CN103338194B - A kind of based on credit worthiness assessment across security domain access control system and method - Google Patents
A kind of based on credit worthiness assessment across security domain access control system and method Download PDFInfo
- Publication number
- CN103338194B CN103338194B CN201310236492.XA CN201310236492A CN103338194B CN 103338194 B CN103338194 B CN 103338194B CN 201310236492 A CN201310236492 A CN 201310236492A CN 103338194 B CN103338194 B CN 103338194B
- Authority
- CN
- China
- Prior art keywords
- security domain
- user
- credit worthiness
- access
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 22
- 238000011156 evaluation Methods 0.000 claims description 12
- 238000013507 mapping Methods 0.000 claims description 8
- 238000012795 verification Methods 0.000 claims description 3
- 238000012935 Averaging Methods 0.000 description 2
- 238000010276 construction Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 208000027418 Wounds and injury Diseases 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 239000012141 concentrate Substances 0.000 description 1
- 238000011217 control strategy Methods 0.000 description 1
- 230000006378 damage Effects 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 208000014674 injury Diseases 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000005192 partition Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
Abstract
The invention provides a kind of based on credit worthiness assessment across security domain access control system and method, system comprises across credit worthiness server between credit worthiness server and security domain in security domain access proxies, delegated strategy server, security domain; Receive across security domain shared resource accessing request information across security domain access proxies, and delegated strategy server will be sent to carry out decision-making judgement across security domain shared resource accessing request information, in security domain, between credit worthiness server and security domain, credit worthiness server stores safe intra domain user credit worthiness and different security domain user credit worthiness and upgrades respectively.The present invention make the role of user along with in reciprocal process credit worthiness change and automatically make corresponding change, thus change its access rights to shared resource, reach the object ensureing and can carry out secure access to the shared resource in different security domain.
Description
Technical field
The invention belongs to field of information security technology, be specifically related to a kind of based on credit worthiness assessment across security domain access control system and method.
Background technology
Efficient public security system construction towards Large Information Systems is an extremely complicated job, is individually have much a challenging difficult problem for large organization design complete set and effective security system always.A kind of thinking is the safety problem adopting the strategy of graduation protection to solve information network; namely for Information System configuration and applying unit; according to the significance level of unit, the significance level of information system bearer service, the significance level of the information content and information system suffer to attack destroy after the factor such as demand for security and safety cost such as the extent of injury that causes; grading standard according to regulation sets its protection class; independently carry out Information System Security Construction and safety management, thus the science of raising safeguard protection, globality and practicality.
Carrying out hierarchical protection to Large Information Systems, is not protection whole system being carried out to same grade, but carries out the protection of different brackets for the different business region of internal system.Therefore, partition security domain is the basic steps of carrying out information security hierarchical protection.Security domain refers to the Different Logic subnet that the difference of the elements such as the interior character according to information of same system, the main consuming body, Security Target and strategy divides or network; each logic region has identical safeguard protection demand; there is identical safe access control and boundary Control strategy; interregional have mutual trust relation, and same security strategy is shared in identical network security territory.
Carrying out accessing across security domain the primary security risk faced in same information system is trusting relationship problem, namely how to set up across the mutual trusting relationship in security domain access process and determines the authority that shared resource is accessed.Access control model defines main body, object, access how to represent and operate, and which determines ability to express and the flexibility of delegated strategy.Current, the research of the access control in security domain and between security domain mainly concentrates on forced symmetric centralization, self contained navigation and access control based roles.The basic thought of access control based roles is the concept introducing role between user and access rights, user is associated with specific one or multiple role, role weighs with one or more access permission and is associated, and role can generate according to the needs of real work or cancel.
Summary of the invention
In order to overcome above-mentioned the deficiencies in the prior art, the invention provides a kind of based on credit worthiness assessment across security domain access control system and method, make the role of user along with in reciprocal process credit worthiness change and automatically make corresponding change, thus change its access rights to shared resource, reach the object ensureing and can carry out secure access to the shared resource in different security domain.
In order to realize foregoing invention object, the present invention takes following technical scheme:
There is provided a kind of based on credit worthiness assessment across security domain access control system, described system comprises across credit worthiness server between credit worthiness server and security domain in security domain access proxies, delegated strategy server, security domain; Described across security domain access proxies receive across security domain shared resource accessing request information, and sending to described delegated strategy server to carry out decision-making judgement by described across security domain shared resource accessing request information, in described security domain, between credit worthiness server and security domain, credit worthiness server stores safe intra domain user credit worthiness and different security domain user credit worthiness and upgrades respectively.
Described across security domain access proxies receive from safety intra domain user and send across safe intra domain user comprise across security domain shared resource accessing request information the resource information that user ID, user cipher and needs access across security domain.
Described across security domain access proxies receive from safety intra domain user send across security domain shared resource accessing request information, delegated strategy server will be sent to across security domain shared resource accessing request information, delegated strategy server according to this user's prestige angle value of inquiring about credit worthiness server stores in described security domain across security domain shared resource accessing request information, and carries out decision-making judgement according to the secure access strategy of setting.
After adopting online mode or adopting off-line editing access rule file, secure access strategy is imported delegated strategy server mode setting secure access strategy.
Described across security domain access proxies receive from send across safe intra domain user across security domain shared resource accessing request information, delegated strategy server will be sent to across security domain shared resource accessing request information, delegated strategy server, according to across the credit worthiness of safe intra domain user place security domain and should upgrading across safe intra domain user credit worthiness across the credit worthiness of safe intra domain user in this security domain, carries out roles evaluates and provides according to assessment result or refuse across security domain shared resource access services.
Delegated strategy server is to this credit worthiness across the security domain at safe intra domain user place and should carry out across safe intra domain user credit worthiness by weighting multiplied value method across the credit worthiness of safe intra domain user in this security domain renewal.
Credit worthiness server stores in described security domain also upgrades the credit worthiness of this safe intra domain user, according to this safe intra domain user in security domain and revise the credit worthiness of this safe intra domain user across the historical record that security domain carries out shared resource access.
Between described security domain, credit worthiness server stores also upgrades the credit worthiness across security domain user, and each security domain safeguards overall prestige angle value between security domain in credit worthiness server, described overall confidence level represents the overall confidence level of security domain.
There is provided simultaneously a kind of based on credit worthiness assessment across security domain access control method, said method comprising the steps of:
Step 1: shared resource access request examination & verification in security domain;
Step 2: accept across security domain shared resource access request, and provide across security domain shared resource access services.
Described step 1 comprises the following steps:
Step 1-1: in security domain A, user X provides the resource information that user ID, user cipher and needs are accessed across security domain, to sending across security domain shared resource accessing request information across security domain access proxies in intrinsic safety universe;
Step 1-2: the delegated strategy server sent to across security domain shared resource accessing request information in security domain A user X sent across security domain access proxies in security domain A;
Step 1-3: the delegated strategy server in security domain A carries out decision-making judgement according to user X's across security domain shared resource access request;
Step 1-4: notify that user X is across security domain shared resource access request results across security domain access proxies in security domain A, if pass through, then performs step 2.
Described step 1-3 comprises the following steps:
Step 1-3-1: the delegated strategy server in security domain A is according to the credit worthiness record across user X in credit worthiness server in the security domain in security domain shared resource accessing request information query safe territory A;
Step 1-3-2: the delegated strategy server in security domain A judges the shared resource secure access the threshold value whether credit worthiness of user X is preset higher than secure access strategy in security domain A, if then determine the role of user X according to the credit worthiness of user X, and issue user certificate; If do not meet, then refuse user X across security domain shared resource access request;
Step 1-3-3: the delegated strategy server in security domain A result of determination is returned in security domain A across security domain access proxies.
Described step 2 comprises the following steps:
Step 2-1: in security domain A, user X's sends security domain B across security domain access request to by network channel;
Step 2-2: in security domain B across security domain access proxies receive user X across security domain shared resource accessing request information, and the delegated strategy server that will send to across security domain shared resource accessing request information in security domain B;
Step 2-3: the delegated strategy server in security domain B carries out decision-making judgement to across security domain shared resource accessing request information;
Step 2-4: the delegated strategy server in security domain B result of determination is returned in security domain B across security domain access proxies;
Step 2-5: provide service across security domain shared resource access request to the user X in security domain A across user Y in security domain access proxies notice security domain B in security domain B, service terminates rear user X and user Y both sides comment mutually;
Step 2-6: the user X evaluation result to user Y submits to credit worthiness server in the security domain in security domain B, this credit worthiness server, according to the credit worthiness of user X to the user Y recorded in credit worthiness server in the evaluation result of user Y and security domain B, carries out the renewal of user Y credit worthiness by weighting phase multiplication;
Step 2-7: the user Y evaluation result to user X sends back credit worthiness server in the security domain in security domain A, this credit worthiness server, according to the credit worthiness of user Y to the user X recorded in credit worthiness server in the evaluation result of user X and security domain A, carries out the renewal of user Y credit worthiness by weighting phase multiplication.
Described step 2-3 comprises the following steps:
Step 2-3-1: the user certificate of the delegated strategy server lookup certificate mapping table authentication of users X in security domain B, if certificate mapping relations cannot be obtained by inquiry certificate mapping table, then refuse user X across security domain shared resource access request;
The user certificate of step 2-3-2: user X by after checking, the credit worthiness of user X in security domain A that the delegated strategy server lookup in security domain B is independently recorded in credit worthiness server between security domain;
Step 2-3-3: the delegated strategy server in security domain B, according to the credit worthiness of the user X recorded in credit worthiness server in the credit worthiness of user X in security domain A and security domain A, calculates the final credit worthiness of user X in security domain B by weighting phase multiplication;
Step 2-3-4: in security domain B, delegated strategy server carries out roles evaluates according to the final credit worthiness of user X in security domain B:
A) if the shared resource secure access threshold value preset lower than secure access strategy in security domain B of the final credit worthiness of user X in security domain B, the delegated strategy server refusal user X in security domain B across security domain shared resource access request;
B) if finally the enjoy a good reputation shared resource secure access threshold value that in security domain B in secure access strategy preset of user X in security domain B, and meeting finally the enjoy a good reputation shared resource complete access thresholds in secure access strategy preset of user X in security domain B, then the delegated strategy server in security domain B allows user X to access shared resource according to the role of original application across security domain; If do not meet, by again giving the role of user X in security domain B, carry out shared resource secure access.
Compared with prior art, beneficial effect of the present invention is:
(1) when user proposes across security domain shared resource access request, investigate the credit worthiness of this user, can prevent the lower user of credit worthiness from accessing shared resource in other security domains across security domain, thus affect the overall credit worthiness of whole security domain;
(2) determine its access role according to the credit worthiness of user, give its corresponding access rights, effectively can realize the secure access to shared resource;
(3) when providing the security domain of resource sharing service to receive across security domain shared resource access request, to reappraise the access role of user according to the credit worthiness of the credit worthiness of request security domain and request user, make role's adjustment according to assessment result, thus guarantee that user obtains suitable shared resource access rights;
(4) after terminating across security domain access shared resource, service requester and ISP evaluate mutually, Utilization assessment result adjusts the credit worthiness of user in time, can guarantee the accuracy of user's credit worthiness, can provide access control more accurately according to this credit worthiness.
Accompanying drawing explanation
Fig. 1 be in the embodiment of the present invention based on credit worthiness assessment across security domain access control system structure chart;
Fig. 2 be based on credit worthiness assessment across shared resource access request auditing flow figure in security domain in security domain access control method;
Fig. 3 be based on credit worthiness assessment provide shared resource browsing process figure across in security domain access control method across security domain.
Embodiment
Below in conjunction with accompanying drawing, the present invention is described in further detail.
User P belongs to security domain A, and user Q belongs to security domain B, the shared document W that user P needs copy user Q to provide.
Its specific embodiment is:
Shared resource access request examination & verification in security domain:
Step (1): the user P in security domain A, to providing its user ID and password across security domain access proxies in intrinsic safety universe, sends the request of the shared document W of user Q in copy security domain B.
Step (2): across security domain access proxies the access request of user P sent to the delegated strategy server in security domain A.
Step (3): the delegated strategy server in security domain A is according to the credit worthiness record of user P in credit worthiness server in solicited message query safe territory.
Step (4): suppose to have specified the minimum prestige angle value initiating shared resource access request user in delegated strategy server.If the prestige angle value of user P meets the minimum prestige angle value policy mandates of the secure access user specified, such as, security domain A requires that the credit worthiness of the user across security domain access must be greater than 0.7, and the credit worthiness of user P is 0.8, then determine the role of user P according to the credit worthiness of user, and be presented to user P certificate.
Step (5): if the credit worthiness of user P does not meet the minimum prestige angle value policy mandates of the secure access user specified, such as, security domain A requires that the credit worthiness of the user across security domain access must be greater than 0.7, and the credit worthiness of user P is 0.6, then refuse this user across security domain access request.
Step (6): delegated strategy server by across security domain access request by or refusal decision information be returned to across security domain access proxies.
Step (7): notify its access application result of user P across security domain access proxies, if application is passed through, then enter across security domain dial-tone stage.
Accept across security domain shared resource access request, and provide across security domain shared resource access services:
Step (1): the user P in security domain A sends targeted security territory B across security domain access request to by the straight-forward network passage of safety.
Step (2): the access application receiving user P across security domain access proxies in security domain B, and by its relevant user information, send the delegated strategy server in this territory to as the credit worthiness etc. of user P in security domain A.
Step (3): the certificate of the delegated strategy server lookup certificate mapping table authentication of users P in security domain B, if cannot obtain certificate mapping relations, then refuses this access application of user P.
Step (4): if user P is by certification authentication, the credit worthiness of the security domain A at the user P place of recording in credit worthiness server between delegated strategy server lookup security domain.
Step (5): delegated strategy server is weighted to be multiplied according to the credit worthiness of the security domain A at user P place and the credit worthiness of user P in this security domain and calculates its final credit worthiness.Such as, a kind of method is the product getting both weights equal is its final credit worthiness.If the credit worthiness of the security domain A at P place, family is 0.8, the credit worthiness of user P in this security domain is 0.9, then its final credit worthiness is 0.72.
Step (6): if the secure access threshold value 0.8 that the final credit worthiness 0.72 of user P presets lower than security domain B, the access application of delegated strategy server refusal user P.
Step (7): delegated strategy server carries out roles evaluates according to the final prestige angle value of user P, if the final prestige angle value of user P meets the Role Policies of security domain B, then allows user P to carry out shared resource access according to original role; Otherwise again give its role in security domain B, and carry out shared resource access with new role.
Step (8): the result of decision is returned to across security domain access proxies by delegated strategy server.
Step (9): the shared document W providing it to have across the user Q in security domain access proxies notice security domain B.
Step (10): after the user P in security domain A copies shared document W, both sides carry out evaluation marking.
Step (11): the evaluation result of user P to the ISP Q in security domain B submits to credit worthiness server in the security domain in security domain B, this credit worthiness server carries out the renewal of credit worthiness according to evaluating according to weighting algorithm of averaging.Credit worthiness as original ISP Q is 0.9, and it is 0.8 that current user P evaluates marking to it, then after waiting weight average, the credit worthiness of ISP Q is updated to 0.85.
Step (12): the evaluation result of ISP Q to user P in security domain B submits to credit worthiness server in the security domain in security domain A, this credit worthiness server carries out the renewal of credit worthiness according to evaluating according to weighting algorithm of averaging.Credit worthiness as original user P is 0.7, and its evaluation marking of current ISP Q is 0.9, then after employing waits weight average, the credit worthiness of user P is updated to 0.8.
Claims (12)
1. based on credit worthiness assessment across a security domain access control system, it is characterized in that: described system comprises across credit worthiness server between credit worthiness server and security domain in security domain access proxies, delegated strategy server, security domain; Described across security domain access proxies receive across security domain shared resource accessing request information, and sending to described delegated strategy server to carry out decision-making judgement by described across security domain shared resource accessing request information, in described security domain, between credit worthiness server and security domain, credit worthiness server stores safe intra domain user credit worthiness and different security domain user credit worthiness and upgrades respectively;
Described across security domain access proxies receive from safety intra domain user send across security domain shared resource accessing request information, delegated strategy server will be sent to across security domain shared resource accessing request information, delegated strategy server according to this user's prestige angle value of inquiring about credit worthiness server stores in described security domain across security domain shared resource accessing request information, and carries out decision-making judgement according to the secure access strategy of setting.
2. according to claim 1 based on credit worthiness assessment across security domain access control system, it is characterized in that: described across security domain access proxies receive from safety intra domain user and send across safe intra domain user comprise across security domain shared resource accessing request information the resource information that user ID, user cipher and needs access across security domain.
3. according to claim 1 based on credit worthiness assessment across security domain access control system, it is characterized in that: after adopting online mode or adopting off-line editing access rule file, secure access strategy is imported delegated strategy server mode setting secure access strategy.
4. according to claim 1 based on credit worthiness assessment across security domain access control system, it is characterized in that: described across security domain access proxies receive from send across safe intra domain user across security domain shared resource accessing request information, delegated strategy server will be sent to across security domain shared resource accessing request information, delegated strategy server is according to across the credit worthiness of safe intra domain user place security domain and should upgrading across safe intra domain user credit worthiness across the credit worthiness of safe intra domain user in this security domain, carry out roles evaluates and provide according to assessment result or refuse across security domain shared resource access services.
5. according to claim 4 based on credit worthiness assessment across security domain access control system, it is characterized in that: delegated strategy server is to this credit worthiness across the security domain at safe intra domain user place and should carry out across safe intra domain user credit worthiness by weighting multiplied value method across the credit worthiness of safe intra domain user in this security domain renewal.
6. according to claim 1 based on credit worthiness assessment across security domain access control system, it is characterized in that: credit worthiness server stores in described security domain also upgrades the credit worthiness of this safe intra domain user, according to this safe intra domain user in security domain and revise the credit worthiness of this safe intra domain user across the historical record that security domain carries out shared resource access.
7. according to claim 1 based on credit worthiness assessment across security domain access control system, it is characterized in that: between described security domain, credit worthiness server stores also upgrades the credit worthiness across security domain user, each security domain safeguards overall prestige angle value between security domain in credit worthiness server, described overall credit worthiness represents the overall confidence level of security domain.
8. adopt claim 1-7 arbitrary described based on credit worthiness assessment across security domain access control system carry out based on credit worthiness assessment across a security domain access control method, it is characterized in that: said method comprising the steps of:
Step 1: shared resource access request examination & verification in security domain;
Step 2: accept across security domain shared resource access request, and provide across security domain shared resource access services.
9. according to claim 8 based on credit worthiness assessment across security domain access control method, it is characterized in that: described step 1 comprises the following steps:
Step 1-1: in security domain A, user X provides the resource information that user ID, user cipher and needs are accessed across security domain, to sending across security domain shared resource accessing request information across security domain access proxies in intrinsic safety universe;
Step 1-2: the delegated strategy server sent to across security domain shared resource accessing request information in security domain A user X sent across security domain access proxies in security domain A;
Step 1-3: the delegated strategy server in security domain A carries out decision-making judgement according to user X's across security domain shared resource access request;
Step 1-4: notify that user X is across security domain shared resource access request results across security domain access proxies in security domain A, if pass through, then performs step 2.
10. according to claim 9 based on credit worthiness assessment across security domain access control method, it is characterized in that: described step 1-3 comprises the following steps:
Step 1-3-1: the delegated strategy server in security domain A is according to the credit worthiness record across user X in credit worthiness server in the security domain in security domain shared resource accessing request information query safe territory A;
Step 1-3-2: the delegated strategy server in security domain A judges the shared resource secure access the threshold value whether credit worthiness of user X is preset higher than secure access strategy in security domain A, if then determine the role of user X according to the credit worthiness of user X, and issue user certificate; If do not meet, then refuse user X across security domain shared resource access request;
Step 1-3-3: the delegated strategy server in security domain A result of determination is returned in security domain A across security domain access proxies.
11. according to claim 8 based on credit worthiness assessment across security domain access control method, it is characterized in that: described step 2 comprises the following steps:
Step 2-1: in security domain A, user X's sends security domain B across security domain access request to by network channel;
Step 2-2: in security domain B across security domain access proxies receive user X across security domain shared resource accessing request information, and the delegated strategy server that will send to across security domain shared resource accessing request information in security domain B;
Step 2-3: the delegated strategy server in security domain B carries out decision-making judgement to across security domain shared resource accessing request information;
Step 2-4: the delegated strategy server in security domain B result of determination is returned in security domain B across security domain access proxies;
Step 2-5: provide service across security domain shared resource access request to the user X in security domain A across user Y in security domain access proxies notice security domain B in security domain B, service terminates rear user X and user Y both sides comment mutually;
Step 2-6: the user X evaluation result to user Y submits to credit worthiness server in the security domain in security domain B, this credit worthiness server, according to the credit worthiness of user X to the user Y recorded in credit worthiness server in the evaluation result of user Y and security domain B, carries out the renewal of user Y credit worthiness by weighting phase multiplication;
Step 2-7: the user Y evaluation result to user X sends back credit worthiness server in the security domain in security domain A, this credit worthiness server, according to the credit worthiness of user Y to the user X recorded in credit worthiness server in the evaluation result of user X and security domain A, carries out the renewal of user Y credit worthiness by weighting phase multiplication.
12. according to claim 11 based on credit worthiness assessment across security domain access control method, it is characterized in that: described step 2-3 comprises the following steps:
Step 2-3-1: the user certificate of the delegated strategy server lookup certificate mapping table authentication of users X in security domain B, if certificate mapping relations cannot be obtained by inquiry certificate mapping table, then refuse user X across security domain shared resource access request;
The user certificate of step 2-3-2: user X by after checking, the credit worthiness of user X in security domain A that the delegated strategy server lookup in security domain B is independently recorded in credit worthiness server between security domain;
Step 2-3-3: the delegated strategy server in security domain B, according to the credit worthiness of the user X recorded in credit worthiness server in the credit worthiness of user X in security domain A and security domain A, calculates the final credit worthiness of user X in security domain B by weighting phase multiplication;
Step 2-3-4: in security domain B, delegated strategy server carries out roles evaluates according to the final credit worthiness of user X in security domain B:
A) if the shared resource secure access threshold value preset lower than secure access strategy in security domain B of the final credit worthiness of user X in security domain B, the delegated strategy server refusal user X in security domain B across security domain shared resource access request;
B) if finally the enjoy a good reputation shared resource secure access threshold value that in security domain B in secure access strategy preset of user X in security domain B, and meeting finally the enjoy a good reputation shared resource complete access thresholds in secure access strategy preset of user X in security domain B, then the delegated strategy server in security domain B allows user X to access shared resource according to the role of original application across security domain; If do not meet, by again giving the role of user X in security domain B, carry out shared resource secure access.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310236492.XA CN103338194B (en) | 2013-03-06 | 2013-06-14 | A kind of based on credit worthiness assessment across security domain access control system and method |
Applications Claiming Priority (4)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310071327.3 | 2013-03-06 | ||
| CN201310071327 | 2013-03-06 | ||
| CN2013100713273 | 2013-03-06 | ||
| CN201310236492.XA CN103338194B (en) | 2013-03-06 | 2013-06-14 | A kind of based on credit worthiness assessment across security domain access control system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103338194A CN103338194A (en) | 2013-10-02 |
| CN103338194B true CN103338194B (en) | 2016-04-20 |
Family
ID=49246291
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310236492.XA Active CN103338194B (en) | 2013-03-06 | 2013-06-14 | A kind of based on credit worthiness assessment across security domain access control system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103338194B (en) |
Families Citing this family (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2014064323A1 (en) * | 2012-10-23 | 2014-05-01 | Nokia Corporation | Method and apparatus for managing access rights |
| CN104780159A (en) * | 2015-03-23 | 2015-07-15 | 中国科学院信息工程研究所 | Access control method based on dynamic trust thresholds |
| CN106302334B (en) * | 2015-05-22 | 2020-06-12 | 中兴通讯股份有限公司 | Access role obtaining method, device and system |
| CN105610780B (en) * | 2015-10-22 | 2018-12-11 | 东北师范大学 | Interoperable platform and method between a kind of Yun Yuyun for educational institution |
| CN105282160B (en) * | 2015-10-23 | 2018-09-25 | 绵阳师范学院 | Dynamic accesses control method based on prestige |
| CN108259363B (en) * | 2016-12-29 | 2021-08-27 | 中国移动通信集团公司 | Method and device for controlling stepped service flow |
| CN110086779B (en) * | 2019-03-26 | 2021-05-04 | 中国人民武装警察部队工程大学 | Communication safety discrimination method for multi-domain optical network crosstalk attack |
| CN111181979B (en) * | 2019-12-31 | 2022-06-07 | 奇安信科技集团股份有限公司 | Access control method, device, computer equipment and computer readable storage medium |
| CN115189906B (en) * | 2022-05-24 | 2023-07-07 | 湖南师范大学 | Multi-domain security management method for network management system |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1805336A (en) * | 2005-01-12 | 2006-07-19 | 北京航空航天大学 | Single entering method and system facing ASP mode |
| CN101453476A (en) * | 2009-01-06 | 2009-06-10 | 中国人民解放军信息工程大学 | Cross domain authentication method and system |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7519818B2 (en) * | 2004-12-09 | 2009-04-14 | Microsoft Corporation | Method and system for processing a communication based on trust that the communication is not unwanted as assigned by a sending domain |
-
2013
- 2013-06-14 CN CN201310236492.XA patent/CN103338194B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1805336A (en) * | 2005-01-12 | 2006-07-19 | 北京航空航天大学 | Single entering method and system facing ASP mode |
| CN101453476A (en) * | 2009-01-06 | 2009-06-10 | 中国人民解放军信息工程大学 | Cross domain authentication method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103338194A (en) | 2013-10-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103338194B (en) | A kind of based on credit worthiness assessment across security domain access control system and method | |
| Han et al. | Privacy preservation for V2G networks in smart grid: A survey | |
| CN104935590A (en) | HDFS access control method based on role and user trust value | |
| CN100555940C (en) | A kind of distributed access control method based on risk | |
| CN107465681B (en) | Cloud computing big data privacy protection method | |
| CN107332858B (en) | Cloud data storage method | |
| CN101582769A (en) | Authority setting method of user access network and equipment | |
| Long et al. | Depet: A decentralized privacy-preserving energy trading scheme for vehicular energy network via blockchain and k-anonymity | |
| CN104660578A (en) | System and method for realizing security storage and access control of data | |
| CN104993926B (en) | Hierarchical key management System and method for based on cloud computing in intelligent grid | |
| CN106992988A (en) | A kind of cross-domain anonymous resource sharing platform and its implementation | |
| CN102857488B (en) | Network access control model as well as method and terminal thereof | |
| Nogoorani et al. | TIRIAC: A trust-driven risk-aware access control framework for Grid environments | |
| CN105225072A (en) | A kind of access management method of multi-application system and system | |
| Pal et al. | Towards a secure access control architecture for the Internet of Things | |
| Riad et al. | Multi-factor synthesis decision-making for trust-based access control on cloud | |
| CN106874351A (en) | A kind of authority control method and equipment | |
| Ye et al. | A location privacy protection scheme for convoy driving in autonomous driving era | |
| Kim et al. | Attribute-based access control (ABAC) with decentralized identifier in the Blockchain-based energy transaction platform | |
| Wu et al. | A fine-grained cross-domain access control mechanism for social internet of things | |
| CN106685994A (en) | Cloud GIS (Geographic Information System) resource access control method based on GIS role grade permission | |
| CN103069767B (en) | Consigning authentication method | |
| CN107395609B (en) | Data encryption method | |
| CN116708037B (en) | Cloud platform access right control method and system | |
| Wang et al. | A role-based access control system using attribute-based encryption |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| ASS | Succession or assignment of patent right |
Owner name: CHINA ELECTRIC POWER RESEARCH INSTITUTE YINCHUAN P Free format text: FORMER OWNER: STATE GRID CORPORATION OF CHINA Effective date: 20140208 Owner name: STATE GRID CORPORATION OF CHINA Free format text: FORMER OWNER: CHINA ELECTRIC POWER RESEARCH INSTITUTE Effective date: 20140208 |
|
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 100192 HAIDIAN, BEIJING TO: 100031 XICHENG, BEIJING |
|
| TA01 | Transfer of patent application right |
Effective date of registration: 20140208 Address after: 100031 Xicheng District West Chang'an Avenue, No. 86, Beijing Applicant after: State Grid Corporation of China Applicant after: China Electric Power Research Institute Applicant after: Yinchuan Power Supply Company, State Grid Ningxia Electric Power Co., Ltd. Address before: 100192 Beijing city Haidian District Qinghe small Camp Road No. 15 Applicant before: China Electric Power Research Institute Applicant before: State Grid Corporation of China |
|
| TA01 | Transfer of patent application right | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |