CN101626379A - Access management method and access management device for classifying access rights in embedded system - Google Patents

Access management method and access management device for classifying access rights in embedded system Download PDF

Info

Publication number
CN101626379A
CN101626379A CN200910108878A CN200910108878A CN101626379A CN 101626379 A CN101626379 A CN 101626379A CN 200910108878 A CN200910108878 A CN 200910108878A CN 200910108878 A CN200910108878 A CN 200910108878A CN 101626379 A CN101626379 A CN 101626379A
Authority
CN
China
Prior art keywords
information
page
cookie
embedded
client
Prior art date
Application number
CN200910108878A
Other languages
Chinese (zh)
Inventor
邹联忠
Original Assignee
深圳市融创天下科技发展有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳市融创天下科技发展有限公司 filed Critical 深圳市融创天下科技发展有限公司
Priority to CN200910108878A priority Critical patent/CN101626379A/en
Publication of CN101626379A publication Critical patent/CN101626379A/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network-specific arrangements or communication protocols supporting networked applications
    • H04L67/02Network-specific arrangements or communication protocols supporting networked applications involving the use of web-based technology, e.g. hyper text transfer protocol [HTTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/953Querying, e.g. by the use of web search engines
    • G06F16/9535Search customisation based on user profiles and personalisation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to network resources
    • H04L63/102Entity profiles

Abstract

The invention is applied to the field of embedded systems and provides an access management method and an access management device which are used for classifying access rights in an embedded system. The method comprises the following steps: after a user passes logon right verification, an embedded server establishes Cookie information including user right information and then transmits the Cookie information back to a client; when the user requests from the client for another page at the website of the embedded server, an embedded server terminal receives the Cookie information and page request information which are transmitted by the client; and the embedded server returns a corresponding page back to the client according to the right information recorded in the Cookie information as well as the page request information. The method not only classifies the right of the user in accessing the embedded system, but also occupies only a little storage space of the embedded system. In addition, the cost for the development and the maintenance of the embedded system is relatively low.

Description

嵌入式系统中访问权限分级的访问管理方法及装置 Embedded systems access hierarchical access management method and apparatus

技术领域 FIELD

本发明属于嵌入式系统领域,尤其涉及一种嵌入式系统中访问权限分级的访问管理方法及装置。 The present invention belongs to the field of embedded systems, in particular, it relates to a method and apparatus for managing access to embedded system access fractionated.

背景技术 Background technique

目前,将WEB技术用于嵌入式系统中己经成为一个热点,通过在嵌入式设备中运行嵌入式Web服务器,可用标准浏览器在Internet网络的远端对这些设备进行访问与控制,通过访问存储在设备中的网页,动态地反映嵌入式设备的运行状态以及执行操作后的反馈信息。 Currently, the WEB technology for embedded systems has become a hot spot, using standard browser access and control of these devices in the distal end of the Internet network by running in embedded devices embedded Web server, by accessing the memory in the device pages dynamically reflect the operational status of the embedded device and the feedback information to perform the operation. 给嵌入式系统采集、检测、分析、控制、 系统维护等带来新的功能优势,如远程采集、监控、系统维护等。 Embedded systems collection, testing, analysis, control, maintenance and other advantages to bring new features, such as remote acquisition, monitoring, and system maintenance.

将web应用于嵌入式系统,具有以下优势: The web used in embedded systems, has the following advantages:

(1) 无须研发客户端软件,网络浏览器作为通用客户端的人机界面可运行于各个平台,无论是Windows、 Unix均可,与所在工作站的操作系统无关; (1) R & D without client software, a web browser as a universal client machine interface can run on various platforms, whether Windows, Unix can be, regardless of the operating system where the workstations;

(2) 浏览器的界面简单易用,无需进行额外的使用培训; (2) easy to use browser interface, without the need for additional training in the use;

(3) 可通过浏览器进行服务器端软件的下载、升级和更新,使管理和升级现场设备应用软件更加轻松和方便; (3) can be carried out by the browser to download the server software upgrades and updates, manage and upgrade the application software field devices easier and more convenient;

(4) 同一个服务器设备可被多个浏览器同时访问,只需通过安全认证,可以使用户通过Internet网进行远程监测、控制、升级,节省人力资本; (4) with a server device can be multiple browsers to simultaneously access simply by safety certification allows users through the Internet network remote monitoring, control, upgrade, saving human capital;

由于通过浏览器即可对远端嵌入式设备进行操作,这样对web服务器的安全性提出了更高的要求。 Due to the remote embedded devices operate through a browser, so web server security put forward higher requirements. 于是Web访问权限认证分级应用而生,通过访问权限对用户的访问权限进行规划,如可将用户分为特殊用户、 一般用户。 So Web access authentication hierarchical application was born, and plan to access the user's access rights by such user can be divided into specific user, general user. 对不同的用户给予不同的权限,包括所具有的访问操作权利和可使用的资源。 Given different permissions to different users, including access operation it has rights and resources available. 这样不同的人就能对设备进行不同的操作,如有的只能査看参数与系统运行状态,而有的用户即可以査看参数,也可以修改参数并且控制设备。 Such equipment can be different people perform different operations, if any, can only view the operating state of the system parameters, i.e., the user can view and some parameters, to modify parameters and control apparatus.

现有技术下,上述应对上述权限分级的处理方法是在嵌入式设备中存储不 Under the prior art, the authority to deal with the above-described processing method is fractionated not stored in embedded devices

同的web页面。 The same web page. 这样不同权限用户登录后使用不同的web页面可以实现用户分级权限。 So that different users different permissions of the web page after logging users can achieve the classification authority. 但是嵌入式系统的存储容量是很有限的,分开存储不同权限的web页面造成嵌入式设备中宝贵存储空间的浪费;特别是在分级权限用户较多时,这种浪费情况就会对嵌入式系统造成严重影响。 However, the storage capacity of embedded systems is very limited, store different privileges separate web page embedded devices wasted valuable storage space; especially in the more hierarchical user rights, this situation will result in a waste of embedded systems Serious impact. 而且,分开维护存储的不同web 网页程序对开发人员来说也会带来繁重的开发负担。 Moreover, to maintain separate different web pages stored program for developers will also have a heavy burden of development.

发明内容 SUMMARY

本发明的目的在于提供嵌入式系统中访问权限分级的访问管理方法及装置,旨在解决现有技术下,嵌入式系统中对用户进行权限分级的管理会占用过多存储空间且嵌入式系统的开发维护的成本高的问题。 Object of the present invention to provide a method and apparatus for managing access to embedded system access classification, to solve the prior art, the user authority management hierarchy embedded systems consume too much storage and embedded systems development and maintenance of high cost.

本发明是这样实现的, 一种嵌入式系统中访问权限分级的访问管理方法, 所述访问管理方法包括: The present invention is implemented in an embedded system access hierarchical access management method, the access management method comprising:

在用户通过登录权限的验证后,嵌入式服务器创建包括用户权限信息的 After verifying the user logs permissions, create an embedded server information including user permissions

Cookie信息,然后发送所述Cookie信息回到客户端; Cookie information, Cookie and then transmits the information back to the client;

用户从客户端请求嵌入式服务器站点上的其他页面时,嵌入式服务器端接 When a user requests another page on the site embedded server from the client, the embedded server side

收到客户端一起发送过来的cookie信息与页面请求信息; Receipt sent with the client over the cookie information and the page request information;

嵌入式服务器根据cookie信息记载的权限信息与页面请求信息将相应权限页面返回给客户端。 Embedded server request information under the authority cookie information and the page information described in the appropriate permissions page returned to the client.

本发明的另一目的在于提供一种嵌入式系统中访问权限分级的访问管理装置,所述访问管理装置包括: Another object of the present invention is to provide access to an embedded system hierarchical access management means, the access management means comprises:

Cookie信息创建单元,用于在用户通过登录权限的验证后,创建包括用户权限信息的Cookie信息,然后发送所述Cookie信息回到客户端; Cookie information creating unit configured to, after verification of user login rights, create a Cookie information includes user rights information, Cookie and then transmits the information back to the client;

页面请求单元,用于在用户从客户端请求嵌入式服务器站点上的其他页面时,将cookie信息与页面请求信息一起发送到嵌入式服务器端; Page requesting unit when the user requests another page on the site embedded server from the client, the cookie information along with the page request message to the embedded server;

页面返回单元,用于根据cookie信息记载的权限信息及页面请求信息将相应权限页面返回给客户端。 Page return unit, information for the appropriate rights to the page returned to the client authorization information page and cookie information described in accordance with a request.

本发明的有益效果是:通过使用cookie信息记录用户权限,在用户请求页面时,嵌入式系统根据cookie信息中记载的用户权限对页面处理后就可以将相应权限的页面返回给用户。 Advantageous effects of the invention are: by recording user rights cookie information, when a user requests a page, the page embedded system may be returned to the user the appropriate permissions for the user rights after processing in accordance with the page information described in the cookie. 因此,嵌入式服务器在实现对用户的访问权限进行分级限制的同时,只占用嵌入式系统较少的存储空间,且可以极大减少嵌入式服务器开发维护的成本。 Consequently, the embedded server at the same time to achieve access to the user's rating restrictions, and only take up less storage space for embedded systems, and embedded servers can significantly reduce development and maintenance costs.

附图说明 BRIEF DESCRIPTION

图1是本发明实施例提供的一种嵌入式系统中访问权限分级的访问管理方法流程图; 1 is a flowchart of an embedded system according to the hierarchical access to the access management method according to the present invention;

图2是本发明实施例提供的一种嵌入式系统中访问权限分级的用户登录认证的时序图; FIG 2 is an embedded system according to an embodiment of the present invention, a user login access authentication hierarchical timing chart;

图3是本发明实施例提供的一种嵌入式系统中访问权限分级的用户请求页面的时序图; FIG 3 is an embedded system according to a user's access to the embodiment of the present invention, staged timing diagram of a page request;

图4是本发明实施例提供的一种嵌入式系统中访问权限分级的访问管理装置结构图。 FIG 4 is an embedded system according to an embodiment of the present invention, access to the hierarchical structure of the access management apparatus FIG.

具体实施方式 Detailed ways

为了使本发明的目的、技术方案及优点更加清楚明白,以下结合附图及实施例,对本发明进行进一步详细说明。 To make the objectives, technical solutions and advantages of the present invention will become more apparent hereinafter in conjunction with the accompanying drawings and embodiments of the present invention will be further described in detail. 应当理解,此处所描述的具体实施例仅仅用以解释本发明,并不用于限定本发明。 It should be understood that the specific embodiments described herein are only intended to illustrate the present invention and are not intended to limit the present invention.

在本发明实施例中,通过cookie信息记录用户的权限,在用户请求页面时, 嵌入式系统根据用户发送的请求页面信息及cookie信息中的权限信息进行响应,然后返回相应权限页面。 In an embodiment of the present invention, when the user requests a page, the embedded system responds according to the authority information and the cookie information page information request sent by the user through the user's cookie information recording permission, and then returns the appropriate permissions page. 从而只需对页面的权限进行处理就可以将相应权限页面返回给用户,减少对嵌入式系统的存储空间的占用及系统开发维护的成本。 Thus only permissions page for processing can be appropriate permissions page back to the user, reducing the footprint and system for embedded systems development and maintenance of storage space costs.

Cookie信息是由服务器端生成的。 Cookie information is generated by the server. 一般情况下,服务器生成cookie信息后发送给User-Agent (客户端, 一般是浏览器),浏览器可以将Cookie信息的key/value保存到某个目录下的文本文件内,下次请求同一网站时就可以同时发送该Cookie信息给服务器(当然,前提是浏览器设置为启用cookie)。 Under normal circumstances, the server generates cookie information is sent to the User-Agent (client, usually a browser), the browser can save the key / value Cookie information to a text file in a directory, the next request for the same site when you can simultaneously transmit the Cookie information to the server (of course, that your browser is set to enable cookie). Cookie名称和值可以由服务器端自己定义,这样服务器可以知道该用户是否合法用户以及是否需要重新登录等。 Cookie name and value can be defined by the server yourself, so that the server can know whether the user is a legitimate user and the need to log in again and so on.

图1示出了本发明实施例提供的一种嵌入式系统中访问权限分级的访问管理方法流程。 FIG 1 illustrates an embedded system embodiment of the present invention to provide access to the hierarchical access management method flow embodiments. 该流程具体步骤包括: The process specifically comprises:

在步骤S101中,在用户通过登录权限的验证后,嵌入式服务器创建包括用户权限信息的Cookie信息,然后发送所述Cookie信息回到客户端; In step S101, after verification by the user logon rights, the embedded server creates Cookie information including user rights information, and then send the Cookie information back to the client;

客户端收到cookie信息后存储在指定目录下的一个临时文件上。 The client receives information on a temporary cookie files stored in the specified directory. 该临时文件在用户使用结束时自动删除,这样有利于用户信息的保密。 The temporary files are automatically deleted at the end users, it is a good confidential user information.

在步骤S102中,用户从客户端请求嵌入式服务器站点上的其他页面时,嵌入式服务器端接收到客户端一起发送过来的cookie信息与页面请求信息; In step S102, the user requests other pages on the site embedded server from the client, the server receives embedded sent by the client together with the cookie information page request information;

在步骤S103中,嵌入式服务器根据cookie信息记载的权限信息与页面请求信息将相应页面返回给客户端。 In step S103, the embedded information according to the rights server cookie information with the page request information described in the respective page back to the client.

上述访问管理方法实现了对用户访问嵌入式服务器的权限进行分级,同时只占用嵌入式系统中较少的存储空间,且降低系统的开发维护成本。 It said access management method enables the user access to the embedded server grading, while occupying only embedded systems less storage space and reduce system development and maintenance costs.

图2示出了本发明实施例提供的一种嵌入式系统中访问权限分级的用户登录认证的时序。 FIG 2 illustrates an embedded system embodiment of the present invention to provide access to the user login authentication hierarchical timing embodiment.

嵌入式系统中的服务器可以为ftp服务器、邮件服务器及web服务器等。 Embedded systems can ftp server servers, mail servers and web servers. 在本发明实施例中,嵌入式服务器为嵌入式web服务器。 In an embodiment of the present invention, the embedded web server embedded server. 嵌入式web服务器可以很轻松地对其网页页面的功能进行处理。 Embedded web server can easily process its functional web page. 如去除相关功能只需去除或掩盖相关程序;置相关功能于不可使用状态只需执行使相关功能置于不可用状态的指令就可以完成。 Related functions such as the removal or simply removing the masking procedures; placed in an unusable state related functions simply executes a function associated instruction placed in the unavailable state can be completed. 上述嵌入式服务器根据cookie信息记载的权限信息与页面请求信息将相应页面返回给客户端中,相应权限页面就是由嵌入式web服务器将保存的最大权限网页页面中超出该相应权限的功能去除或置于不能使用状态而形成的与相应权限相对应的网页页面。 According to the above request permission information embedded server cookie information with the page information described in the respective page back to the client, the corresponding page is the appropriate permission rights ACCESS embedded web server by the web page stored in the excess removal or setting functions with appropriate privileges corresponding to the web page can not be formed by use state.

在本发明实施中,嵌入式Web服务器(server)支持CGI (Common Gateway Interface,公共网关接口) 。 In the embodiment of the present invention, the embedded Web server (server) support CGI (Common Gateway Interface, Common Gateway Interface). CGI是一个规范,规定了外部应用程序与信息服务器,比如HTTP或Web服务器的接口标准。 CGI is a specification that provides external applications with information servers, such as interface standard HTTP or Web servers. CGI程序可以用多种程序语言来实现,如Perl, C语言,UNIX Shell等。 CGI programs can be implemented in a variety of programming languages ​​such as Perl, C language, UNIX Shell and the like. 在本发明实施例中,由于嵌入式系统的限制,因此采用C语言来编写CGI程序。 In an embodiment of the present invention, due to limitations of the embedded system, so the use of CGI programs written in C language. 相比其它语言,C语言占用资源少,效率高,最适合在嵌入式系统中应用。 Compared to other languages, C language small footprint, high efficiency, the most suitable for use in embedded systems. 通过Web服务器提供的CGI接口, 就可以开发CGI网页程序,实现用户浏览器和嵌入式系统之间动态交互的功能。 CGI interface provided by the Web server, CGI web applications can be developed to achieve the function of the dynamic interaction between the user's browser and embedded systems.

在本发明实施例中,嵌入式Web服务器中的CGI网页程序在用户通过登录权限的验证后创建包含用户权限字段的Cookie信息,并把Cookie从服务器传送到浏览器,保存在浏览器指定的目录下。 After verifying the embodiment of the present invention, CGI web applications embedded Web server at user logon rights created by the Cookie information containing the user rights for a field, and the Cookie from the server to the browser, saved in the specified directory browser under.

在本发明实施例中,创建Cookie信息的具体方式如下: In a specific embodiment of the present invention, the following information is created Cookie:

http cookie的发送是通过http头部来实现的,它早于文件的传递,头部set-cookie的语法如下: Send http cookie is achieved through http head, it is earlier than the transmission of documents, set-cookie header syntax is as follows:

Set—cookie:name二name;expires二date;path二path;domain=domain;secure Set-cookie: name two name; expires two date; path two path; domain = domain; secure

下面对set-cookie语法中的各个参数分别进行说明: Next, set-cookie syntax of individual parameters are explained:

name=name:需要设置cookie的值(name中不能使用〃 ; 〃和〃, 〃号),有多个name值时用〃; 〃分隔例如:namel=namel ;name2= name2;name3二name3。 name = name: to set the value of the cookie (name can not be used 〃; and 〃 〃, 〃 number), when a plurality of name 〃 values; 〃 partition example: namel = namel; name2 = name2; name3 two name3.

eXpires=date: cookie 的有效期限,其格式为: expires=〃Wdy, DD-Mon-YYYY HH:MM:SS"。 eXpires = date: cookie expiration date in the format: expires = 〃Wdy, DD-Mon-YYYY HH: MM: SS ".

path=path:设置cookie支持的路径。 path = path: Set the path cookie support. 如果path是个路径,则cookie对这个目录下的所有文件及子目录生效。 If the path is a path, this cookie is valid for all files and subdirectories in this directory.

domain=domain:对cookie生效的域名。 domain = domain: the domain name of the cookie is valid. secure:如果给出此标志,表示cookie只能通过SSL协议的https服务器来传递。 secure: If this flag is given that the cookie can only be transferred through https server SSL protocol.

cookie的接收是通过设置环境变量HTTP—COOKIE来实现的,CGI网页程序通过检索该变量获取cookie信息。 receiving the cookie is achieved by setting the environment variables HTTP-COOKIE, CGI program by searching the web cookie information acquisition variable.

在本发明实施例中,嵌入式服务器利用上述的方式在用户登录验证后把用户的权限信息(例如: Set-cookie :user二Administrator 或Set-cookie:user=guest)写入cookie信息中,然后发送到客户端的浏览器。 In an embodiment of the present invention, the above-described manner using the embedded server after the user logs the authentication authority information of the user (e.g.: Set-cookie: user Administrator two or Set-cookie: user = guest) cookie information is written, and then sent to the client browser. 客户端会将Cookie信息保存到指定目录下的文本文件内,这样方便用户再次使用该cookie信息以及保护该cookie信息的安全。 The client will save the Cookie information to a text file in the specified directory, so user-friendly that cookie information again and secure the cookie information. 当用户下次提交请求页面时, CGI程序根据浏览器发送的页面请求信息携带的cookie信息判别用户的权限级别,从而根据不同的权限实现对用户进行分级控制的功能。 When a user submits a request the next page, CGI program requests cookie information carried by discriminating user's privilege level according to the page sent by the browser, enabling the user to control the functional classification based on different permissions.

为了增加设备的安全性,可以对cookie信息进行加密。 To increase the security device, you can encrypt the cookie information. 加密的方式可以是MD5、 AES等加密方式。 Encryption can be a way MD5, AES and other encryption methods. 在本发明实施例中,仅对cookie信息的权限信息进行AES加密,以提高设备的安全性。 In an embodiment of the present invention, the authority information only cookie information AES encryption to enhance security of the device. 仅将cookie信息中权限信息进行加密可以简化加密内容;权限信息的加密方式为AES加密时的保密性更强。 The only cookie information is encrypted rights information can simplify the encrypted content; encryption for privacy rights information when AES encryption is stronger.

图3示出了本发明实施例提供的一种嵌入式系统中访问权限分级的用户请求页面的时序。 Figure 3 shows a embodiment of the present invention to provide an embedded system in the embodiment of a user access request timing hierarchy of the page. 当用户登录完成再请求站点上的其他页面时,浏览器会将cookie信息与页面请求信息一起发送到嵌入式服务器端。 When a user logs on to complete before requesting another page on the site, the browser cookie information and the page will be sent with the request for information to the embedded server. 本发明实施例中,嵌入式web服务器的CGI网页程序获取到这个cookie信息后,提取出cookie信息中经过加密的权限字段,再经过AES解密算法,得到用户权限级别,然后根据不同的权限对页面进行处理后再将该权限页面发送给客户端。 Embodiments of the present invention, after the web CGI program embedded web server to obtain the cookie information, the cookie information is extracted in an encrypted Rights field, and then through the AES decryption algorithm to obtain user permission level, and then depending on the page permissions processed and then the permissions page sent to the client.

图4示出了本发明实施例提供的一种嵌入式系统中访问权限分级的访问管理装置结构。 FIG. 4 shows a configuration of the present invention is an embedded device access management system according to the embodiment of the hierarchical access. 为了便于描述,这里只示出了与本发明相关的部分。 For ease of description, herein illustrate only portions related to the present invention. 该访问管理装置结构包括: The access management device structure comprising:

Cookie信息创建单元401,用于在用户通过登录权限的验证后,创建包括用户权限信息的Cookie信息,然后发送所述Cookie信息回到客户端;具体如上所述。 Cookie information creating unit 401, user authentication for the login permissions to create Cookie information includes user rights information, Cookie and then transmits the information back to the client; detailed above.

页面请求单元402,用于用户从客户端请求嵌入式服务器站点上的其他页面时,将cookie信息与页面请求信息一起发送到嵌入式服务器端;具体如上所述。 Page request unit 402, a user requests another page on the site embedded server from the client, the cookie information is transmitted together with the page request information to the embedded server; detailed above.

页面返回单元403,用于根据cookie信息记载的权限信息及页面请求信息将相应权限页面返回给客户端。 Page return unit 403, rights information for the respective page back to the client, and authorization information page according to the cookie information described in the request. 具体如上所述。 Detailed above.

所述cookie信息创建单元401包括:加密模块,用于在创建cookie信息时对其中的权限信息进行AES加密;具体如上所述。 The cookie information creating unit 401 comprises: an encryption module, wherein the rights information for AES encryption information when creating the cookie; detailed above.

所述页面返回单元403包括:解密模块,用于对从cookie信息中提取的权限字段进行AES解密。 The page return unit 403 includes: a decryption module for extracting information from the cookie fields AES decryption authority. 具体如上所述。 Detailed above.

以上所述仅为本发明的较佳实施例而已,并不用以限制本发明,凡在本发明的精神和原则之内所作的任何修改、等同替换和改进等,均应包含在本发明的保护范围之内。 The above are only preferred embodiments of the present invention but are not intended to limit the present invention, any modifications within the spirit and principle of the present invention, equivalent replacements and improvements should fall in the protection of the present invention within range.

Claims (10)

1、一种嵌入式系统中访问权限分级的访问管理方法,其特征在于,所述访问管理方法包括: 在用户通过登录权限的验证后,嵌入式服务器创建包括用户权限信息的Cookie信息,然后发送所述Cookie信息回到客户端; 用户从客户端请求嵌入式服务器站点上的其他页面时,嵌入式服务器端接收到客户端一起发送过来的cookie信息与页面请求信息; 嵌入式服务器根据所述cookie信息记载的权限信息与页面请求信息将相应权限页面返回给客户端。 1, an embedded system access hierarchical access management method, characterized in that the access management method comprising: after the verification of user login rights, embedded server creates Cookie information includes user rights information, and then transmits the cookie information back to the client; when the user requests other pages on the site embedded server from the client, the server receives embedded with the client sends over the cookie information and the page request information; embedded server based on the cookie page information and permission information described in the appropriate permissions page request information back to the client.
2、 如权利要求1所述的访问管理方法,其特征在于,所述服务器根据用户的权限信息创建Cookie信息时对cookie信息中的权限信息进行加密。 2, access management method as claimed in claim 1, wherein said server encrypts the cookie information in the right information when the right information based on the user information to create Cookie.
3、 如权利要求1所述的访问管理方法,其特征在于,所述客户端收到cookie 信息后,将所述cookie信息保存在客户端指定目录下的临时文件中。 3, access management method as claimed in claim 1, characterized in that, after the client receives cookie information, the cookie information stored in the client-specified file in the temporary directory.
4、 如权利要求l所述的访问管理方法,其特征在于,所述嵌入式服务器为嵌入式web服务器,客户端为浏览器;所述相应权限页面为嵌入式web服务器将保存的最大权限网页页面中超出所述相应权限的功能去除或置于不能使用状态而形成的与相应权限相对应的网页。 4. The access management method according to claim l, characterized in that the embedded web server embedded server, the client browser; the appropriate permissions for the embedded web server page saved page maximum privilege permissions corresponding to the respective web page beyond the appropriate permissions removal function can not be used or placed in a state formed.
5、 如权利要求4所述的访问管理方法,其特征在于,所述嵌入式服务器支持公共网关接口;所述嵌入式服务器根据cookie信息记载的权限信息与页面请求信息返回的相应权限页面为公共网关接口网页页面。 5, access management method as claimed in claim 4, wherein said embedded server supports the Common Gateway Interface; the embedded server requesting permission page information returned by the authority information with the page information described in the public cookie gateway Interface web page.
6、 如权利要求l所述的访问管理方法,其特征在于,所述嵌入式服务器根据cookie信息记载的权限信息与页面请求信息将相应权限页面返回给客户端为-嵌入式服务器获取客户端发送过来的cookie信息后,提取出cookie信息中的权限字段,再根据用户权限对页面进行处理后将相应权限页面返回给客户^山顿。 6. The access management method according to claim l, wherein said embedded server request information under the authority information with the page information is described in the corresponding cookie permissions page is returned to the client - server acquires the client embedded transmission after over cookie information, extracted rights field cookie information, and then the pages will be processed and returned to the customer the appropriate permissions page ^ Shandon based on user permissions.
7、 如权利要求2所述的访问管理方法,其特征在于,所述嵌入式服务器根据cookie信息记载的权限信息与页面请求将相应权限页面返回给客户端为:嵌入式服务器获取客户端发送过来的cookie信息后,提取出cookie信息中的权限字段并进行解密,再根据解密出的用户权限处理页面后将相应权限页面返回给客户端。 7, access management method as claimed in claim 2, wherein said embedded server returns a page to the appropriate rights and permission information described in the cookie information page according to the client as a request: Get embedded server sent by the client after the cookie information, extracted rights field cookie information and decrypted, then the appropriate permissions page returned to the client based on user rights after decrypted processing page.
8、 如权利要求7所述的访问管理方法,其特征在于,所述进行加密为进行AES加密;所述进行解密为进行AES解密。 8, access management method as claimed in claim 7, characterized in that, the AES encryption is encrypted; decrypting For the AES decryption.
9、 一种嵌入式系统中访问权限分级的访问管理装置,其特征在于,所述装置包括-Cookie信息创建单元,用于在用户通过登录权限的验证后,创建包括用户权限信息的Cookie信息,然后发送所述Cookie信息回到客户端;页面请求单元,用于在用户从客户端请求嵌入式服务器站点上的其他页面时,将cookie信息与页面请求信息一起发送到嵌入式服务器端;页面返回单元,用于根据cookie信息记载的权限信息及页面请求信息将相应权限页面返回给客户端。 9, an embedded system access hierarchical access management apparatus, wherein the apparatus comprises -Cookie information creating unit configured to, after verification of user login rights, create a Cookie information includes user rights information, cookie then sends the information back to the client; page requesting unit when the user requests another page on the site embedded server from the client, the cookie information is transmitted together with the page request information to the embedded server; page back means for requesting the page information according to the authority information and the cookie information described in the corresponding permissions page back to the client.
10、 如权利要求9所述的访问管理装置,其特征在于,所述cookie信息创建单元包括:加密模块,用于在创建cookie信息时对其中的权限信息进行AES 加密;所述页面返回单元包括:解密模块,用于对从cookie信息中提取的权限字段进行AES解密。 10, the access management apparatus as claimed in claim 9, wherein the cookie information creating unit comprises: an encryption module, wherein the rights information for AES encryption information when creating the cookie; the page return unit comprises : decryption module for extracting information from the cookie permissions fields AES decryption.
CN200910108878A 2009-08-11 2009-08-11 Access management method and access management device for classifying access rights in embedded system CN101626379A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN200910108878A CN101626379A (en) 2009-08-11 2009-08-11 Access management method and access management device for classifying access rights in embedded system

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200910108878A CN101626379A (en) 2009-08-11 2009-08-11 Access management method and access management device for classifying access rights in embedded system
PCT/CN2009/076268 WO2011017899A1 (en) 2009-08-11 2009-12-30 Access management method and device for access right classification in embedded system

Publications (1)

Publication Number Publication Date
CN101626379A true CN101626379A (en) 2010-01-13

Family

ID=41522065

Family Applications (1)

Application Number Title Priority Date Filing Date
CN200910108878A CN101626379A (en) 2009-08-11 2009-08-11 Access management method and access management device for classifying access rights in embedded system

Country Status (2)

Country Link
CN (1) CN101626379A (en)
WO (1) WO2011017899A1 (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102158493A (en) * 2011-04-15 2011-08-17 奇智软件(北京)有限公司 Cookie analyzing method, device thereof and client
CN102419771A (en) * 2011-11-30 2012-04-18 华为技术有限公司 Method, device and system for recommending accessible website to user
CN102546575A (en) * 2010-12-31 2012-07-04 上海博泰悦臻电子设备制造有限公司 Single sign-on method and system
CN103634271A (en) * 2012-08-21 2014-03-12 腾讯科技(深圳)有限公司 An authority control system, an apparatus and an authority control method for a network request
CN104320456A (en) * 2014-10-22 2015-01-28 迈普通信技术股份有限公司 Page pushing method and related device
CN104468493A (en) * 2013-09-25 2015-03-25 腾讯科技(深圳)有限公司 Method and system for logging into web page in network communication
CN105824283A (en) * 2015-01-22 2016-08-03 欧姆龙株式会社 Programmable display
CN106254451A (en) * 2016-08-01 2016-12-21 迈普通信技术股份有限公司 Embedded device web menu control system and method

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7496950B2 (en) * 2002-06-13 2009-02-24 Engedi Technologies, Inc. Secure remote management appliance
EP1833222A1 (en) * 2006-03-10 2007-09-12 Abb Research Ltd. Access control protocol for embedded devices

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102546575A (en) * 2010-12-31 2012-07-04 上海博泰悦臻电子设备制造有限公司 Single sign-on method and system
CN102158493A (en) * 2011-04-15 2011-08-17 奇智软件(北京)有限公司 Cookie analyzing method, device thereof and client
CN102419771A (en) * 2011-11-30 2012-04-18 华为技术有限公司 Method, device and system for recommending accessible website to user
CN103634271A (en) * 2012-08-21 2014-03-12 腾讯科技(深圳)有限公司 An authority control system, an apparatus and an authority control method for a network request
CN103634271B (en) * 2012-08-21 2018-07-06 腾讯科技(深圳)有限公司 A kind of authority control method of authority control system, device and network request
CN104468493B (en) * 2013-09-25 2018-12-11 腾讯科技(深圳)有限公司 The method and system of web page are logged in network communication
CN104468493A (en) * 2013-09-25 2015-03-25 腾讯科技(深圳)有限公司 Method and system for logging into web page in network communication
CN104320456B (en) * 2014-10-22 2018-04-20 迈普通信技术股份有限公司 A kind of page push method and relevant device
CN104320456A (en) * 2014-10-22 2015-01-28 迈普通信技术股份有限公司 Page pushing method and related device
CN105824283A (en) * 2015-01-22 2016-08-03 欧姆龙株式会社 Programmable display
CN106254451A (en) * 2016-08-01 2016-12-21 迈普通信技术股份有限公司 Embedded device web menu control system and method
CN106254451B (en) * 2016-08-01 2019-10-11 迈普通信技术股份有限公司 Embedded device web menu control system and method

Also Published As

Publication number Publication date
WO2011017899A1 (en) 2011-02-17

Similar Documents

Publication Publication Date Title
Badger et al. A domain and type enforcement UNIX prototype
CN1328636C (en) Method and system for peer-to-peer authorization
CN101589591B (en) Data transfer controlling method, content transfer controlling method, content processing information acquisition method
US8572119B2 (en) System for providing session-based network privacy, private, persistent storage, and discretionary access control for sharing private data
EP1680727B1 (en) Distributed document version control
CN100530207C (en) Distributed filesystem network security extension
US7293098B2 (en) System and apparatus for storage and transfer of secure data on web
EP1552395B1 (en) Enterprise computer investigation system
US20050278259A1 (en) Digital rights management in a distributed network
US20060242241A1 (en) Dual authentication of a requestor using a mail server and an authentication server
CN102055730B (en) Cloud processing system, cloud processing method and cloud computing agent device
US9307036B2 (en) Web access using cross-domain cookies
CN102687133B (en) Containerless data for trustworthy computing and data services
CN1290014C (en) Method and apparatus for serving content from semi-trusted server
CN100544361C (en) Method and device for managing session identifiers
US20060236406A1 (en) System and computer based method to automatically archive and retrieve encrypted remote client data files
EP1332428B1 (en) Method and system for establishing a trusted and decentralized peer-to-peer network
USRE44364E1 (en) Method of encrypting information for remote access while maintaining access control
CN1323508C (en) A Single Sign On method based on digital certificate
CN102281314B (en) Data cloud storage system
KR20090091727A (en) Creating and verifying globally unique device-specific identifiers
CN101207485B (en) System and method of unification identification safety authentication for users
US20030208689A1 (en) Remote computer forensic evidence collection system and process
JP2004185396A (en) Authentication system
BRPI0709986B1 (en) Method and system for accelerating delivery from a computer environment to a remote customer

Legal Events

Date Code Title Description
C06 Publication
C10 Entry into substantive examination
C12 Rejection of a patent application after its publication