CN101330500B - Control method for accessing authority of equipment management - Google Patents
Control method for accessing authority of equipment management Download PDFInfo
- Publication number
- CN101330500B CN101330500B CN2007101127809A CN200710112780A CN101330500B CN 101330500 B CN101330500 B CN 101330500B CN 2007101127809 A CN2007101127809 A CN 2007101127809A CN 200710112780 A CN200710112780 A CN 200710112780A CN 101330500 B CN101330500 B CN 101330500B
- Authority
- CN
- China
- Prior art keywords
- label
- terminal
- management server
- node
- terminal management
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Storage Device Security (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a control method for access authority in device management. The method comprises the following steps: a terminal management server label is added to a protocol head; a node creator label and a first operation authority label corresponding to the node creation label are added for each node of a managed object; a terminal management server sends the node creator label and the first operation authority label to a terminal, and the terminal obtains the terminal management server label; if the node creator label is in accordance with the terminal management server label, authority distribution is performed to the node of the corresponding managed object in the operation authority marked by the first operation authority label; the access authority is controlled under the condition that the access party has the access authority. The flexible access authority control can be performed through the control method, the purpose that the flexible access authority is supported through the terminal management can be realized reliably, securely and simply, and multiple verification can be provided.
Description
Technical field
The present invention relates to field of network communication, relate more specifically to the implementation method of access rights control in a kind of equipment control.
Background technology
Along with being surging forward of the development of modern communications technology, particularly data service, the quantity of portable terminal is more and more, and the data service of being supported also becomes increasingly complex, and needs stronger terminal management ability.Good terminal management can solve complexity and the data service of the data service problems such as dependence to the terminal, better optimize user experience, higher generalization data service.
OMA (Open Mobile Alliance Open Mobile Alliance) International Standards Organization works out DM (Device Management terminal management) standard, thereby provides a kind of more convenient, more effectively, means are come the management maintenance portable terminal more efficiently.Its mode through OTA (Over The Air air download) is carried out relevant parameters configuration, software download renewal and fault restoration etc. to portable terminal, and the important informations such as operating position and the network coverage of mobile terminal service can also be provided simultaneously.The DM standard realizes through the SyncML agreement.
The access control method of MO (Management Object management object) is provided in the current DM standard: each Node (node) among the MO has defined corresponding operating right; Only the operational order in this scope just can be accepted by the terminal, then can be refused by the terminal in this extraneous operational order.Can not have these operating rights but also provide corresponding method to define concrete which DM server in the standard, all have same operating right but give tacit consent to all DM servers.Will have problems like this.For example, DM server 1 has defined the access point that a name is called " ap1 " on certain terminal.Under present mechanism, other any one DM servers all have the complete operation authority to access point " ap1 " like DM server 2,3, can unrestrictedly make amendment, deletion action.In this case, DM server 1 just can't learn whether the configuration of this access point " ap1 " is normal, and other application that use this access point also possibly go wrong.
In addition, the operating right of each node all has cured in the terminal in the management object, and existing standard does not provide the method that on-the-fly modifies the nodal operation authority.In this case,, must recall upgrading to the terminal so, to the user, to operator, all can cause the loss on the time and money to terminal producer if the operating right of certain node of terminal needs to revise.
Summary of the invention
Consider the problems referred to above and make the present invention, main purpose of the present invention for this reason be to provide a kind of in equipment control the control method of access rights.
To achieve these goals; According to an aspect of the present invention; The control method of access rights in equipment control is provided; This method may further comprise the steps: increase the terminal management server label in protocol header, for each node of management object all increases node founder label and the first operating right label corresponding with it; Terminal management server sends to the terminal with the node founder label and the first operating right label, and obtains the terminal management server label by the terminal; If node founder label is consistent with the terminal management server label, then the node to corresponding management object carries out right assignment in the operating right that the first operating right label is identified; And have under the situation of access rights the access side, access rights are controlled.
In the method, the access side comprises server and terminal.The control of the access rights of server may further comprise the steps: be each node of management object all increase nodal operation person's label and second operating right label corresponding with it, and with these two tag storage on terminal management server; And terminal management server compares terminal management server label and nodal operation person label, and according to the comparative result control of authority that conducts interviews.If the terminal management server label is consistent with nodal operation person label, then terminal management server will be issued to the terminal in the operational order in the operating right that the second operating right label is identified.If terminal management server label and nodal operation person label are inconsistent, then terminal management server destruction operation order.
In addition; In the method; Control to the access rights of server may further comprise the steps: be each node of management object all increase nodal operation person's label and second operating right label corresponding with it, and with these two tag storage on terminal management server; Terminal management server sends to the terminal with the nodal operation person label and the second operating right label, and obtains the terminal management server label by the terminal; And the terminal compares terminal management server label and nodal operation person label, and according to the comparative result control of authority that conducts interviews.If the terminal management server label is consistent with nodal operation person label, then the operation in the operating right that the second operating right label is identified is carried out at the terminal.If terminal management server label and nodal operation person label are inconsistent, then operation command is refused at the terminal.
In addition, in the method, the terminal management server label is the domain name of terminal management server, and the value of node founder label is one, and the value of nodal operation person label is one or more.And the value of node founder label is the value of founder's label of its superior node.
Therefore; Through above-mentioned aspect of the present invention, can carry out flexible and changeable access rights control, can pass through management object static allocation authority; Also can be through SyncML order dynamic assignment authority; Can support the checking of DM server end and two kinds of mechanism of terminal checking, thereby reliably, safely, simply realize the flexible and changeable access rights of terminal management support, multiple-authentication is provided.
Other features and advantages of the present invention will be set forth in specification subsequently, and, partly from specification, become obvious, perhaps understand through embodiment of the present invention.The object of the invention can be realized through the structure that in the specification of being write, claims and accompanying drawing, is particularly pointed out and obtained with other advantages.
Description of drawings
Accompanying drawing is used to provide further understanding of the present invention, and constitutes the part of specification, is used to explain the present invention with embodiments of the invention, is not construed as limiting the invention.In the accompanying drawings:
Fig. 1 shows the flow chart of the control method of access rights in equipment control according to the embodiment of the invention;
Fig. 2 shows the flow chart that distributes the operating right of this node according to the management object node founder of the embodiment of the invention;
Fig. 3 shows the flow chart according to the server end access rights control of the embodiment of the invention;
Fig. 4 shows the flow chart according to the terminal access control of authority of the embodiment of the invention.
Embodiment
Below in conjunction with accompanying drawing the preferred embodiments of the present invention are described, should be appreciated that preferred embodiment described herein only is used for explanation and explains the present invention, and be not used in qualification the present invention.
The control method of access rights in equipment control is provided in the present embodiment.As shown in Figure 1; Show the flow chart of the control method of access rights in equipment control according to the embodiment of the invention; It may further comprise the steps: step S100; Increase the terminal management server label in protocol header, for each node of management object all increases node founder label and the first operating right label corresponding with it; Step S102, terminal management server sends to the terminal with the node founder label and the first operating right label, and obtains the terminal management server label by the terminal; Step S104, if node founder label is consistent with the terminal management server label, then the node to corresponding management object carries out right assignment in the operating right that the first operating right label is identified; And step S106, have the access side under the situation of access rights, access rights are controlled.
In the method, the access side comprises server and terminal.The control of the access rights of server may further comprise the steps: be each node of management object all increase nodal operation person's label and second operating right label corresponding with it, and with these two tag storage on terminal management server; And terminal management server compares terminal management server label and nodal operation person label, and according to the comparative result control of authority that conducts interviews.If the terminal management server label is consistent with nodal operation person label, then terminal management server will be issued to the terminal in the operational order in the operating right that the second operating right label is identified.If terminal management server label and nodal operation person label are inconsistent, then terminal management server destruction operation order.
In addition; In the method; Control to the access rights of server may further comprise the steps: be each node of management object all increase nodal operation person's label and second operating right label corresponding with it, and with these two tag storage on terminal management server; Terminal management server sends to the terminal with the nodal operation person label and the second operating right label, and obtains the terminal management server label by the terminal; And the terminal compares terminal management server label and nodal operation person label, and according to the comparative result control of authority that conducts interviews.If the terminal management server label is consistent with nodal operation person label, then the operation in the operating right that the second operating right label is identified is carried out at the terminal.If terminal management server label and nodal operation person label are inconsistent, then operation command is refused at the terminal.
In addition, in the method, the terminal management server label is the domain name of terminal management server, and the value of node founder label is one, and the value of nodal operation person label is one or more.And the value of node founder label is the value or the set point of its superior node.
According to still another embodiment of the invention, wherein, (a) protocol header increases label in DM (terminal management) session<serverID></ServerID>(being DM server identification label) is used for the unique identification DM server relevant with this session; (b) be each node increase label of management object<owner></Owner>(being node founder label), sign is created the DM server of this node, corresponding<accessType></AccessType>This DM server of (being the operating right label) tag identifier is to operating right that this node had; (c) be each node increase label of management object<operator></Operator>(be the nodal operation person's label), sign can be operated the DM server of this node, corresponding<accessType></AccessType>This DM server of (being the operating right label) tag identifier is to operating right that this node had.
In addition, the DM session can initiatively be initiated or initiated by the DM server by the terminal.When initiatively initiating by the terminal<serverID></ServerID>Value is a target DM server, when initiating by the DM server then value be self.And<serverID></ServerID>Be traditionally arranged to be the domain name of DM server.In addition, the label of management object node<owner></Owner>Can not occur, this moment, this node was inherited in its father node<owner></Owner>Value, if in father node, still do not occur, should trace back so always.The label of management object node<owner></Owner>If, can only occur so 1 time, represent that this node has only unique founder.Simultaneously, have only the founder of management object node can distribute the operating right of other DM servers, and can only distribute the existing authority of founder self this node.The label of management object node<operator></Operator>Can not occur, this moment, this node did not allow other DM server operations beyond any founder.But, the label of management object node<operator></Operator>Can occur repeatedly, this moment, this node allowed other DM server operations beyond a plurality of founders.The management object node label<operator></Operator>Can value be " Others ", sign this moment all DM servers except that the node founder.In addition, the management object nodal information is kept on DM server and the terminal simultaneously, thereby can all conduct interviews control of authority at DM server end and terminal.
Through in the management object node, increasing corresponding label, can realize the static allocation authority.For example, when dispatch from the factory in certain terminal, its node PxAddr can comprise following label:
<Owner>www.dm.com</Owner>
<AccessType>
<Add/>
<Get/>
</AccessType>
Through increasing these labels, can obtain following information: the founder of node PxAddr is DM server " www.dm.com ", and it can increase (Add) operation, inquiry (Get) operation on this node.
After static rights had assigned, management object node founder can also be through SyncML order dynamic assignment operating right.
Management object node founder batch operation authority
Precondition:
1.DM server is created node PxAddr;
2.DM server issues following content through the Add order:
<Operator>www.dml.com</Operator>
<AccessType>Replace</AccessType>
Fig. 2 shows the flow chart that distributes the operating right of this node according to the management object node founder of the embodiment of the invention, and after receiving this order, the terminal execution in step is as shown in Figure 2:
Step S200 obtains from the SyncML protocol header<serverID></ServerID>Value;
Step S202 judges whether the founder into this node.If not the founder, carry out failure so.If the founder continues to carry out subsequent step so;
Step S204, whether the authority that judgement will distribute belongs to the founder.If do not belong to the founder, return so and carry out failure.If belong to the founder, continue to carry out subsequent step so;
Step S206, fill order is redistributed the operating right of node.The operating right of PxAddr node is made following change: give DM server " www.dml.com " and revise (Replace) authority;
Run succeeded the return command execution result.
After management object nodal operation right assignment was accomplished, all DM servers all need carry out operating right and judge when issuing operational order.
The server end access rights are controlled
Precondition:
1.DM preserve the management object nodal information at terminal on the server;
2. management object node visit authority is distributed;
Fig. 3 shows the flow chart according to the server end access rights control of the embodiment of the invention.As shown in Figure 3, it may further comprise the steps:
Step S300, the DM server issues operational order, triggers access rights control;
Step S302 according to the management node access authority information of having preserved, judges whether this DM server has the authority of carrying out this operational order;
Step S304 if this DM server does not have corresponding authority, cancels this operational order so, can not be issued to the terminal; If this DM server has corresponding authority, operational order will be issued to the terminal so.
After management object nodal operation right assignment was accomplished, all terminals all need be carried out operating right and judge when being received the operational order that the DM server issues.
To the terminal access control of authority
Precondition:
1. preserve the management object nodal information on the terminal;
2. management object node visit authority is distributed.
Fig. 4 shows the flow chart according to the terminal access control of authority of the embodiment of the invention.As shown in Figure 4, it may further comprise the steps:
Step S400, the operation requests that the DM server issues is received at the terminal;
Step S402, the terminal obtains the DM server<serverID></ServerID>Information, and the operational order that will carry out trigger access rights control;
Step S404 according to the management node authority information of preserving, judges whether the DM server has the authority of carrying out this operational order;
Step S406, if the DM server is not carried out the authority of this operational order, the terminal refusal is carried out this operational order so; If the DM server has the authority of carrying out this operational order, this operational order is carried out at the terminal so.
In sum; By means of technique scheme of the present invention, can carry out flexible and changeable access rights control, can pass through management object static allocation authority; Also can be through SyncML order dynamic assignment authority; Can support the checking of DM server end and two kinds of mechanism of terminal checking, thereby reliably, safely, simply realize the flexible and changeable access rights of terminal management support, multiple-authentication is provided.
The above is merely the preferred embodiments of the present invention, is not limited to the present invention, and for a person skilled in the art, the present invention can have various changes and variation.All within spirit of the present invention and principle, any modification of being done, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (12)
1. the control method of access rights in equipment control is characterized in that, may further comprise the steps:
Increase the terminal management server label in protocol header, for each node of management object all increases node founder label and the first operating right label corresponding with it;
Terminal management server sends to the terminal with said node founder label and the said first operating right label, and obtains said terminal management server label by said terminal;
If said node founder label is consistent with said terminal management server label, then the node to corresponding management object carries out right assignment in the operating right that the said first operating right label is identified; And
Have the access side under the situation of access rights, said access rights are controlled.
2. control method according to claim 1 is characterized in that said access side comprises server and terminal.
3. control method according to claim 2 is characterized in that, the control of the access rights of server may further comprise the steps:
Be each node of said management object all increase nodal operation person's label and second operating right label corresponding with it, and with these two tag storage on said terminal management server; And
Said terminal management server compares said terminal management server label and said nodal operation person label, and according to the comparative result control of authority that conducts interviews.
4. control method according to claim 3; It is characterized in that; If said terminal management server label is consistent with said nodal operation person label, then said terminal management server will be issued to said terminal in the operational order in the operating right that the said second operating right label is identified.
5. control method according to claim 3 is characterized in that, if said terminal management server label and said nodal operation person label are inconsistent, and then said terminal management server destruction operation order.
6. control method according to claim 2 is characterized in that, the control of the access rights of server may further comprise the steps:
Be each node of said management object all increase nodal operation person's label and second operating right label corresponding with it, and with these two tag storage on said terminal management server;
Said terminal management server sends to said terminal with said nodal operation person label and the said second operating right label, and obtains said terminal management server label by said terminal; And
Said terminal compares said terminal management server label and said nodal operation person label, and according to the comparative result control of authority that conducts interviews.
7. control method according to claim 6 is characterized in that, if said terminal management server label is consistent with said nodal operation person label, the operation in the operating right that the said second operating right label is identified is carried out at then said terminal.
8. control method according to claim 6 is characterized in that, if said terminal management server label and said nodal operation person label are inconsistent, and then said terminal refusal operation command.
9. control method according to claim 1 and 2; It is characterized in that; Said terminal management server label is the domain name of said terminal management server, and the value of node founder label is one, and the value of said nodal operation person label is one or more.
10. according to each described control method among the claim 3-8; It is characterized in that; Said terminal management server label is the domain name of said terminal management server, and the value of said node founder label is one, and the value of said nodal operation person label is one or more.
11. control method according to claim 9 is characterized in that, the value of said node founder label is the value of founder's label of its superior node.
12. control method according to claim 10 is characterized in that, the value of said node founder label is the value of founder's label of its superior node.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007101127809A CN101330500B (en) | 2007-06-18 | 2007-06-18 | Control method for accessing authority of equipment management |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007101127809A CN101330500B (en) | 2007-06-18 | 2007-06-18 | Control method for accessing authority of equipment management |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101330500A CN101330500A (en) | 2008-12-24 |
| CN101330500B true CN101330500B (en) | 2012-05-23 |
Family
ID=40206090
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2007101127809A Expired - Fee Related CN101330500B (en) | 2007-06-18 | 2007-06-18 | Control method for accessing authority of equipment management |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101330500B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101730099B (en) | 2008-10-14 | 2013-03-20 | 华为技术有限公司 | Terminal management method based on authority control and device |
| CN104079437B (en) * | 2010-08-12 | 2017-12-22 | 华为终端有限公司 | Realize the method and terminal of rights management control |
| CN102761575A (en) * | 2011-04-28 | 2012-10-31 | 南京中兴新软件有限责任公司 | Data synchronization method, data synchronization system and portable mobile acquisition device |
| CN102404325B (en) * | 2011-11-23 | 2015-03-11 | 华为技术有限公司 | Message access control method and switch |
| CN103581187B (en) * | 2013-11-05 | 2017-02-15 | 曙光云计算技术有限公司 | Method and system for controlling access rights |
| CN108664795B (en) * | 2017-03-27 | 2022-05-06 | 曲立东 | Data security optimization application system and method based on OTO platform |
| CN111429274A (en) * | 2020-03-09 | 2020-07-17 | 中国建设银行股份有限公司 | Transaction processing method and device |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1617510A (en) * | 2003-11-12 | 2005-05-18 | 华为技术有限公司 | Method for realizing management authorization in network management system |
| CN1627759A (en) * | 2003-12-12 | 2005-06-15 | 国际商业机器公司 | Digital management system and method of managing access right in such system |
| CN1870804A (en) * | 2005-05-25 | 2006-11-29 | 华为技术有限公司 | Method for controlling terminal operation in equipment management |
-
2007
- 2007-06-18 CN CN2007101127809A patent/CN101330500B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1617510A (en) * | 2003-11-12 | 2005-05-18 | 华为技术有限公司 | Method for realizing management authorization in network management system |
| CN1627759A (en) * | 2003-12-12 | 2005-06-15 | 国际商业机器公司 | Digital management system and method of managing access right in such system |
| CN1870804A (en) * | 2005-05-25 | 2006-11-29 | 华为技术有限公司 | Method for controlling terminal operation in equipment management |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101330500A (en) | 2008-12-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10178242B2 (en) | Enterprise gateway to mobile operator | |
| CN101330500B (en) | Control method for accessing authority of equipment management | |
| US9955353B2 (en) | Delegated profile and policy management | |
| CN101325509B (en) | Method, system and apparatus for installing software component | |
| US10440558B1 (en) | Embedded SIM profile download and management system | |
| US20170318465A1 (en) | Method for configuring profile of subscriber authenticating module embedded and installed in terminal device, and apparatus using same | |
| CN106899540B (en) | Update method, management system, eUICC and the terminal of user contracting data | |
| US10567952B1 (en) | ESIM subsidy and operational management | |
| CN104838618A (en) | Method and apparatus for authenticating access authorization in wireless communication system | |
| CN102868998A (en) | Method and device for visiting businesses of internet of things | |
| CN102883300B (en) | User card signing information migration method and user card signing information replacement method and device | |
| CN110996339B (en) | eSIM resource management platform and management method | |
| CN109716805A (en) | A kind of installation method, terminal and the server of subscription data collection | |
| CN108229213A (en) | Access control method, system and electronic equipment | |
| CN102571705B (en) | Information processing method and server | |
| CN103475512A (en) | Internet of Things remote management platform migration method, device and Internet of Things terminal | |
| CN108255502A (en) | A kind of update in library, upload, management method, device and base management system | |
| CN104079437A (en) | Method and terminal for achieving authority management and control | |
| US8326933B2 (en) | Appearance package management method, system and device | |
| CN102461011B (en) | A kind of apparatus and method for generating evidence | |
| CN101924645B (en) | Device management method, device and system | |
| CN113242545B (en) | Updating method and updating system for equipment network locking list | |
| CN112069181B (en) | User data asset transfer method and operator network system | |
| CN101389096A (en) | Method and terminal device for erasing terminal data | |
| CN102929692A (en) | Method of providing process operation in software and application control management object |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Owner name: RUGAO HUACAN PROPERTIES CO., LTD. Free format text: FORMER OWNER: ZTE CORPORATION Effective date: 20141121 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 518057 SHENZHEN, GUANGDONG PROVINCE TO: 226500 NANTONG, JIANGSU PROVINCE |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20141121 Address after: 11, 226500 and 18 sets of Zhenhai dam village, Rugao, Jiangsu, Nantong Patentee after: Rugao Huayi Real Estate Co., Ltd. Address before: 518057 Nanshan District science and Technology Industrial Park, Guangdong high tech Industrial Park, ZTE building Patentee before: ZTE Corporation |
|
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120523 Termination date: 20160618 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |