accessing operation of execution; If have this token, then check result is for allowing visit, if do not have this token, then check result is a denied access, the system security controls device is updated to check result in the check result cache table then, and will verify that the result returns to the access control detector, the access control detector returns to service agent with this result again; If check result is for allowing visit, then service agent is carried out this accessing operation, and execution result is returned to business; If check result is not for allowing visit, then service agent is refused this access request, and will refuse to respond the business that returns to;
C, after the system security controls device is checked visit or check result cache table when full or the check result cache table check result of preserving when expired or during professional the termination, respectively the check result cache table is upgraded.
8, access control method according to claim 7 is characterized in that: the operation of described steps A initialization system token further comprises the steps:
During professional each the renewal, repeat the operations of described steps A, this business system associated token is upgraded according to the business after upgrading; Or
During professional the termination, the renewal of system security controls device is also removed the record relevant with this business in check result cache table, access rights token table, main body token table, token concordance list and other security control table.
9, access control method according to claim 7 is characterized in that: the token generating algorithm comprises the following steps: described in the described steps A
A1, existing token adopt former token sign, and the new token of creating adopts and can guarantee that the algorithm that the sign of being distributed has a uniqueness distributes the token sign automatically;
A2, create the token summary information, this token summary information is made up of each character field that all main bodys that tactic token identify, this token is described, had to object sign, authority identify;
A3, the token summary information is carried out hash, and adopt and include but not limited to that md5-challenge MD5 or SHA SHA carry out computing to the token summary information;
A4, the hash operation result is encrypted, produced system signature with system key;
A5, according to the prescribed form of system's certificate, create system's certificate with system signature and system related information;
A6, according to the token form of system regulation, create token with token sign and system's certificate of generating.
10, access control method according to claim 7 is characterized in that: described step B further comprises the steps: based on the operation that token carries out fine granularity control to visit
B1, professional request with access resources and/or ability send to service agent, so that represent business that resource and/or ability are conducted interviews by service agent;
B2, service agent send to the access control detector with access request, verify the legitimacy of this request;
B3, access control detector are retrieved the check result cache table, take corresponding operating according to result for retrieval again;
If B4 hits in the check result cache table, promptly retrieve the check result record corresponding with this access request, just this check result is returned to service agent, jump to step B6;
If B5 does not hit in the check result cache table, promptly do not find the check result record corresponding with this access request, just this access request is sent to the system security controls device and check once more, and its check result is returned to service agent through the access control detector by the system security controls device;
B6, service agent are carried out corresponding operating according to check result: if check result is for allowing visit, then service agent is carried out this accessing operation, and execution result is returned to business; If check result is not for allowing visit, then service agent is refused this access request, and will refuse to respond the business that returns to.
11, access control method according to claim 10 is characterized in that: the operation that the system security controls device is checked once more to access request among the described step B5 further comprises the steps:
B51, system security controls device are checked access rights token table, and this accessing operation is carried out in inquiry needs for which kind of token;
B52, system security controls device are checked main body token table, check whether the main body of this access request has the required token of this accessing operation of execution that step B51 retrieves out, take the corresponding subsequent operation according to result for retrieval again;
If B53 has this token, it is the token coupling, then check result is for allowing visit, the system security controls device will allow the check result of visit to be updated in the check result cache table, and the message that is proved to be successful returned to the access control detector, the access control detector returns to service agent with this result again;
If B54 does not have this token, promptly token does not match, and then check result is a denied access, and the system security controls device is updated to the check result of denied access in the check result cache table; And the message of authentication failed returned to the access control detector, the access control detector returns to service agent with this result again.
12, access control method according to claim 7 is characterized in that: the operation that described step C upgrades the check result cache table further comprises the steps:
The result that C1, system security controls device will be checked at every turn is updated in the check result cache table, and stamps the current time and stab;
C2, when the content of check result cache table storage is full, by the check result record of secure policy manager according to buffer memory in the system safety strategy deletion check result cache table;
C3, secure policy manager are regularly removed the expired check result record of buffer memory in the check result cache table according to the system security management strategy;
C4, when a business is terminated, the system security controls device is with all check result full scale clearances relevant with this business in the check result cache table.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004101034711A CN100490387C (en) | 2004-12-28 | 2004-12-28 | Token-based fine granularity access control system and method for application server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004101034711A CN100490387C (en) | 2004-12-28 | 2004-12-28 | Token-based fine granularity access control system and method for application server |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1633084A CN1633084A (en) | 2005-06-29 |
| CN100490387C true CN100490387C (en) | 2009-05-20 |
Family
ID=34848180
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2004101034711A Expired - Fee Related CN100490387C (en) | 2004-12-28 | 2004-12-28 | Token-based fine granularity access control system and method for application server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100490387C (en) |
Families Citing this family (24)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP5391858B2 (en) * | 2009-06-17 | 2014-01-15 | 富士ゼロックス株式会社 | Program and information processing apparatus |
| US9038168B2 (en) * | 2009-11-20 | 2015-05-19 | Microsoft Technology Licensing, Llc | Controlling resource access based on resource properties |
| CN102387172A (en) * | 2010-08-30 | 2012-03-21 | 国际商业机器公司 | Method and device for providing or obtaining contents of network resources for mobile equipment |
| US9118686B2 (en) | 2011-09-06 | 2015-08-25 | Microsoft Technology Licensing, Llc | Per process networking capabilities |
| US9773102B2 (en) | 2011-09-09 | 2017-09-26 | Microsoft Technology Licensing, Llc | Selective file access for applications |
| US8990561B2 (en) | 2011-09-09 | 2015-03-24 | Microsoft Technology Licensing, Llc | Pervasive package identifiers |
| US9800688B2 (en) | 2011-09-12 | 2017-10-24 | Microsoft Technology Licensing, Llc | Platform-enabled proximity service |
| US9043886B2 (en) * | 2011-09-29 | 2015-05-26 | Oracle International Corporation | Relying party platform/framework for access management infrastructures |
| CN103095482B (en) * | 2011-11-07 | 2015-10-21 | 上海宝信软件股份有限公司 | Program development maintenance system |
| US10356204B2 (en) | 2012-12-13 | 2019-07-16 | Microsoft Technology Licensing, Llc | Application based hardware identifiers |
| CN103078926B (en) * | 2012-12-28 | 2016-03-30 | 华为技术有限公司 | The file access method of distributed memory system and device and system |
| US9858247B2 (en) | 2013-05-20 | 2018-01-02 | Microsoft Technology Licensing, Llc | Runtime resolution of content references |
| AU2015292446B2 (en) * | 2014-07-25 | 2019-07-04 | Ab Initio Technology Llc | Mutable chronologies for accommodation of randomly occurring event delays |
| CN104320427A (en) * | 2014-09-22 | 2015-01-28 | 国家电网公司 | Distributed group communication method for relay protection system multi-agent |
| CN104573553A (en) * | 2014-12-30 | 2015-04-29 | 中国航天科工集团第二研究院七O六所 | Xen-oriented memory sharing security isolation method for virtual machines |
| CN104753953A (en) * | 2015-04-13 | 2015-07-01 | 成都双奥阳科技有限公司 | Access control system |
| CN107315948B (en) * | 2016-04-26 | 2020-09-01 | 阿里巴巴集团控股有限公司 | Data calling method and device |
| CN109408241B (en) * | 2018-10-31 | 2021-05-11 | 百度在线网络技术(北京)有限公司 | Load balancing method, device, equipment and storage medium |
| CN109639674A (en) * | 2018-12-11 | 2019-04-16 | 广州猎萌网络科技有限公司 | A kind of access safety control method |
| CN109451069B (en) * | 2018-12-29 | 2021-01-29 | 江苏鼎峰信息技术有限公司 | Network data file library storage and query method based on distributed storage |
| CN110362535B (en) * | 2019-07-12 | 2022-05-31 | 中国农业银行股份有限公司 | File management method, device and system |
| CN110489996B (en) * | 2019-07-31 | 2021-04-13 | 山东三未信安信息科技有限公司 | Database data security management method and system |
| CN110598445B (en) * | 2019-09-12 | 2022-05-20 | 金蝶蝶金云计算有限公司 | Database access control method, system and related equipment |
| CN113420312B (en) * | 2021-07-08 | 2022-04-26 | 山东浪潮超高清视频产业有限公司 | Method for dynamically controlling API interface access |
-
2004
- 2004-12-28 CN CNB2004101034711A patent/CN100490387C/en not_active Expired - Fee Related
Also Published As
| Publication number | Publication date |
|---|---|
| CN1633084A (en) | 2005-06-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100490387C (en) | Token-based fine granularity access control system and method for application server | |
| US20190294817A1 (en) | Method and system for managing access to personal data by means of a smart contract | |
| US6978366B1 (en) | Secure document management system | |
| US7162633B2 (en) | Method and apparatus for hierarchical assignment of rights to documents and documents having such rights | |
| CN111783075B (en) | Authority management method, device and medium based on secret key and electronic equipment | |
| US11290446B2 (en) | Access to data stored in a cloud | |
| US9769137B2 (en) | Extensible mechanism for securing objects using claims | |
| CN115701301A (en) | Integration of blockchains, administrative group permissions, and access in an enterprise environment | |
| JPH02260060A (en) | Access permission | |
| US8799680B2 (en) | Transactional sealed storage | |
| MXPA06001252A (en) | Flexible licensing architecture in content rights management systems. | |
| CN108055133A (en) | A kind of key secure signing method based on block chain technology | |
| EP3867849B1 (en) | Secure digital wallet processing system | |
| CN109388957B (en) | Block chain-based information transfer method, device, medium and electronic equipment | |
| EP1399796B1 (en) | Method and apparatus for tracking status of resource in a system for managing use of the resources | |
| US9129098B2 (en) | Methods of protecting software programs from unauthorized use | |
| JP7223067B2 (en) | Methods, apparatus, electronics, computer readable storage media and computer programs for processing user requests | |
| WO2024002102A1 (en) | Active administration system for data assets, computing device, and storage medium | |
| CN100574210C (en) | A kind of based on the access control method that shines upon between the off grade role | |
| WO2024002105A1 (en) | Data asset usage control method, client and intermediate service platform | |
| CN116090000A (en) | File security management method, system, device, medium and program product | |
| CN111327618A (en) | Accurate access control method, device and system based on block chain | |
| Delessy et al. | Patterns for access control in distributed systems | |
| CN113901507A (en) | Multi-party resource processing method and privacy computing system | |
| CN114253660A (en) | System and method for authorizing a user data processor to access a container of user data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20090520 Termination date: 20121228 |