Summary of the invention
Consider the problems referred to above and make the present invention, main purpose of the present invention for this reason be to provide a kind of in equipment control the control method of access rights.
To achieve these goals; According to an aspect of the present invention; The control method of access rights in equipment control is provided; This method may further comprise the steps: increase the terminal management server label in protocol header, for each node of management object all increases node founder label and the first operating right label corresponding with it; Terminal management server sends to the terminal with the node founder label and the first operating right label, and obtains the terminal management server label by the terminal; If node founder label is consistent with the terminal management server label, then the node to corresponding management object carries out right assignment in the operating right that the first operating right label is identified; And have under the situation of access rights the access side, access rights are controlled.
In the method, the access side comprises server and terminal.The control of the access rights of server may further comprise the steps: be each node of management object all increase nodal operation person's label and second operating right label corresponding with it, and with these two tag storage on terminal management server; And terminal management server compares terminal management server label and nodal operation person label, and according to the comparative result control of authority that conducts interviews.If the terminal management server label is consistent with nodal operation person label, then terminal management server will be issued to the terminal in the operational order in the operating right that the second operating right label is identified.If terminal management server label and nodal operation person label are inconsistent, then terminal management server destruction operation order.
In addition; In the method; Control to the access rights of server may further comprise the steps: be each node of management object all increase nodal operation person's label and second operating right label corresponding with it, and with these two tag storage on terminal management server; Terminal management server sends to the terminal with the nodal operation person label and the second operating right label, and obtains the terminal management server label by the terminal; And the terminal compares terminal management server label and nodal operation person label, and according to the comparative result control of authority that conducts interviews.If the terminal management server label is consistent with nodal operation person label, then the operation in the operating right that the second operating right label is identified is carried out at the terminal.If terminal management server label and nodal operation person label are inconsistent, then operation command is refused at the terminal.
In addition, in the method, the terminal management server label is the domain name of terminal management server, and the value of node founder label is one, and the value of nodal operation person label is one or more.And the value of node founder label is the value of founder's label of its superior node.
Therefore; Through above-mentioned aspect of the present invention, can carry out flexible and changeable access rights control, can pass through management object static allocation authority; Also can be through SyncML order dynamic assignment authority; Can support the checking of DM server end and two kinds of mechanism of terminal checking, thereby reliably, safely, simply realize the flexible and changeable access rights of terminal management support, multiple-authentication is provided.
Other features and advantages of the present invention will be set forth in specification subsequently, and, partly from specification, become obvious, perhaps understand through embodiment of the present invention.The object of the invention can be realized through the structure that in the specification of being write, claims and accompanying drawing, is particularly pointed out and obtained with other advantages.
Embodiment
Below in conjunction with accompanying drawing the preferred embodiments of the present invention are described, should be appreciated that preferred embodiment described herein only is used for explanation and explains the present invention, and be not used in qualification the present invention.
The control method of access rights in equipment control is provided in the present embodiment.As shown in Figure 1; Show the flow chart of the control method of access rights in equipment control according to the embodiment of the invention; It may further comprise the steps: step S100; Increase the terminal management server label in protocol header, for each node of management object all increases node founder label and the first operating right label corresponding with it; Step S102, terminal management server sends to the terminal with the node founder label and the first operating right label, and obtains the terminal management server label by the terminal; Step S104, if node founder label is consistent with the terminal management server label, then the node to corresponding management object carries out right assignment in the operating right that the first operating right label is identified; And step S106, have the access side under the situation of access rights, access rights are controlled.
In the method, the access side comprises server and terminal.The control of the access rights of server may further comprise the steps: be each node of management object all increase nodal operation person's label and second operating right label corresponding with it, and with these two tag storage on terminal management server; And terminal management server compares terminal management server label and nodal operation person label, and according to the comparative result control of authority that conducts interviews.If the terminal management server label is consistent with nodal operation person label, then terminal management server will be issued to the terminal in the operational order in the operating right that the second operating right label is identified.If terminal management server label and nodal operation person label are inconsistent, then terminal management server destruction operation order.
In addition; In the method; Control to the access rights of server may further comprise the steps: be each node of management object all increase nodal operation person's label and second operating right label corresponding with it, and with these two tag storage on terminal management server; Terminal management server sends to the terminal with the nodal operation person label and the second operating right label, and obtains the terminal management server label by the terminal; And the terminal compares terminal management server label and nodal operation person label, and according to the comparative result control of authority that conducts interviews.If the terminal management server label is consistent with nodal operation person label, then the operation in the operating right that the second operating right label is identified is carried out at the terminal.If terminal management server label and nodal operation person label are inconsistent, then operation command is refused at the terminal.
In addition, in the method, the terminal management server label is the domain name of terminal management server, and the value of node founder label is one, and the value of nodal operation person label is one or more.And the value of node founder label is the value or the set point of its superior node.
According to still another embodiment of the invention, wherein, (a) protocol header increases label in DM (terminal management) session<serverID></ServerID>(being DM server identification label) is used for the unique identification DM server relevant with this session; (b) be each node increase label of management object<owner></Owner>(being node founder label), sign is created the DM server of this node, corresponding<accessType></AccessType>This DM server of (being the operating right label) tag identifier is to operating right that this node had; (c) be each node increase label of management object<operator></Operator>(be the nodal operation person's label), sign can be operated the DM server of this node, corresponding<accessType></AccessType>This DM server of (being the operating right label) tag identifier is to operating right that this node had.
In addition, the DM session can initiatively be initiated or initiated by the DM server by the terminal.When initiatively initiating by the terminal<serverID></ServerID>Value is a target DM server, when initiating by the DM server then value be self.And<serverID></ServerID>Be traditionally arranged to be the domain name of DM server.In addition, the label of management object node<owner></Owner>Can not occur, this moment, this node was inherited in its father node<owner></Owner>Value, if in father node, still do not occur, should trace back so always.The label of management object node<owner></Owner>If, can only occur so 1 time, represent that this node has only unique founder.Simultaneously, have only the founder of management object node can distribute the operating right of other DM servers, and can only distribute the existing authority of founder self this node.The label of management object node<operator></Operator>Can not occur, this moment, this node did not allow other DM server operations beyond any founder.But, the label of management object node<operator></Operator>Can occur repeatedly, this moment, this node allowed other DM server operations beyond a plurality of founders.The management object node label<operator></Operator>Can value be " Others ", sign this moment all DM servers except that the node founder.In addition, the management object nodal information is kept on DM server and the terminal simultaneously, thereby can all conduct interviews control of authority at DM server end and terminal.
Through in the management object node, increasing corresponding label, can realize the static allocation authority.For example, when dispatch from the factory in certain terminal, its node PxAddr can comprise following label:
<Owner>www.dm.com</Owner>
<AccessType>
<Add/>
<Get/>
</AccessType>
Through increasing these labels, can obtain following information: the founder of node PxAddr is DM server " www.dm.com ", and it can increase (Add) operation, inquiry (Get) operation on this node.
After static rights had assigned, management object node founder can also be through SyncML order dynamic assignment operating right.
Management object node founder batch operation authority
Precondition:
1.DM server is created node PxAddr;
2.DM server issues following content through the Add order:
<Operator>www.dml.com</Operator>
<AccessType>Replace</AccessType>
Fig. 2 shows the flow chart that distributes the operating right of this node according to the management object node founder of the embodiment of the invention, and after receiving this order, the terminal execution in step is as shown in Figure 2:
Step S200 obtains from the SyncML protocol header<serverID></ServerID>Value;
Step S202 judges whether the founder into this node.If not the founder, carry out failure so.If the founder continues to carry out subsequent step so;
Step S204, whether the authority that judgement will distribute belongs to the founder.If do not belong to the founder, return so and carry out failure.If belong to the founder, continue to carry out subsequent step so;
Step S206, fill order is redistributed the operating right of node.The operating right of PxAddr node is made following change: give DM server " www.dml.com " and revise (Replace) authority;
Run succeeded the return command execution result.
After management object nodal operation right assignment was accomplished, all DM servers all need carry out operating right and judge when issuing operational order.
The server end access rights are controlled
Precondition:
1.DM preserve the management object nodal information at terminal on the server;
2. management object node visit authority is distributed;
Fig. 3 shows the flow chart according to the server end access rights control of the embodiment of the invention.As shown in Figure 3, it may further comprise the steps:
Step S300, the DM server issues operational order, triggers access rights control;
Step S302 according to the management node access authority information of having preserved, judges whether this DM server has the authority of carrying out this operational order;
Step S304 if this DM server does not have corresponding authority, cancels this operational order so, can not be issued to the terminal; If this DM server has corresponding authority, operational order will be issued to the terminal so.
After management object nodal operation right assignment was accomplished, all terminals all need be carried out operating right and judge when being received the operational order that the DM server issues.
To the terminal access control of authority
Precondition:
1. preserve the management object nodal information on the terminal;
2. management object node visit authority is distributed.
Fig. 4 shows the flow chart according to the terminal access control of authority of the embodiment of the invention.As shown in Figure 4, it may further comprise the steps:
Step S400, the operation requests that the DM server issues is received at the terminal;
Step S402, the terminal obtains the DM server<serverID></ServerID>Information, and the operational order that will carry out trigger access rights control;
Step S404 according to the management node authority information of preserving, judges whether the DM server has the authority of carrying out this operational order;
Step S406, if the DM server is not carried out the authority of this operational order, the terminal refusal is carried out this operational order so; If the DM server has the authority of carrying out this operational order, this operational order is carried out at the terminal so.
In sum; By means of technique scheme of the present invention, can carry out flexible and changeable access rights control, can pass through management object static allocation authority; Also can be through SyncML order dynamic assignment authority; Can support the checking of DM server end and two kinds of mechanism of terminal checking, thereby reliably, safely, simply realize the flexible and changeable access rights of terminal management support, multiple-authentication is provided.
The above is merely the preferred embodiments of the present invention, is not limited to the present invention, and for a person skilled in the art, the present invention can have various changes and variation.All within spirit of the present invention and principle, any modification of being done, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.