CN103338194A - Credibility based cross- security domain access control system and method - Google Patents
Credibility based cross- security domain access control system and method Download PDFInfo
- Publication number
- CN103338194A CN103338194A CN201310236492XA CN201310236492A CN103338194A CN 103338194 A CN103338194 A CN 103338194A CN 201310236492X A CN201310236492X A CN 201310236492XA CN 201310236492 A CN201310236492 A CN 201310236492A CN 103338194 A CN103338194 A CN 103338194A
- Authority
- CN
- China
- Prior art keywords
- security domain
- user
- credit worthiness
- server
- stride
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 22
- 238000011156 evaluation Methods 0.000 claims description 12
- 238000013507 mapping Methods 0.000 claims description 8
- 238000012550 audit Methods 0.000 claims description 3
- 230000005540 biological transmission Effects 0.000 claims description 3
- 238000013475 authorization Methods 0.000 abstract 2
- 230000003993 interaction Effects 0.000 abstract 1
- 238000012935 Averaging Methods 0.000 description 2
- 238000010276 construction Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 208000027418 Wounds and injury Diseases 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 239000012141 concentrate Substances 0.000 description 1
- 238000011217 control strategy Methods 0.000 description 1
- 230000006378 damage Effects 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 208000014674 injury Diseases 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
Images
Abstract
The invention provides a credibility based cross-security domain access control system and method. The system is characterized by comprising a cross-security domain access proxy server, an authorization strategy server, an in-security domain credibility server and an inter-security domain credibility server, wherein the cross-security domain access proxy server receives cross-security domain sharing resources access request information, and sends the information to the authorization strategy server for decision determining; the in-security domain credibility server and the inter-security domain credibility server are respectively used for storing and updating of credibility of users in the security domain and in different security domains. According to the invention, the user role automatically changes with the credibility change in the interaction process, so as to change the access authority of the users for the sharing resources, and as a result, the sharing resources of different security domains can be safely accessed.
Description
Technical field
The invention belongs to field of information security technology, be specifically related to a kind ofly stride security domain access control system and method based on credit worthiness assessment.
Background technology
Efficient public security system construction towards large-scale information system is an extremely complicated job, is the individual challenging difficult problem that has much for large organization designs the effective security system of a cover complete sum always.A kind of thinking is the safety problem that the strategy of employing graduation protection solves information network; namely at Information System configuration and applying unit; attacked factors such as demands for security such as destroying the back extent of injury that causes and safety cost according to the significance level of unit, the significance level of information system bearer service, significance level and the information system of the information content; grading standard according to regulation is set its protection class; independently carry out information system security construction and safety management, thereby improve science, globality and the practicality of safeguard protection.
Large-scale information system is carried out hierarchical protection, is not the protection of whole system being carried out same grade, but carries out the protection of different brackets at the different business zone of internal system.Therefore, the security domain division is the basic steps of carrying out the information security hierarchical protection.Security domain refers in the same system different Different Logic subnet or the networks of dividing according to the elements such as character, the main consuming body, Security Target and strategy of information; each logic region has identical safeguard protection demand; have identical safe access control and boundary Control strategy; interregional have a mutual trust relation, and same security strategy is shared in identical network security territory.
Striding the primary security risk that security domain visit faces in same information system is the trusting relationship problem, namely how to set up the mutual trusting relationship of striding in the security domain access process and the authority of definite shared resource visit.It is how to represent and operate that access control model has defined main body, object, visit, and it has determined ability to express and the flexibility of delegated strategy.Current, in the security domain and the research of the access control between security domain mainly concentrate on and force access control, autonomous access control and based on role's access control.Basic thought based on role's access control is the concept of introducing the role between user and access rights, user and specific one or more role interrelate, role and one or more access permission power interrelate, and the role can generate according to the needs of real work or cancellation.
Summary of the invention
In order to overcome above-mentioned the deficiencies in the prior art, the invention provides and a kind ofly stride security domain access control system and method based on credit worthiness assessment, make user's role automatically make corresponding change along with the variation of credit worthiness in reciprocal process, thereby change it to the access rights of shared resource, reach guarantee can be carried out secure access to the shared resource in the different security domains purpose.
In order to realize the foregoing invention purpose, the present invention takes following technical scheme:
Provide a kind of based on credit worthiness assessment stride the security domain access control system, described system comprises strides in security domain access proxies, delegated strategy server, the security domain credit worthiness server between credit worthiness server and security domain; The described security domain access proxies of striding receives and to stride security domain shared resource accessing request information, and the described security domain shared resource accessing request information of striding sent to the judgement of making a strategic decision of described delegated strategy server, in the described security domain between credit worthiness server and security domain the credit worthiness server respectively safe intra domain user credit worthiness is stored with different security domain user credit worthinesses and upgrades.
Described striding comprising user ID, user cipher and need stride security domain accessed resources information from safety intra domain user and the security domain shared resource accessing request information of striding of striding safe intra domain user transmission of security domain access proxies reception.
The described security domain access proxies of striding receives from what the safety intra domain user sent and strides security domain shared resource accessing request information, to stride security domain shared resource accessing request information and send to the delegated strategy server, the delegated strategy server is inquired about this user's credit worthiness value of credit worthiness server stores in the described security domain according to striding security domain shared resource accessing request information, and according to the secure access strategy of the setting judgement of making a strategic decision.
After adopting online mode or adopting off-line editing access rule file the secure access strategy is imported the delegated strategy server mode and set the secure access strategy.
The described security domain access proxies of striding receives from what stride that safe intra domain user sends and strides security domain shared resource accessing request information, to stride security domain shared resource accessing request information and send to the delegated strategy server, the delegated strategy server is striden the credit worthiness renewal of safe intra domain user in this security domain according to this credit worthiness of striding safe intra domain user place security domain with this and is striden safe intra domain user credit worthiness, carries out roles evaluates and provides or refuse to stride security domain shared resource access services according to assessment result.
The delegated strategy server is striden the credit worthiness of security domain at safe intra domain user place and this to this and is striden the credit worthiness of safe intra domain user in this security domain and stride the renewal of safe intra domain user credit worthiness by the weighting value method that multiplies each other.
Credit worthiness server stores and upgrade the credit worthiness of this safe intra domain user in the described security domain, according to this safe intra domain user in security domain and stride the credit worthiness that historical record that security domain carries out the shared resource visit is revised this safe intra domain user.
Security domain user's credit worthiness is striden in credit worthiness server stores and renewal between described security domain, and each security domain is safeguarded overall credit worthiness value in the credit worthiness server between security domain, and described overall confidence level represents the whole confidence level of security domain.
Provide simultaneously a kind of based on credit worthiness assessment stride the security domain access control method, said method comprising the steps of:
Step 1: shared resource access request audit in the security domain;
Step 2: accept to stride security domain shared resource access request, and provide and stride security domain shared resource access services.
Described step 1 may further comprise the steps:
Step 1-1: user X provides user ID, user cipher and need stride security domain accessed resources information among the security domain A, and security domain shared resource accessing request information is striden in the security domain access proxies transmission of striding in the intrinsic safety universe;
Step 1-2: the security domain access proxies of striding among the security domain A sends the security domain shared resource accessing request information of striding that user X sends among the security domain A delegated strategy server;
Step 1-3: the delegated strategy server among the security domain A is striden the judgement of making a strategic decision of security domain shared resource access request according to user X's;
Step 1-4: the security domain access proxies of striding among the security domain A notifies user X to stride security domain shared resource access request results, if pass through, then execution in step 2.
Described step 1-3 may further comprise the steps:
Step 1-3-1: the delegated strategy server among the security domain A is according to the credit worthiness record of user X in the credit worthiness server in the security domain of striding among the security domain shared resource accessing request information query safe territory A;
Step 1-3-2: the delegated strategy server among the security domain A judges whether the credit worthiness of user X is higher than the default shared resource secure access threshold value of secure access strategy among the security domain A, if then determine the role of user X according to the credit worthiness of user X, and issue user certificate; If do not satisfy, then refusing user's X's strides security domain shared resource access request;
Step 1-3-3: the delegated strategy server among the security domain A returns result of determination to striding the security domain access proxies among the security domain A.
Described step 2 may further comprise the steps:
Step 2-1: the security domain access request of striding of user X sends security domain B to by network channel among the security domain A;
Step 2-2: among the security domain B stride that the security domain access proxies receives user X stride security domain shared resource accessing request information, and will stride security domain shared resource accessing request information and send delegated strategy server among the security domain B to;
Step 2-3: the delegated strategy server among the security domain B is to striding the judgement of making a strategic decision of security domain shared resource accessing request information;
Step 2-4: the delegated strategy server among the security domain B returns result of determination to striding the security domain access proxies among the security domain B;
Step 2-5: stride that user Y provides the service of striding security domain shared resource access request to the user X among the security domain A among the security domain access proxies notice security domain B among the security domain B, service finishes back user X and user Y both sides comment mutually;
Step 2-6: the evaluation result of the user Y of user X is submitted to credit worthiness server in the security domain among the security domain B, this credit worthiness server carries out the renewal of user Y credit worthiness according to the credit worthiness of the user Y that records in the credit worthiness server among the evaluation result of the user Y of user X and the security domain B by weighting phase multiplication;
Step 2-7: the evaluation result of the user X of user Y sends back credit worthiness server in the security domain among the security domain A, this credit worthiness server carries out the renewal of user Y credit worthiness according to the credit worthiness of the user X that records in the credit worthiness server among the evaluation result of the user X of user Y and the security domain A by weighting phase multiplication.
Described step 2-3 may further comprise the steps:
Step 2-3-1: the user certificate of delegated strategy server lookup certificate mapping table among security domain B checking user X, if can't obtain the certificate mapping relations by inquiry certificate mapping table, then refusing user's X's strides security domain shared resource access request;
Step 2-3-2: after the user certificate of user X passes through checking, the credit worthiness of user X in security domain A that the delegated strategy server lookup among the security domain B is independently recorded in the credit worthiness server between security domain;
Step 2-3-3: the delegated strategy server among the security domain B according to user X in security domain A credit worthiness and security domain A in the credit worthiness of the user X that records in the credit worthiness server, calculate the final credit worthiness of user X in security domain B by weighting phase multiplication;
Step 2-3-4: the delegated strategy server carries out roles evaluates according to the final credit worthiness of user X in security domain B among the security domain B:
A) if the final credit worthiness of user X in security domain B is lower than the default shared resource secure access threshold value of secure access strategy among the security domain B, the delegated strategy server refusing user's X among the security domain B strides security domain shared resource access request;
B) if finally enjoy a good reputation in security domain B in the secure access strategy default shared resource secure access threshold value of user X in security domain B, and satisfy user X finally enjoying a good reputation in the default complete access thresholds of shared resource of secure access strategy in security domain B, then the delegated strategy server among the security domain B allows user X to stride security domain visit shared resource according to the role of former first to file; If do not satisfy, with giving user X the role in security domain B again, carry out the shared resource secure access.
Compared with prior art, beneficial effect of the present invention is:
(1) when the user proposes to stride security domain shared resource access request, investigate this user's credit worthiness, can prevent that the lower user of credit worthiness from striding security domain and visiting shared resource in other security domains, thereby influence the whole credit worthiness of whole security domain;
(2) determine its access role according to user's credit worthiness, give its corresponding access rights, can realize the secure access to shared resource effectively;
(3) provide the security domain of resource-sharing service to receive when striding security domain shared resource access request, can be according to reappraise user's access role of the credit worthiness of request security domain and request user's credit worthiness, make the role according to assessment result and adjust, thereby guarantee that the user obtains suitable shared resource access rights;
(4) after striding the end of security domain visit shared resource, service requester and ISP estimate mutually, utilize evaluation result in time to adjust user's credit worthiness, can guarantee the accuracy of user's credit worthiness, can provide access control more accurately according to this credit worthiness.
Description of drawings
Fig. 1 strides security domain access control system structure chart based on credit worthiness assessment in the embodiment of the invention;
Fig. 2 is based on the interior shared resource access request auditing flow figure of security domain in the security domain access control method that strides of credit worthiness assessment;
Fig. 3 is based on striding of credit worthiness assessment and strides security domain in the security domain access control method shared resource browsing process figure is provided.
Embodiment
Below in conjunction with accompanying drawing the present invention is described in further detail.
User P belongs to security domain A, and user Q belongs to security domain B, and user P need copy the shared document W that user Q provides.
Its specific embodiment is:
Shared resource access request audit in the security domain:
Step (1): the user P among the security domain A provides its user ID and password to the security domain access proxies of striding in the intrinsic safety universe, sends the request of the shared document W of user Q among the copy security domain B.
Step (2): stride the security domain access proxies and send the access request of user P among the security domain A delegated strategy server.
Step (3): the delegated strategy server among the security domain A is according to the credit worthiness record of user P in the credit worthiness server in the solicited message query safe territory.
Step (4): supposed to have specified in the delegated strategy server the minimum credit worthiness value of initiating shared resource access request user.If the credit worthiness value of user P satisfies the secure access user's of appointment minimum credit worthiness value strategy requirement, for example, security domain A requires to stride the user's of security domain visit credit worthiness must be greater than 0.7, and the credit worthiness of user P is 0.8, then determine the role of user P according to user's credit worthiness, and be presented to user P certificate.
Step (5): if the credit worthiness of user P does not satisfy the secure access user's of appointment minimum credit worthiness value strategy requirement, for example, security domain A requires to stride the user's of security domain visit credit worthiness must be greater than 0.7, and the credit worthiness of user P is 0.6, and that then refuses this user strides the security domain access request.
Step (6): the delegated strategy server will stride the security domain access request by or the decision information of refusal be returned to and stride the security domain access proxies.
Step (7): stride the security domain access proxies and notify user P its visit application result, if application is passed through, then enter and stride the security domain dial-tone stage.
Security domain shared resource access request is striden in acceptance, and provides and stride security domain shared resource access services:
Step (1): the straight-forward network passage of security domain access request by safety of striding of the user P among the security domain A sends targeted security territory B to.
Step (2): stride the visit application that the security domain access proxies receives user P among the security domain B, and with its relevant user information, send delegated strategy server in this territory to as the credit worthiness of user P in security domain A etc.
Step (3): the certificate of the delegated strategy server lookup certificate mapping table checking user P among the security domain B, if can't obtain the certificate mapping relations, then this visit application of refusing user's P.
Step (4): if the credit worthiness of the security domain A at the user P place that user P by certification authentication, records in the credit worthiness server between delegated strategy server lookup security domain.
Step (5): the delegated strategy server is weighted its final credit worthiness of calculating that multiplies each other according to credit worthiness and the credit worthiness of user P in this security domain of the security domain A at user P place.For example, a kind of method is to get the equal product of both weights to be its final credit worthiness.If the credit worthiness of the security domain A at P place, family is 0.8, the credit worthiness of user P in this security domain is 0.9, and then its final credit worthiness is 0.72.
Step (6): if the final credit worthiness 0.72 of user P is lower than the predefined secure access threshold value 0.8 of security domain B, the visit application of delegated strategy server refusing user's P.
Step (7): the delegated strategy server carries out roles evaluates according to the final credit worthiness value of user P, if the final credit worthiness value of user P satisfies the Role Policies of security domain B, then allows user P to carry out the shared resource visit according to original role; Otherwise give its role in security domain B again, and carry out the shared resource visit with new role.
Step (8): the delegated strategy server is returned to the result of decision and strides the security domain access proxies.
Step (9): stride the shared document W that the user Q among the security domain access proxies notice security domain B provides it to have.
Step (10): behind the user P copy shared document W among the security domain A, both sides estimate marking.
Step (11): the evaluation result of the ISP Q among the security domain B of user P is submitted to credit worthiness server in the security domain among the security domain B, and this credit worthiness server carries out the renewal of credit worthiness according to estimating according to the weighting algorithm of averaging.Credit worthiness as original ISP Q is 0.9, and it is 0.8 that current user P estimates marking to it, waits then that the credit worthiness of ISP Q is updated to 0.85 behind the weight average.
Step (12): the evaluation result of the user P of ISP Q among the security domain B is submitted to credit worthiness server in the security domain among the security domain A, and this credit worthiness server carries out the renewal of credit worthiness according to estimating according to the weighting algorithm of averaging.Credit worthiness as original user P is 0.7, and its evaluation marking of current ISP Q is 0.9, and then the credit worthiness of user P is updated to 0.8 behind the weight average such as employing.
Claims (13)
- One kind based on credit worthiness assessment stride the security domain access control system, it is characterized in that: described system comprises strides in security domain access proxies, delegated strategy server, the security domain credit worthiness server between credit worthiness server and security domain; The described security domain access proxies of striding receives and to stride security domain shared resource accessing request information, and the described security domain shared resource accessing request information of striding sent to the judgement of making a strategic decision of described delegated strategy server, in the described security domain between credit worthiness server and security domain the credit worthiness server respectively safe intra domain user credit worthiness is stored with different security domain user credit worthinesses and upgrades.
- According to claim 1 based on credit worthiness assessment stride the security domain access control system, it is characterized in that: described stride that the security domain access proxies receives from the safety intra domain user and stride the security domain shared resource accessing request information of striding that safe intra domain user sends and comprise user ID, user cipher and need stride security domain accessed resources information.
- 3. according to claim 1ly stride the security domain access control system based on credit worthiness assessment, it is characterized in that: the described security domain access proxies of striding receives from what the safety intra domain user sent and strides security domain shared resource accessing request information, to stride security domain shared resource accessing request information and send to the delegated strategy server, the delegated strategy server is inquired about this user's credit worthiness value of credit worthiness server stores in the described security domain according to striding security domain shared resource accessing request information, and according to the secure access strategy of the setting judgement of making a strategic decision.
- According to claim 3 based on credit worthiness assessment stride the security domain access control system, it is characterized in that: after adopting online mode or adopting off-line editing access rule file the secure access strategy is imported the delegated strategy server mode and set the secure access strategy.
- 5. according to claim 1ly stride the security domain access control system based on credit worthiness assessment, it is characterized in that: the described security domain access proxies of striding receives from what stride that safe intra domain user sends and strides security domain shared resource accessing request information, to stride security domain shared resource accessing request information and send to the delegated strategy server, the delegated strategy server is striden the credit worthiness renewal of safe intra domain user in this security domain according to this credit worthiness of striding safe intra domain user place security domain with this and is striden safe intra domain user credit worthiness, carries out roles evaluates and provides or refuse to stride security domain shared resource access services according to assessment result.
- According to claim 5 based on credit worthiness assessment stride the security domain access control system, it is characterized in that: the delegated strategy server is striden the credit worthiness of security domain at safe intra domain user place and this to this and is striden the credit worthiness of safe intra domain user in this security domain and stride the renewal of safe intra domain user credit worthiness by the weighting value method that multiplies each other.
- 7. according to claim 1ly stride the security domain access control system based on credit worthiness assessment, it is characterized in that: credit worthiness server stores and upgrade the credit worthiness of this safe intra domain user in the described security domain, according to this safe intra domain user in security domain and stride the credit worthiness that historical record that security domain carries out the shared resource visit is revised this safe intra domain user.
- 8. according to claim 1ly stride the security domain access control system based on credit worthiness assessment, it is characterized in that: security domain user's credit worthiness is striden in credit worthiness server stores and renewal between described security domain, each security domain is safeguarded overall credit worthiness value in the credit worthiness server between security domain, described overall confidence level represents the whole confidence level of security domain.
- One kind based on credit worthiness assessment stride the security domain access control method, it is characterized in that: said method comprising the steps of:Step 1: shared resource access request audit in the security domain;Step 2: accept to stride security domain shared resource access request, and provide and stride security domain shared resource access services.
- According to claim 9 based on credit worthiness assessment stride the security domain access control method, it is characterized in that: described step 1 may further comprise the steps:Step 1-1: user X provides user ID, user cipher and need stride security domain accessed resources information among the security domain A, and security domain shared resource accessing request information is striden in the security domain access proxies transmission of striding in the intrinsic safety universe;Step 1-2: the security domain access proxies of striding among the security domain A sends the security domain shared resource accessing request information of striding that user X sends among the security domain A delegated strategy server;Step 1-3: the delegated strategy server among the security domain A is striden the judgement of making a strategic decision of security domain shared resource access request according to user X's;Step 1-4: the security domain access proxies of striding among the security domain A notifies user X to stride security domain shared resource access request results, if pass through, then execution in step 2.
- 11. according to claim 10 based on credit worthiness assessment stride the security domain access control method, it is characterized in that: described step 1-3 may further comprise the steps:Step 1-3-1: the delegated strategy server among the security domain A is according to the credit worthiness record of user X in the credit worthiness server in the security domain of striding among the security domain shared resource accessing request information query safe territory A;Step 1-3-2: the delegated strategy server among the security domain A judges whether the credit worthiness of user X is higher than the default shared resource secure access threshold value of secure access strategy among the security domain A, if then determine the role of user X according to the credit worthiness of user X, and issue user certificate; If do not satisfy, then refusing user's X's strides security domain shared resource access request;Step 1-3-3: the delegated strategy server among the security domain A returns result of determination to striding the security domain access proxies among the security domain A.
- 12. according to claim 9 based on credit worthiness assessment stride the security domain access control method, it is characterized in that: described step 2 may further comprise the steps:Step 2-1: the security domain access request of striding of user X sends security domain B to by network channel among the security domain A;Step 2-2: among the security domain B stride that the security domain access proxies receives user X stride security domain shared resource accessing request information, and will stride security domain shared resource accessing request information and send delegated strategy server among the security domain B to;Step 2-3: the delegated strategy server among the security domain B is to striding the judgement of making a strategic decision of security domain shared resource accessing request information;Step 2-4: the delegated strategy server among the security domain B returns result of determination to striding the security domain access proxies among the security domain B;Step 2-5: stride that user Y provides the service of striding security domain shared resource access request to the user X among the security domain A among the security domain access proxies notice security domain B among the security domain B, service finishes back user X and user Y both sides comment mutually;Step 2-6: the evaluation result of the user Y of user X is submitted to credit worthiness server in the security domain among the security domain B, this credit worthiness server carries out the renewal of user Y credit worthiness according to the credit worthiness of the user Y that records in the credit worthiness server among the evaluation result of the user Y of user X and the security domain B by weighting phase multiplication;Step 2-7: the evaluation result of the user X of user Y sends back credit worthiness server in the security domain among the security domain A, this credit worthiness server carries out the renewal of user Y credit worthiness according to the credit worthiness of the user X that records in the credit worthiness server among the evaluation result of the user X of user Y and the security domain A by weighting phase multiplication.
- 13. according to claim 12 based on credit worthiness assessment stride the security domain access control method, it is characterized in that: described step 2-3 may further comprise the steps:Step 2-3-1: the user certificate of delegated strategy server lookup certificate mapping table among security domain B checking user X, if can't obtain the certificate mapping relations by inquiry certificate mapping table, then refusing user's X's strides security domain shared resource access request;Step 2-3-2: after the user certificate of user X passes through checking, the credit worthiness of user X in security domain A that the delegated strategy server lookup among the security domain B is independently recorded in the credit worthiness server between security domain;Step 2-3-3: the delegated strategy server among the security domain B according to user X in security domain A credit worthiness and security domain A in the credit worthiness of the user X that records in the credit worthiness server, calculate the final credit worthiness of user X in security domain B by weighting phase multiplication;Step 2-3-4: the delegated strategy server carries out roles evaluates according to the final credit worthiness of user X in security domain B among the security domain B:A) if the final credit worthiness of user X in security domain B is lower than the default shared resource secure access threshold value of secure access strategy among the security domain B, the delegated strategy server refusing user's X among the security domain B strides security domain shared resource access request;B) if finally enjoy a good reputation in security domain B in the secure access strategy default shared resource secure access threshold value of user X in security domain B, and satisfy user X finally enjoying a good reputation in the default complete access thresholds of shared resource of secure access strategy in security domain B, then the delegated strategy server among the security domain B allows user X to stride security domain visit shared resource according to the role of former first to file; If do not satisfy, with giving user X the role in security domain B again, carry out the shared resource secure access.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310236492.XA CN103338194B (en) | 2013-03-06 | 2013-06-14 | A kind of based on credit worthiness assessment across security domain access control system and method |
Applications Claiming Priority (4)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310071327 | 2013-03-06 | ||
| CN2013100713273 | 2013-03-06 | ||
| CN201310071327.3 | 2013-03-06 | ||
| CN201310236492.XA CN103338194B (en) | 2013-03-06 | 2013-06-14 | A kind of based on credit worthiness assessment across security domain access control system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103338194A true CN103338194A (en) | 2013-10-02 |
| CN103338194B CN103338194B (en) | 2016-04-20 |
Family
ID=49246291
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310236492.XA Active CN103338194B (en) | 2013-03-06 | 2013-06-14 | A kind of based on credit worthiness assessment across security domain access control system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103338194B (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104780159A (en) * | 2015-03-23 | 2015-07-15 | 中国科学院信息工程研究所 | Access control method based on dynamic trust thresholds |
| CN104871509A (en) * | 2012-10-23 | 2015-08-26 | 诺基亚技术有限公司 | Method and apparatus for managing access rights |
| CN105282160A (en) * | 2015-10-23 | 2016-01-27 | 绵阳师范学院 | Credibility-based dynamic access control method |
| CN105610780A (en) * | 2015-10-22 | 2016-05-25 | 东北师范大学 | Interoperation platform among clouds used for education mechanism and method thereof |
| CN106302334A (en) * | 2015-05-22 | 2017-01-04 | 中兴通讯股份有限公司 | Access role acquisition methods, Apparatus and system |
| CN108259363A (en) * | 2016-12-29 | 2018-07-06 | 中国移动通信集团公司 | A kind of method and device of staged service traffics control |
| CN110086779A (en) * | 2019-03-26 | 2019-08-02 | 中国人民武装警察部队工程大学 | A kind of communication security method of discrimination of multi-area optical network crosstalk attack |
| CN111181979A (en) * | 2019-12-31 | 2020-05-19 | 奇安信科技集团股份有限公司 | Access control method, device, computer equipment and computer readable storage medium |
| CN115189906A (en) * | 2022-05-24 | 2022-10-14 | 湖南师范大学 | Multi-domain safety management method of network management system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1805336A (en) * | 2005-01-12 | 2006-07-19 | 北京航空航天大学 | Single entering method and system facing ASP mode |
| US20060168022A1 (en) * | 2004-12-09 | 2006-07-27 | Microsoft Corporation | Method and system for processing a communication based on trust that the communication is not unwanted as assigned by a sending domain |
| CN101453476A (en) * | 2009-01-06 | 2009-06-10 | 中国人民解放军信息工程大学 | Cross domain authentication method and system |
-
2013
- 2013-06-14 CN CN201310236492.XA patent/CN103338194B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060168022A1 (en) * | 2004-12-09 | 2006-07-27 | Microsoft Corporation | Method and system for processing a communication based on trust that the communication is not unwanted as assigned by a sending domain |
| CN1805336A (en) * | 2005-01-12 | 2006-07-19 | 北京航空航天大学 | Single entering method and system facing ASP mode |
| CN101453476A (en) * | 2009-01-06 | 2009-06-10 | 中国人民解放军信息工程大学 | Cross domain authentication method and system |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104871509A (en) * | 2012-10-23 | 2015-08-26 | 诺基亚技术有限公司 | Method and apparatus for managing access rights |
| CN104780159A (en) * | 2015-03-23 | 2015-07-15 | 中国科学院信息工程研究所 | Access control method based on dynamic trust thresholds |
| CN106302334B (en) * | 2015-05-22 | 2020-06-12 | 中兴通讯股份有限公司 | Access role obtaining method, device and system |
| CN106302334A (en) * | 2015-05-22 | 2017-01-04 | 中兴通讯股份有限公司 | Access role acquisition methods, Apparatus and system |
| CN105610780A (en) * | 2015-10-22 | 2016-05-25 | 东北师范大学 | Interoperation platform among clouds used for education mechanism and method thereof |
| CN105610780B (en) * | 2015-10-22 | 2018-12-11 | 东北师范大学 | Interoperable platform and method between a kind of Yun Yuyun for educational institution |
| CN105282160A (en) * | 2015-10-23 | 2016-01-27 | 绵阳师范学院 | Credibility-based dynamic access control method |
| CN105282160B (en) * | 2015-10-23 | 2018-09-25 | 绵阳师范学院 | Dynamic accesses control method based on prestige |
| CN108259363B (en) * | 2016-12-29 | 2021-08-27 | 中国移动通信集团公司 | Method and device for controlling stepped service flow |
| CN108259363A (en) * | 2016-12-29 | 2018-07-06 | 中国移动通信集团公司 | A kind of method and device of staged service traffics control |
| CN110086779A (en) * | 2019-03-26 | 2019-08-02 | 中国人民武装警察部队工程大学 | A kind of communication security method of discrimination of multi-area optical network crosstalk attack |
| CN110086779B (en) * | 2019-03-26 | 2021-05-04 | 中国人民武装警察部队工程大学 | Communication safety discrimination method for multi-domain optical network crosstalk attack |
| CN111181979A (en) * | 2019-12-31 | 2020-05-19 | 奇安信科技集团股份有限公司 | Access control method, device, computer equipment and computer readable storage medium |
| CN111181979B (en) * | 2019-12-31 | 2022-06-07 | 奇安信科技集团股份有限公司 | Access control method, device, computer equipment and computer readable storage medium |
| CN115189906A (en) * | 2022-05-24 | 2022-10-14 | 湖南师范大学 | Multi-domain safety management method of network management system |
| CN115189906B (en) * | 2022-05-24 | 2023-07-07 | 湖南师范大学 | Multi-domain security management method for network management system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103338194B (en) | 2016-04-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103338194A (en) | Credibility based cross- security domain access control system and method | |
| Li et al. | Blockchain-based trust management in cloud computing systems: a taxonomy, review and future directions | |
| Zhang et al. | A survey on access control in fog computing | |
| Sookhak et al. | Security and privacy of smart cities: a survey, research issues and challenges | |
| Awan et al. | Holitrust-a holistic cross-domain trust management mechanism for service-centric Internet of Things | |
| Gessner et al. | Trustworthy infrastructure services for a secure and privacy-respecting internet of things | |
| Triantafyllou et al. | The challenges of privacy and access control as key perspectives for the future electric smart grid | |
| Yan et al. | Controlling cloud data access based on reputation | |
| CN105282160A (en) | Credibility-based dynamic access control method | |
| Nogoorani et al. | TIRIAC: A trust-driven risk-aware access control framework for Grid environments | |
| Wu et al. | Cross-domain fine-grained data usage control service for industrial wireless sensor networks | |
| Yahaya et al. | A secure and efficient energy trading model using blockchain for a 5G-deployed smart community | |
| Li et al. | A survey of extended role-based access control in cloud computing | |
| Pal et al. | Towards a secure access control architecture for the Internet of Things | |
| Wu et al. | A fine-grained cross-domain access control mechanism for social internet of things | |
| Jaithunbi et al. | Trust evaluation of public cloud service providers using genetic algorithm with intelligent rules | |
| Li et al. | Evolutionary trust scheme of certificate game in mobile cloud computing | |
| Wijesekara | A Literature Review on Access Control in Networking Employing Blockchain | |
| Liu et al. | Digital rights management and access control in multimedia social networks | |
| Demchenko et al. | Access control infrastructure for on-demand provisioned virtualised infrastructure services | |
| Sun et al. | A blockchain-based access control protocol for secure resource sharing with mobile edge-cloud collaboration | |
| Benjamin Franklin et al. | Machine learning-based trust management in cloud using blockchain technology | |
| Zhu et al. | MicrothingsChain: Blockchain-based controlled data sharing platform in multi-domain IoT | |
| Feng et al. | A trust management model based on bi-evaluation in p2p networks | |
| Manimegalai et al. | Performance analysis of smart meters for enabling a new era for power and utilities with securing data transmission and distribution using end-to-end encryption (E2EE) in smart grid |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| ASS | Succession or assignment of patent right |
Owner name: CHINA ELECTRIC POWER RESEARCH INSTITUTE YINCHUAN P Free format text: FORMER OWNER: STATE GRID CORPORATION OF CHINA Effective date: 20140208 Owner name: STATE GRID CORPORATION OF CHINA Free format text: FORMER OWNER: CHINA ELECTRIC POWER RESEARCH INSTITUTE Effective date: 20140208 |
|
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 100192 HAIDIAN, BEIJING TO: 100031 XICHENG, BEIJING |
|
| TA01 | Transfer of patent application right |
Effective date of registration: 20140208 Address after: 100031 Xicheng District West Chang'an Avenue, No. 86, Beijing Applicant after: State Grid Corporation of China Applicant after: China Electric Power Research Institute Applicant after: Yinchuan Power Supply Company, State Grid Ningxia Electric Power Co., Ltd. Address before: 100192 Beijing city Haidian District Qinghe small Camp Road No. 15 Applicant before: China Electric Power Research Institute Applicant before: State Grid Corporation of China |
|
| TA01 | Transfer of patent application right | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |