CN103684789B - The identity identifying method based on XML of onboard networks service system application - Google Patents
The identity identifying method based on XML of onboard networks service system application Download PDFInfo
- Publication number
- CN103684789B CN103684789B CN201310688799.3A CN201310688799A CN103684789B CN 103684789 B CN103684789 B CN 103684789B CN 201310688799 A CN201310688799 A CN 201310688799A CN 103684789 B CN103684789 B CN 103684789B
- Authority
- CN
- China
- Prior art keywords
- application
- describe
- authorization
- appcertitem
- appauthitem
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The present invention is directed to the safety problem that the access of avionics data is caused by the application in onboard networks, proposing the identity identifying method based on XML of a kind of onboard networks service system application, the method is set up separate application authorization rule model based on XML and authorizes application management data model;First application proposes certification application to authentication module, if applying the information that described application authorization rule model can be provided to specify and can mating signatureKey and password completely, then this application is by certification;Then the information that authorization module provides further according to this application, calculates signature value, and this signature value is returned to this application;When application accesses avionics data, need first to send the signature value having distributed to this application to authorization module, only confirm that signature value is errorless, this application could be allowed to access avionics data.
Description
Technical field
The present invention relates to the identity identifying method of a kind of onboard networks service system application, be applied to onboard networks service system
In.
Background technology
In aviation field, the safety of avionics data is that the properly functioning of whole aircraft provides guarantee.In traditional aircraft system
In system framework, avionics data are transmitted, thus without by external information in the airborne circumstance closed by dedicated bus
Security threatens, thus ensure that the safety of avionics data.
Along with information technology extensive application in civil avionics system, in order to aircraft utilization person (as aircraft operator,
Pilot, attendant etc.) service more, more convenient is provided, introduce that be made up of different platform, by Ethernet net
The onboard networks service system that network builds, forms the environment of the opening of a vacant lot one.But due to currently without to airborne net
The application software (hereinafter for application) accessing avionics data in network service system provides authentication, therefore when receiving boat
During electricity data access request, it is impossible to confirm the identity of visitor, can cause and illegally apply the access to avionics data, thus be
The avionics system of interior of aircraft brings network information security to threaten, and then impacts its safety, runs for aircraft
Bury unstable factor.
It is therefore desirable to have a kind of intrasystem application of onboard networks for accessing avionics data provides the technology of authentication, for
Avionics data safely provide guarantee.
Summary of the invention
The safety problem caused the access of avionics data for the application in onboard networks, the present invention proposes a kind of onboard networks
The identity identifying method based on XML of service system application, thus in application accesses avionics data procedures, for avionics number
According to and avionics system itself provides safety assurance, meet the application demand that operating system platform is unrelated.
The solution of the present invention is as follows:
The identity identifying method based on XML of onboard networks service system application, including:
Identification authentication data model accessModel is set up based on XML;
Described identification authentication data model is divided into two independent compositions: application authorization rule model appCertModel and awarding
Power application management data model appAuthMgt;Wherein
(I) application authorization rule model appCertModel includes three attributes, by multiple different appCertItem units
Element is constituted, the authentication information of one application of an appCertItem element definition, does not allow to repeat;
Three attributes of appCertModel are respectively as follows:
(1) version: the current version of record appCertModel;
(2) the actual bar number of the constitution element appCertItem of appCertNum: this appCertModel;
(3) appCertModelCRC: the CRC check value of all appCertItem elements, for ensureing the complete of this element
Whole property;
AppCertItem attribute of an element i.e. seqNum: describe the numbering of this application authorization information;
Members element in appCertItem element includes:
(1) appName: describe the title of application;
(2) partNumber: describe the application section piece number comprising application version information;
(3) signatureKey: describe the signature key being pre-assigned to application;
(4) password: describe the password being pre-assigned to application;
(5) platform: describe the operation platform of application;
(II) application management data model appAuthMgt is authorized to include an attribute, by multiple different appAuthItem
Elementary composition, appAuthItem number of elements is less than appCertItem number of elements;This attribute i.e. appAuthItemNum:
The actual bar number of the constitution element appAuthItem of this appAuthMgt;
AppAuthItem attribute of an element i.e. seqNum: describe the numbering of this application authorization information;
Members element in appAuthItem element includes:
(1) appName: describe the title of application;
(2) partNumber: describe the application section piece number comprising application version information;
(3) signature: distribute to the authorization message of application;
(4) platform: describe the operation platform of application;
(5) registerTime: the hour of log-on of record application;
(6) heartBeatTimeoutNum: the monitoring expired times of record application, are initially 0, exceed set point number and just recognize
Registration for this application is invalid;
First application in onboard networks service system proposes certification application to authentication module, if application can provide described application
Information that certification rule model appCertModel specifies and can mate signatureKey and password completely, then should
With passing through certification;Otherwise, directly forbid that this application accesses avionics data;
After this application is by certification, the information that authorization module provides according to this application, calculate described according to CRC algorithm
Authorize the signature value in application management data model appAuthMgt, and this signature value is returned to this application;
When application accesses avionics data, need first to send the signature value having distributed to this application to authorization module, only
Confirm that signature value is errorless, this application could be allowed to access avionics data.
Based on such scheme, the present invention optimizes restriction the most as follows:
Application authorization rule model appCertModel is made up of [0,255] individual different appCertItem element,
AppAuthItem attribute of an element i.e. seqNum: describe the numbering of this application authorization information, span [1,255];
Application management data model appAuthMgt is authorized to be made up of [0,255] individual different appAuthItem element,
AppAuthItem attribute of an element i.e. seqNum: describe the numbering of this application authorization information, span [1,255].
Described CRC check value is 32.
Resident applying the access of avionics data in avionics system in process defines onboard networks service system, thus
Application accesses in avionics data procedures, itself provides safety assurance for avionics data and avionics system.It is embodied in following
Technique effect:
1, safety: by data model being divided into application authorization rule and application empowerment management data model in the design
Deng two independent parts, it is to avoid the coupling of data and operation, it is ensured that the independence of certification and mandate, thus ensure
The access control safety of application.
2, platform-neutral: the present invention uses XML language to describe so that this model inheritance XML language is platform-independent
In the operating system platforms such as feature, may operate in VxWorks, Linux and Windows.
3, integrity: defined in the data model that the present invention uses, attribute and element cover all validity features of application,
Can be used in mark application, provide certification comprehensive, effective for application.
4, effectiveness: the present invention can reach intended in applied environment and run purpose.
Accompanying drawing explanation
Fig. 1 is the verification process of the present invention.
Fig. 2 is the composition diagram of identification authentication data model accessModel.
Fig. 3 is the composition diagram of application authorization rule model appCertModel.
Fig. 4 is the composition diagram authorizing application management data model appAuthMgt.
The implication of graphic element in figure 2 above to Fig. 4 is explained by Fig. 5 and Fig. 6:
Whole frame shown in Fig. 5 represents that element, upper half frame elemantName describe the title of element, lower frame
ElementAttributes describes attribute of an element;
Line style symbol shown in Fig. 6 represent paradigmatic relation, left end represent combination after element, right-hand member represents involved unit
Element;Number represents the number of element after combination;" the most element of minimum number .. " represents that involved element is in assembly
The minimum number of times that can occur and the number of times that at most can occur.
Detailed description of the invention
1. the verification process of method
As it is shown in figure 1, proposed to recognize to certification authority by application software (being called for short application) resident in onboard networks service system
Card application, the information of application is authenticated by authorized organization, and authentication result is returned to application application.
2. the data model of method
2.1 composition
Notebook data model is referred to as accessModel, elementary composition by two, successively:
● appCertModel: application (application software resident in onboard networks service system is called for short application) certification rule
Model;
● appAuthMgt: authorize application management data model;
The elementary composition figure of accessModel is shown in Fig. 2.
The XMLschema of 2.2accessModel model
The XMLschema of accessModel model is as follows:
Note: in the present embodiment, the description of XML all uses the XML of version1.0, default namespace is:
Http:// www.w3.org/2001/XMLSchema, the element comprising accessModel: prefix operates in named
Element in the running space of accessModel, in the design space that i.e. the present embodiment describes.The hereinafter description phase of XML
With.
3. certification rule model appCertModel
3.1 composition
AppCertModel is for needing the application accessing avionics data to use when being authenticated.Only can provide when application
In certification rule model regulation information and when can match certification rule completely, application could pass through certification.
AppCertModel includes three attributes, elementary composition by [0,255] individual different appCertItem.appCertModel
Elementary composition figure is shown in Fig. 3.Each attribute and element definition are as follows.
3.1.1 attribute
The attribute of appCertModel includes:
A) version: the current version of record appCertModel;
The actual bar number of the constitution element appCertItem of b) appCertNum: this element;
32 CRC check values of c) appCertModelCRC: all appCertItem elements, are used for ensureing this element
Integrity.
3.1.2 members element
The members element of appCertModel includes appCertItem.One appCertItem element definition one should
Authentication information, do not allow repeat.
The attribute of appCertItem is as follows with members element.
A) attribute
● seqNum: describe the numbering of this application authorization information, span [1,255].
B) element:
● appName: describe the title of application;
● partNumber: describe the application section piece number comprising application version information;
● signatureKey: describe the signature key being pre-assigned to application;
● password: describe the password being pre-assigned to application;
● platform: describe the operation platform of application.
The XMLschema of 3.2 application authorization rule models
The XMLschema of application authorization rule model appCertModel is as follows:
4. authorize model appAuthMgt
4.1 composition
AppAuthMgt is to obtaining the element that the application authorized is managed.When application by certification time, need to apply into
Row authorizes.Obtain the application authorized, could apply for accessing avionics data.Licensing process is the information provided according to application, presses
Calculate signature value according to CRC32 algorithm, and this signature value is returned to the process of application.When application application accesses avionics number
According to time, it is desirable to provide this authorization message and relevant information (object of access).Only confirm that the authorization message in application is errorless,
Application could be allowed to access avionics data.
AppAuthMgt element includes 1 attribute, elementary composition by [0,255] individual different appAuthItem, appAuthMgt
Elementary composition figure is shown in Fig. 4.Each attribute and element definition are as follows:
4.1.1 attribute
AppAuthMgt attribute includes:
The actual bar number of the constitution element appAuthItem of a) appAuthItemNum: this element.
4.1.2 members element
AppAuthMgt includes members element a: appAuthItem.One appAuthItem element describes an application
Authorization message, do not allow repeat.
AppAuthItem attribute of an element and members element are as follows:
A) attribute
● seqNum: describe the numbering of this application authorization information, span [1,255].
B) members element
● appName: describe the title of application;
● partNumber: describe the application section piece number comprising application version information;
● signature: distribute to the authorization message of application;
● platform: describe the operation platform of application;
● registerTime: the hour of log-on of record application;
● heartBeatTimeoutNum: the monitoring expired times of record application, it is initially 0, maximum times is 12, super
Cross that to be considered as the registration of this application for 12 times invalid.
The XMLschema of 4.2 application empowerment management
The XMLschema of application empowerment management appAuthMgt is as follows:
The present invention applies in the avionics interface service software in civil aircraft onboard networks service system, it is achieved that to airborne net
The authentication of network service system internal applications.
Claims (3)
1. the identity identifying method based on XML of onboard networks service system application, including:
Identification authentication data model accessModel is set up based on XML;
Described identification authentication data model is divided into two independent compositions: application authorization rule model appCertModel
With mandate application management data model appAuthMgt;Wherein
(I) application authorization rule model appCertModel includes three attributes, by multiple different appCertItem
Element is constituted, the authentication information of one application of an appCertItem element definition, does not allow to repeat;
Three attributes of appCertModel are respectively as follows:
(1) version: the current version of record appCertModel;
(2) the actual bar number of the constitution element appCertItem of appCertNum: this appCertModel;
(3) appCertModelCRC: the CRC check value of all appCertItem elements, is used for ensureing this element
Integrity;
AppCertItem attribute of an element i.e. seqNum: describe the numbering of this application authorization information;
Members element in appCertItem element includes:
(1) appName: describe the title of application;
(2) partNumber: describe the application section piece number comprising application version information;
(3) signatureKey: describe the signature key being pre-assigned to application;
(4) password: describe the password being pre-assigned to application;
(5) platform: describe the operation platform of application;
(II) application management data model appAuthMgt is authorized to include an attribute, by multiple different
AppAuthItem is elementary composition, and appAuthItem number of elements is less than appCertItem number of elements;This attribute is i.e.
The actual bar number of the constitution element appAuthItem of appAuthItemNum: this appAuthMgt;
AppAuthItem attribute of an element i.e. seqNum: describe the numbering of this application authorization information;
Members element in appAuthItem element includes:
(1) appName: describe the title of application;
(2) partNumber: describe the application section piece number comprising application version information;
(3) signature: distribute to the authorization message of application;
(4) platform: describe the operation platform of application;
(5) registerTime: the hour of log-on of record application;
(6) heartBeatTimeoutNum: the monitoring expired times of record application, are initially 0, exceed set point number
The registration being considered as this application is invalid;
First application in onboard networks service system proposes certification application to authentication module, if application can provide described application
Information that certification rule model appCertModel specifies and can mate signatureKey and password completely, then should
With passing through certification;Otherwise, directly forbid that this application accesses avionics data;
After this application is by certification, the information that authorization module provides according to this application, calculate described according to CRC algorithm
Authorize the signature value in application management data model appAuthMgt, and this signature value is returned to this application;
When application accesses avionics data, need first to send the signature value having distributed to this application to authorization module, only
Confirm that signature value is errorless, this application could be allowed to access avionics data.
The identity identifying method based on XML of onboard networks service system the most according to claim 1 application, it is special
Levy and be:
Application authorization rule model appCertModel is made up of [0,255] individual different appCertItem element,
AppAuthItem attribute of an element i.e. seqNum: describe the numbering of this application authorization information, span [1,255];
Application management data model appAuthMgt is authorized to be made up of [0,255] individual different appAuthItem element,
AppAuthItem attribute of an element i.e. seqNum: describe the numbering of this application authorization information, span [1,255].
The identity identifying method based on XML of onboard networks service system the most according to claim 1 application, it is special
Levy and be: described CRC check value is 32.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310688799.3A CN103684789B (en) | 2013-12-14 | 2013-12-14 | The identity identifying method based on XML of onboard networks service system application |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310688799.3A CN103684789B (en) | 2013-12-14 | 2013-12-14 | The identity identifying method based on XML of onboard networks service system application |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103684789A CN103684789A (en) | 2014-03-26 |
| CN103684789B true CN103684789B (en) | 2017-01-04 |
Family
ID=50321183
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310688799.3A Active CN103684789B (en) | 2013-12-14 | 2013-12-14 | The identity identifying method based on XML of onboard networks service system application |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103684789B (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1859402A (en) * | 2006-02-10 | 2006-11-08 | 华为技术有限公司 | XML file manging system and its method, and control method for XML file access |
| WO2007039865A2 (en) * | 2005-10-04 | 2007-04-12 | Disney Enterprises, Inc. | System and/or method for authentication and/or authorization |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP3730498B2 (en) * | 2000-09-19 | 2006-01-05 | 株式会社東芝 | Signature storage medium |
-
2013
- 2013-12-14 CN CN201310688799.3A patent/CN103684789B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2007039865A2 (en) * | 2005-10-04 | 2007-04-12 | Disney Enterprises, Inc. | System and/or method for authentication and/or authorization |
| CN1859402A (en) * | 2006-02-10 | 2006-11-08 | 华为技术有限公司 | XML file manging system and its method, and control method for XML file access |
Non-Patent Citations (2)
| Title |
|---|
| XML在统一身份认证中的应用;万明;《计算机与现代化》;20051231(第12期);第129页-第134页 * |
| 基于Kerberos的统一身份认证授权系统的设计;刘钦创;《广州大学学报》;20100831;第9卷(第4期);第18页-第21页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103684789A (en) | 2014-03-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104125219B (en) | For authorization management method in the identity set of power information system | |
| US9325698B2 (en) | Method and apparatus for on-site authorisation | |
| EP2942922B1 (en) | System and method for controlled device access | |
| CN109257209A (en) | A kind of data center server centralized management system and method | |
| CN102457509B (en) | Cloud computing resources safety access method, Apparatus and system | |
| US20070028095A1 (en) | Security certificate management | |
| WO2017153421A1 (en) | Authorisation management and flight compliance system and method for unmanned aerial vehicles | |
| CN103647789B (en) | Auxiliary login method and device | |
| CN103067211B (en) | A kind of passive optical network equipment License Management authentication method and system | |
| CN110472388A (en) | A kind of apparatus management/control system and its user authority control method | |
| CN102694867A (en) | Attribution-based cross-security domain access control method and system in SOA (Service Oriented Architecture) | |
| CN110661779B (en) | Block chain network-based electronic certificate management method, system, device and medium | |
| Deichmann et al. | The race for cybersecurity: Protecting the connected car in the era of new regulation | |
| Johnson et al. | Cybersecurity for electric vehicle charging infrastructure | |
| US8756655B2 (en) | Integrated physical access control and information technology (IT) security | |
| CN103684789B (en) | The identity identifying method based on XML of onboard networks service system application | |
| CN103428191A (en) | Single sign on method based on combination of CAS framework and fingerprint | |
| Wei et al. | A system theoretic approach to cybersecurity risk analysis and mitigation for autonomous passenger vehicles | |
| US9674169B2 (en) | Method and system for writing, updating and reading static and dynamic identification data for an aeronautical appliance | |
| KR101195292B1 (en) | Apparatus and method for managing identity | |
| Tellabi et al. | Overview of Authentication and Access Controls for I&C systems | |
| Lee | Considerations for cyber security implementation in autonomous vehicle systems | |
| Huang et al. | Research for e-commerce platform security framework based on SOA | |
| US11968309B2 (en) | Systems and methods for multi-factor digital authentication of aircraft operations | |
| CN105933305B (en) | A kind of principal and subordinate's cipher management method of information system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |