CN104135459A - Access control system and access control method thereof - Google Patents
Access control system and access control method thereof Download PDFInfo
- Publication number
- CN104135459A CN104135459A CN201310159971.6A CN201310159971A CN104135459A CN 104135459 A CN104135459 A CN 104135459A CN 201310159971 A CN201310159971 A CN 201310159971A CN 104135459 A CN104135459 A CN 104135459A
- Authority
- CN
- China
- Prior art keywords
- things
- access control
- service request
- internet gateway
- internet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides an access control system and an access control method thereof. The access control system is applied to Internet of things, and comprises one or more Internet of things gateways and a central access controller, wherein the central access controller is used for judging whether one Internet of things gateway can join the access control system or not after receiving the network access application of the Internet of things gateway, if so, saving the identification of the Internet of things gateway, creating access control information corresponding to the Internet of things gateway, saving the access control information and pushing the access control information to the Internet of things gateway; and each Internet of things gateway is used for reporting the network access application to the central access controller when being initially connected to the Internet of things, saving access control information when the access control information is received from the central access controller, judging whether a service request is permitted or not according to the saved access control information when the service request is received, and if so, executing the service request. By adopting the access control system and the access control method, centralized management and control can be realized in the Internet of things, and carrier-class remote access control can be provided.
Description
Technical field
The invention belongs to ICT (information and communication technology) field, a kind of method that relates to access control system and conduct interviews and control.
Background technology
In recent years, along with the development that the advanced ICT (information and communication technology) such as radio-frequency (RF) tag technology, Sensor Network technology, remote sensing technology, large data mining technology are advanced by leaps and bounds, the concept of Internet of Things is more clear in people's brain.From initial conceptual proposition, to the research of key technology, and current sector application development, Internet of Things has occupied one of research field of now tool prospect undoubtedly.So-called Internet of Things, refer to the various device by deployment with certain perception, calculating, execution and abilities such as communicating by letter, obtain the information of physical world, by network, realize the transmission, collaborative and process of information, thereby realize the interconnected network of information exchange between the people of wide area and thing, thing and thing.
Compare with traditional the Internet, Internet of Things especially focuses on the enhancing ability of network end-point, thereby supports about the collection of the information of " thing " and obtain.This just requires to be deployed with a large amount of terminal nodes at network end-point.These node present positions disperse, and number is numerous, and performance is separately also varied with the short-range communication agreement of supporting.For diversified terminal node is integrated in Internet of Things system, things-internet gateway becomes crucial key element.The basic function of things-internet gateway is to realize the conversion of agreement, far-end application is by all kinds of terminal nodes of gateway access, be that gateway has played the effect to all kinds of terminal heterogeneous property of external shield, thereby gateway also bears the problem that how to ensure terminal node safety, for management and the control of gateway, become extremely important.On the one hand, to gateway, effective management and control is to guarantee systematic function and promote the necessary links that user experiences; In addition, gateway is distributed being deployed in on-the-spot scope conventionally, be difficult to realize on-the-spot field review and configuration, thereby need long-range realization to authenticate the networking of gateway, and gateway is configured accordingly and managed, can be by the illegal operation of gateway not being caused to the damage of terminal node or the leakage of data thereby guarantee.When being deployed among a small circle, can realize by the authority setting of manual configuration gateway.But in practical application is disposed, it is in extensive range that Internet of things system is faced with deployment conventionally, and the demand that needs Telnet, under this application scenarios, the Remote Visit and Control of how realizing the guarantee of telecom operation level for things-internet gateway becomes particularly important, is directly connected to whether really application of Internet of things system.
Summary of the invention
The technical problem to be solved in the present invention is the Remote Visit and Control of how realizing centralized management in Internet of Things, operation level being provided.
In order to address the above problem, the invention provides a kind of access control system, be applied to, in Internet of Things, comprising: one or more things-internet gateways;
Central authorities' access controller, for after receiving the networking application of a things-internet gateway, judges that can this things-internet gateway add this access control system; If can, the sign of preserving this things-internet gateway, creates a access control information corresponding to this things-internet gateway, preserves this access control information and is pushed to this things-internet gateway;
Described things-internet gateway, for when being connected into Internet of Things for the first time, reports to described central access controller the application that networks; When receiving access control information from central access controller, preserve this access control information; When receiving service request, according to preserved access control information, judge whether to allow this service request; If allowed, carry out this service request.
Further, described central access controller, also for after upgrading access control information, is pushed to the corresponding things-internet gateway of this access control information by the access control information after upgrading.
Further, described access control information is an Access Control List (ACL), at least comprises the sign of described central access controller; The sign that also comprises zero, one or more service request sides;
Described things-internet gateway judges whether to allow this service request to refer to according to described access control information:
Whether the sign that the service request side of this service request is initiated in described things-internet gateway judgement is present in described Access Control List (ACL); If so, judge that this service request is allowed to; Otherwise judge that this service request is not allowed to.
Further, described access control information is an Access Control List (ACL), at least comprises the sign of described central access controller; The sign that also comprises zero, one or more service request sides; When comprising the sign of one or more service request side, also comprise the operating right that each service request side is corresponding;
Described things-internet gateway judges according to described access control information whether service request is allowed to refer to:
Whether the sign that the service request side of this service request is initiated in described things-internet gateway judgement is present in described Access Control List (ACL); If so, judge whether this service request mates operating right corresponding to this service request side; If coupling, judges that this service request is allowed to; If the sign of service request side not in Access Control List (ACL) or not matching operation of service request authority, judges that this service request is not allowed to.
Further, described things-internet gateway execution service request refers to:
Described things-internet gateway correspondingly transducer and/or the actuator in attachment networking is carried out service request, and to service request side, returns to response message.
Further, in the networking application that described things-internet gateway reports, carry application information; Described application information at least comprises the description of this things-internet gateway;
Described central access controller judges that can this things-internet gateway add this access control system to refer to:
Described central access controller carries out identity checks and matching check to things-internet gateway, if things-internet gateway by identity checks and matching check, judges that things-internet gateway can add this access control system; Otherwise judgement things-internet gateway can not add this access control system;
Described identity checks are whether the application information of digital examination submission is legal and true, if legal and true, by identity checks; Otherwise, by identity checks;
Described matching check is to check whether things-internet gateway meets this access control system default operation policy requirement and standard criterion, if met, passes through matching check; Otherwise, do not pass through matching check.
A kind of method that the present invention also provides above-mentioned access control system to conduct interviews and control, is applied in Internet of Things, and described method comprises:
Things-internet gateway, when being connected into Internet of Things for the first time, reports to central access controller the application that networks;
Described central access controller, after receiving the networking application of a things-internet gateway, judges that can this things-internet gateway add this access control system; If can, according to the sign of preserving this things-internet gateway, for this things-internet gateway creates a access control information corresponding to this things-internet gateway, preserve this access control information and be pushed to this things-internet gateway;
Described things-internet gateway receives described access control information and preserves;
Described things-internet gateway, when receiving service request, judges whether to allow this service request according to preserved access control information; If allowed, carry out this service request.
Further, described method also comprises:
Described central access controller upgrades access control information, and the access control information after upgrading is pushed to the corresponding things-internet gateway of this access control information.
Further, described access control information is an Access Control List (ACL), at least comprises the sign of described central access controller; The sign that also comprises zero, one or more service request sides;
Described things-internet gateway judges whether to allow the step of this service request to comprise according to described access control information:
Things-internet gateway obtains the sign of the service request side that initiates this service request;
Whether the sign that things-internet gateway judgement is obtained is present in described Access Control List (ACL);
If so, described things-internet gateway judges that this service request is allowed to; Otherwise described things-internet gateway judges this service request and is not allowed to.
Further, described access control information is an Access Control List (ACL), at least comprises the sign of described central access controller; The sign that also comprises zero, one or more service request sides; When comprising the sign of one or more service request side, also comprise the operating right that each service request side is corresponding;
Described things-internet gateway judges that according to described access control information the step whether service request is allowed to comprises:
Whether the sign that the service request side of this service request is initiated in described things-internet gateway judgement is present in described Access Control List (ACL); If so, judge whether this service request mates operating right corresponding to this service request side; If coupling, judges that this service request is allowed to; If the sign of service request side not in Access Control List (ACL) or not matching operation of service request authority, judges that this service request is not allowed to.
Further, the step of described things-internet gateway execution service request comprises:
Described things-internet gateway correspondingly transducer and/or the actuator in attachment networking is carried out service request, and to service request side, returns to response message.
Further, in the networking application that described things-internet gateway reports, carry application information; Described application information at least comprises the description of this things-internet gateway;
Described central access controller judges that can this things-internet gateway add the step of this access control system to comprise:
Central authorities' access controller carries out identity checks and matching check to things-internet gateway, and described identity checks are whether the application information of digital examination submission is legal and true, if legal and true, by identity checks; Otherwise, by identity checks; Described matching check is to check whether things-internet gateway meets this access control system default operation policy requirement and standard criterion, if met, passes through matching check; Otherwise, do not pass through matching check;
If things-internet gateway is by identity checks and matching check, central access controller judgement things-internet gateway can add this access control system; Otherwise central access controller judgement things-internet gateway can not add this access control system.
Technical scheme of the present invention is by disposing a centralized operation level control unit: central access controller, and in the mode of Remote configuration, realize the networking authentication of things-internet gateway and access rights are controlled; And match with things-internet gateway, control the access that internet-of-things terminal is carried out, and then realize the Remote Visit and Control of things-internet gateway operation level.
Accompanying drawing explanation
Fig. 1 is the configuration diagram of the execution mode in embodiment mono-;
Fig. 2 is the schematic flow sheet of an object lesson of embodiment bis-.
Embodiment
Below in conjunction with drawings and Examples, technical scheme of the present invention is described in detail.
It should be noted that, if do not conflicted, in the embodiment of the present invention and embodiment, each feature can mutually combine, all within protection scope of the present invention.In addition, although there is shown logical order in flow process, in some cases, can carry out shown or described step with the order being different from herein.
Embodiment mono-, a kind of access control system, be applied to Internet of Things, comprising:
One or more things-internet gateways;
Central authorities' access controller, for after receiving the networking application of a things-internet gateway, judges that can this things-internet gateway add this access control system; If can, the sign of preserving this things-internet gateway, creates a access control information corresponding to this things-internet gateway, preserves this access control information and is pushed to this things-internet gateway;
Described things-internet gateway, for when being connected into Internet of Things for the first time, reports to described central access controller the application that networks; When receiving access control information from central access controller, preserve this access control information; When receiving service request, according to preserved access control information, judge whether to allow this service request; If allowed, carry out this service request.
The present embodiment can pass through the adjustment to access control information, controls the internet-of-things terminal access of (comprising transducer, actuator etc.); Than guaranteeing the scheme that it is safe by hiding internet-of-things terminal now, the present embodiment can disclose each terminal in Internet of Things, can effectively prevent the unauthorized access to these terminals again, finally can realize the Remote Visit and Control of things-internet gateway operation level.
In the present embodiment, the specific implementation form of described central access controller is not limit, and such as being both a newly-increased autonomous device, can utilize existing device to realize yet; A central access controller can be both a physical device for another example, also can utilize many distributed apparatus jointly to realize the function of a central access controller.Described central access controller can have one or more; When there is a plurality of central access controller, described things-internet gateway can send to a central access controller application that networks according to preset strategy or address.
As shown in Figure 1, central access controller, things-internet gateway and service request Fang Jun's system architecture in an embodiment of the present embodiment are connected by Internet of Things; Things-internet gateway is connecting sensor, actuator in addition.Wherein service request can be thought applications client or electronic equipment etc.Service request side, as the initiator of internet of things service, initiates to read Internet of Things data or the service request of controlling internet-of-things terminal.The service request that things-internet gateway allows judgement, correspondingly transducer and/or the actuator in attachment networking carried out this service request, and to service request side, returns to response message.Central authorities' access controller is responsible for the networking authentication of things-internet gateway and access rights to control.
S1 in figure is the communication process between central access controller and things-internet gateway, comprising: things-internet gateway is issued central access controller networking application and central controller is pushed to things-internet gateway by access control information.S2 is the communication process between service request side and things-internet gateway, comprising: service request side's initiating business request, for example, read the data of transducer in Internet of Things, or control the actuator in Internet of Things by things-internet gateway by things-internet gateway.If things-internet gateway judgement allows this service request, carry out corresponding operation, and to service request side, return to response message.
In an embodiment of the present embodiment, described central access controller can also, for after upgrading access control information, be pushed to by the access control information after upgrading the things-internet gateway that this access control information is corresponding.
In addition, described central access controller can also or be received the moment of instruction or the moment that any central access controller is selected in the default moment, pushes access control information to corresponding things-internet gateway.
In an embodiment of the present embodiment, it is an Access Control List (ACL) that described access control information can be, but not limited to, and can be also other form, as text, array etc. in other execution mode.
In an alternative of this execution mode, described central access controller can be, but not limited to the described sign of the things-internet gateway of this access control system that can add to be kept in a controlled list of gateways.Central authorities' access controller safeguard a controlled list of gateways and a plurality of respectively with this controlled list of gateways in gateway Access Control List (ACL) one to one.In other alternative, the things-internet gateway that central access controller also can adopt other mode to preserve and can add identifies.
In an alternative of this execution mode, described Access Control List (ACL) at least comprises the sign of described central access controller; The sign that also comprises zero, one or more service request sides;
In this alternative, described things-internet gateway judges according to described access control information whether service request is allowed to refer to:
Whether the sign that the service request side of this service request is initiated in described things-internet gateway judgement is present in described Access Control List (ACL); If so, judge that this service request is allowed to; Otherwise judge that this service request is not allowed to.
In another alternative of this execution mode, in described control list except comprising sign, the zero of described central access controller, the sign of one or more service request sides, when comprising the sign of one or more service request side, also comprise the operating right that each service request side is corresponding.
In a kind of situation, described operating right can comprise following three ranks:
Can only read sensor data, can only control actuator, can read sensor data also can control actuator operation.
In another kind of situation, described operating right also can specifically be defined as and can only operate transducer/actuator some or that certain several things-internet gateway connects.
Described operating right can be also the comprehensive of above-mentioned two situations, supposes that a things-internet gateway has connected transducer a, transducer b and transducer c, and actuator a, actuator b and actuator c.In described control list, can set: the operating right of service request side A is the data of read sensor a, transducer b, and control actuator a; And the operating right of service request side B is to control actuator b, actuator c; The operating right of service request side C is the data of read sensor c; The operating right of service request side D is the data (reading the data of arbitrary transducer that this things-internet gateway can be connected to) of read sensor; The operating right of service request side E is to control actuator (controlling arbitrary actuator that this things-internet gateway can be connected to).
In this alternative, described things-internet gateway judges according to described access control information whether service request is allowed to refer to:
Whether the sign that the service request side of this service request is initiated in described things-internet gateway judgement is present in described Access Control List (ACL); If so, judge whether this service request mates operating right corresponding to this service request side; If coupling, judges that this service request is allowed to; If the sign of service request side not in Access Control List (ACL) or not matching operation of service request authority, judges that this service request is not allowed to.
Than the service request of service request side A described above, if the data of read sensor c, or control actuator b/c, judge that this service request is not allowed to; In the service request of service request side C, only have " data of read sensor c " to be allowed to, C other service request in service request side is not allowed to.
In an embodiment of the present embodiment, in the networking application that described things-internet gateway reports, carry application information; Described application information can comprise the relevant information of all these things-internet gateways of this things-internet gateway description etc.
Described central access controller judges that can this things-internet gateway add this access control system to refer to:
Described central access controller carries out identity checks and matching check to things-internet gateway, if things-internet gateway by identity checks and matching check, things-internet gateway can add system; Otherwise things-internet gateway can not add system;
Described identity checks are to check that whether the application information of submitting to is legal and true, if legal and true, by identity checks; Otherwise, by identity checks;
Described matching check is to check whether things-internet gateway meets this access control system default operation policy requirement and standard criterion, if met, passes through matching check; Otherwise, do not pass through matching check.
The method that access control system in embodiment bis-, a kind of embodiment mono-conducts interviews and controls, is applied in Internet of Things, and described method comprises:
Things-internet gateway, when being connected into Internet of Things for the first time, reports to central access controller the application that networks;
Described central access controller, after receiving the networking application of a things-internet gateway, judges that can this things-internet gateway add this access control system; If can, according to the sign of preserving this things-internet gateway, for this things-internet gateway creates a access control information corresponding to this things-internet gateway, preserve this access control information and be pushed to this things-internet gateway;
Described things-internet gateway receives described access control information and preserves;
Described things-internet gateway, when receiving service request, judges whether to allow this service request according to preserved access control information; If allowed, carry out this service request.
In an embodiment of the present embodiment, described method also comprises:
Described central access controller upgrades access control information, and the access control information after upgrading is pushed to the corresponding things-internet gateway of this access control information.
In an embodiment of the present embodiment, described access control information is an Access Control List (ACL).
In a kind of alternative of present embodiment, it is an Access Control List (ACL) that described access control information can be, but not limited to, and can be also other form, as text, array etc. in other execution mode.
Described things-internet gateway judges whether to allow the step of this service request to comprise according to described access control information:
Things-internet gateway obtains the sign of the service request side that initiates this service request;
Whether the sign that things-internet gateway judgement is obtained is present in described Access Control List (ACL);
If so, described things-internet gateway judges that this service request is allowed to; Otherwise described things-internet gateway judges this service request and is not allowed to.
In another alternative of this execution mode, in described control list except comprising sign, the zero of described central access controller, the sign of one or more service request sides, when comprising the sign of one or more service request side, also comprise the operating right that each service request side is corresponding.
In a kind of situation, described operating right can comprise following three ranks:
Can only read sensor data, can only control actuator, can read sensor data also can control actuator operation.
In another kind of situation, described operating right also can specifically be defined as and can only operate transducer/actuator some or that certain several things-internet gateway connects.
Described operating right can be also the comprehensive of above-mentioned two situations, supposes that a things-internet gateway has connected transducer a, transducer b and transducer c, and actuator a, actuator b and actuator c.In described control list, can set: the operating right of service request side A is the data of read sensor a, transducer b, and control actuator a; And the operating right of service request side B is to control actuator b, actuator c; The operating right of service request side C is the data of read sensor c; The operating right of service request side D is the data (reading the data of arbitrary transducer that this things-internet gateway can be connected to) of read sensor; The operating right of service request side E is to control actuator (controlling arbitrary actuator that this things-internet gateway can be connected to).
In this alternative, described things-internet gateway judges that according to described access control information the step whether service request is allowed to comprises:
Whether the sign that the service request side of this service request is initiated in described things-internet gateway judgement is present in described Access Control List (ACL); If so, judge whether this service request mates operating right corresponding to this service request side; If coupling, judges that this service request is allowed to; If the sign of service request side not in Access Control List (ACL) or not matching operation of service request authority, judges that this service request is not allowed to.
In an embodiment of the present embodiment, the step that described things-internet gateway is carried out service request comprises:
Described things-internet gateway correspondingly transducer and/or the actuator in attachment networking is carried out service request, and to service request side, returns to response message.
In an embodiment of the present embodiment, in the networking application that described things-internet gateway reports, carry application information; Described application information at least comprises the description of this things-internet gateway;
An object lesson of the present embodiment as shown in Figure 2, comprises step 201~211:
201, things-internet gateway starts after parallel-connection network, to central access controller, initiates the application that networks, submit applications information.Application information can comprise all relevant informations of things-internet gateway description etc.
Whether the things-internet gateway that 202, central access controller judgement sends the application that networks can add, if can, perform step 203; Otherwise return to failed message; If there is another things-internet gateway to start parallel-connection network, again from step 201, start to carry out.
The things-internet gateway whether central authorities' access controller judgement application gateway can add system specifically application to be networked carries out identity checks and matching check, if things-internet gateway by identity checks and matching check, things-internet gateway can add; Otherwise things-internet gateway cannot add.
Identity checks are to check that whether the application information of submitting to is legal and true, if legal and true, by identity checks; Otherwise, by identity checks.
Matching check is to check that whether things-internet gateway meets operation policy requirement and the standard criterion of system, if met, passes through matching check; Otherwise, do not pass through matching check.
203, central access controller joins controlled list of gateways by things-internet gateway; The things-internet gateway that is arranged in controlled list of gateways can be described as controlled gateway.
204, central access controller is that the things-internet gateway joining in controlled list of gateways creates a Access Control List (ACL) for service request side.Access Control List (ACL) is default comprises and optionally comprises in addition 0 by central access controller, 1, or the sign of a plurality of service request sides.
205, central access controller pushes to things-internet gateway by Access Control List (ACL).
By Access Control List (ACL) being pushed to things-internet gateway, specifically can when creating this Access Control List (ACL), be pushed by central access controller, when Access Control List (ACL) is upgraded, push and push in the moment of any central access controller selection.
206, things-internet gateway is stored in this locality by the Access Control List (ACL) of reception.
207, the service request that things-internet gateway monitoring service request side initiates.
208, things-internet gateway has judged whether the initiating business request from service request side, if had, performs step 209; Otherwise, return to step 207.
209, things-internet gateway judges whether to allow the service request of service request side according to the Access Control List (ACL) of this locality storage, if passed through, performs step 10; Otherwise, execution step 11.
Judge whether to allow the service request of service request side specifically to judge whether the sign of the service request side of initiating business request appears in the Access Control List (ACL) of the local storage of things-internet gateway, if existed, allow the service request of service request side; Otherwise, the request of refusal service request side.
210, things-internet gateway is carried out the service request that service request side initiates.
211, things-internet gateway refusal is carried out the service request that service request side initiates, and optionally returns to error message.
One of ordinary skill in the art will appreciate that all or part of step in said method can come instruction related hardware to complete by program, described program can be stored in computer-readable recording medium, as read-only memory, disk or CD etc.Alternatively, all or part of step of above-described embodiment also can realize with one or more integrated circuits.Correspondingly, each the module/unit in above-described embodiment can adopt the form of hardware to realize, and also can adopt the form of software function module to realize.The present invention is not restricted to the combination of the hardware and software of any particular form.
Certainly; the present invention also can have other various embodiments; in the situation that not deviating from spirit of the present invention and essence thereof; those of ordinary skill in the art are when making according to the present invention various corresponding changes and distortion, but these corresponding changes and distortion all should belong to the protection range of claim of the present invention.
Claims (10)
1. an access control system, is applied to, in Internet of Things, comprising: one or more things-internet gateways;
It is characterized in that, also comprise:
Central authorities' access controller, for after receiving the networking application of a things-internet gateway, judges that can this things-internet gateway add this access control system; If can, the sign of preserving this things-internet gateway, creates a access control information corresponding to this things-internet gateway, preserves this access control information and is pushed to this things-internet gateway;
Described things-internet gateway, for when being connected into Internet of Things for the first time, reports to described central access controller the application that networks; When receiving access control information from central access controller, preserve this access control information; When receiving service request, according to preserved access control information, judge whether to allow this service request; If allowed, carry out this service request.
2. the system as claimed in claim 1, is characterized in that:
Described central access controller, also for after upgrading access control information, is pushed to the corresponding things-internet gateway of this access control information by the access control information after upgrading.
3. the system as claimed in claim 1, is characterized in that:
Described access control information is an Access Control List (ACL), at least comprises the sign of described central access controller; The sign that also comprises zero, one or more service request sides;
Described things-internet gateway judges whether to allow this service request to refer to according to described access control information:
Whether the sign that the service request side of this service request is initiated in described things-internet gateway judgement is present in described Access Control List (ACL); If so, judge that this service request is allowed to; Otherwise judge that this service request is not allowed to.
4. the system as claimed in claim 1, is characterized in that:
Described access control information is an Access Control List (ACL), at least comprises the sign of described central access controller; The sign that also comprises zero, one or more service request sides; When comprising the sign of one or more service request side, also comprise the operating right that each service request side is corresponding;
Described things-internet gateway judges according to described access control information whether service request is allowed to refer to:
Whether the sign that the service request side of this service request is initiated in described things-internet gateway judgement is present in described Access Control List (ACL); If so, judge whether this service request mates operating right corresponding to this service request side; If coupling, judges that this service request is allowed to; If the sign of service request side not in Access Control List (ACL) or not matching operation of service request authority, judges that this service request is not allowed to.
5. the system as claimed in claim 1, is characterized in that:
In the networking application that described things-internet gateway reports, carry application information; Described application information at least comprises the description of this things-internet gateway;
Described central access controller judges that can this things-internet gateway add this access control system to refer to:
Described central access controller carries out identity checks and matching check to things-internet gateway, if things-internet gateway by identity checks and matching check, judges that things-internet gateway can add this access control system; Otherwise judgement things-internet gateway can not add this access control system;
Described identity checks are whether the application information of digital examination submission is legal and true, if legal and true, by identity checks; Otherwise, by identity checks;
Described matching check is to check whether things-internet gateway meets this access control system default operation policy requirement and standard criterion, if met, passes through matching check; Otherwise, do not pass through matching check.
6. the method that access control system as claimed in claim 1 conducts interviews and controls, is applied in Internet of Things, it is characterized in that, described method comprises:
Things-internet gateway, when being connected into Internet of Things for the first time, reports to central access controller the application that networks;
Described central access controller, after receiving the networking application of a things-internet gateway, judges that can this things-internet gateway add this access control system; If can, according to the sign of preserving this things-internet gateway, for this things-internet gateway creates a access control information corresponding to this things-internet gateway, preserve this access control information and be pushed to this things-internet gateway;
Described things-internet gateway receives described access control information and preserves;
Described things-internet gateway, when receiving service request, judges whether to allow this service request according to preserved access control information; If allowed, carry out this service request.
7. method as claimed in claim 6, is characterized in that, also comprises:
Described central access controller upgrades access control information, and the access control information after upgrading is pushed to the corresponding things-internet gateway of this access control information.
8. method as claimed in claim 6, is characterized in that:
Described access control information is an Access Control List (ACL), at least comprises the sign of described central access controller; The sign that also comprises zero, one or more service request sides;
Described things-internet gateway judges whether to allow the step of this service request to comprise according to described access control information:
Things-internet gateway obtains the sign of the service request side that initiates this service request;
Whether the sign that things-internet gateway judgement is obtained is present in described Access Control List (ACL);
If so, described things-internet gateway judges that this service request is allowed to; Otherwise described things-internet gateway judges this service request and is not allowed to.
9. method as claimed in claim 6, is characterized in that:
Described access control information is an Access Control List (ACL), at least comprises the sign of described central access controller; The sign that also comprises zero, one or more service request sides; When comprising the sign of one or more service request side, also comprise the operating right that each service request side is corresponding;
Described things-internet gateway judges that according to described access control information the step whether service request is allowed to comprises:
Whether the sign that the service request side of this service request is initiated in described things-internet gateway judgement is present in described Access Control List (ACL); If so, judge whether this service request mates operating right corresponding to this service request side; If coupling, judges that this service request is allowed to; If the sign of service request side not in Access Control List (ACL) or not matching operation of service request authority, judges that this service request is not allowed to.
10. method as claimed in claim 6, is characterized in that:
In the networking application that described things-internet gateway reports, carry application information; Described application information at least comprises the description of this things-internet gateway;
Described central access controller judges that can this things-internet gateway add the step of this access control system to comprise:
Central authorities' access controller carries out identity checks and matching check to things-internet gateway, and described identity checks are whether the application information of digital examination submission is legal and true, if legal and true, by identity checks; Otherwise, by identity checks; Described matching check is to check whether things-internet gateway meets this access control system default operation policy requirement and standard criterion, if met, passes through matching check; Otherwise, do not pass through matching check;
If things-internet gateway is by identity checks and matching check, central access controller judgement things-internet gateway can add this access control system; Otherwise central access controller judgement things-internet gateway can not add this access control system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310159971.6A CN104135459A (en) | 2013-05-03 | 2013-05-03 | Access control system and access control method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310159971.6A CN104135459A (en) | 2013-05-03 | 2013-05-03 | Access control system and access control method thereof |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104135459A true CN104135459A (en) | 2014-11-05 |
Family
ID=51807983
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310159971.6A Pending CN104135459A (en) | 2013-05-03 | 2013-05-03 | Access control system and access control method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104135459A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106790351A (en) * | 2016-11-14 | 2017-05-31 | 中国联合网络通信集团有限公司 | A kind of method and system of equipment control |
| CN107592969A (en) * | 2015-06-09 | 2018-01-16 | 英特尔公司 | For the systems, devices and methods that accesses control list is handled in affined environment |
| CN110753039A (en) * | 2019-09-29 | 2020-02-04 | 苏州浪潮智能科技有限公司 | Method and device for remote login safety protection |
| WO2024074066A1 (en) * | 2022-10-08 | 2024-04-11 | 华为云计算技术有限公司 | Internet-of-things device management method based on cloud computing technology, and platform |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1317099A2 (en) * | 2001-11-29 | 2003-06-04 | Matsushita Electric Industrial Co., Ltd. | Appliance control system and method using mobile communications terminal, and home gateway |
| CN1863195A (en) * | 2005-05-13 | 2006-11-15 | 中兴通讯股份有限公司 | Family network system with safety registration function and method thereof |
| CN101064628A (en) * | 2006-04-28 | 2007-10-31 | 华为技术有限公司 | Household network appliance safe management system and method |
| CN101741557A (en) * | 2008-11-18 | 2010-06-16 | 财团法人工业技术研究院 | Hierarchical key-based access control system and method |
| CN102202390A (en) * | 2010-03-25 | 2011-09-28 | 中兴通讯股份有限公司 | Method and system for managing wireless sensor node |
| CN102202389A (en) * | 2010-03-25 | 2011-09-28 | 中兴通讯股份有限公司 | Method and system for realizing gateway management |
-
2013
- 2013-05-03 CN CN201310159971.6A patent/CN104135459A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1317099A2 (en) * | 2001-11-29 | 2003-06-04 | Matsushita Electric Industrial Co., Ltd. | Appliance control system and method using mobile communications terminal, and home gateway |
| CN1863195A (en) * | 2005-05-13 | 2006-11-15 | 中兴通讯股份有限公司 | Family network system with safety registration function and method thereof |
| CN101064628A (en) * | 2006-04-28 | 2007-10-31 | 华为技术有限公司 | Household network appliance safe management system and method |
| CN101741557A (en) * | 2008-11-18 | 2010-06-16 | 财团法人工业技术研究院 | Hierarchical key-based access control system and method |
| CN102202390A (en) * | 2010-03-25 | 2011-09-28 | 中兴通讯股份有限公司 | Method and system for managing wireless sensor node |
| CN102202389A (en) * | 2010-03-25 | 2011-09-28 | 中兴通讯股份有限公司 | Method and system for realizing gateway management |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107592969A (en) * | 2015-06-09 | 2018-01-16 | 英特尔公司 | For the systems, devices and methods that accesses control list is handled in affined environment |
| CN107592969B (en) * | 2015-06-09 | 2021-02-02 | 英特尔公司 | System, apparatus and method for access control list processing in a constrained environment |
| CN106790351A (en) * | 2016-11-14 | 2017-05-31 | 中国联合网络通信集团有限公司 | A kind of method and system of equipment control |
| CN110753039A (en) * | 2019-09-29 | 2020-02-04 | 苏州浪潮智能科技有限公司 | Method and device for remote login safety protection |
| WO2024074066A1 (en) * | 2022-10-08 | 2024-04-11 | 华为云计算技术有限公司 | Internet-of-things device management method based on cloud computing technology, and platform |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP7194847B2 (en) | A method for authenticating the identity of digital keys, terminal devices, and media | |
| CN102047262B (en) | Authentication for distributed secure content management system | |
| US8627420B2 (en) | Apparatus for associating a client device or service with a wireless network | |
| CN101543099B (en) | Use, provision, customization and billing of services for mobile users through distinct electronic apparatuses | |
| US8898750B2 (en) | Connecting remote and local networks using an identification device associated with the remote network | |
| CN101860534B (en) | Method and system for switching network, access equipment and authentication server | |
| CN101083659B (en) | Security policy and environment for portable equipment | |
| US8665753B2 (en) | Simultaneous setup of a wireless network adapter and a network host device | |
| CN109995792B (en) | Safety management system of storage equipment | |
| KR102376196B1 (en) | Delegating keys to control access | |
| CN107484152B (en) | Management method and device for terminal application | |
| CN103544749A (en) | Cloud control access control management system and authentication method thereof | |
| CN103747433A (en) | Method and mobile terminal for realizing root request management through manufacturer server | |
| CN100539499C (en) | A kind of safe star-shape local network computer system | |
| CN104135459A (en) | Access control system and access control method thereof | |
| CN105392137A (en) | Household WIFI embezzlement preventing method, wireless router and terminal equipment | |
| CN106127888A (en) | Smart lock operational approach and smart lock operating system | |
| CN105744555A (en) | Terminal maintenance method, maintenance device and network management server | |
| CN1601954B (en) | Moving principals across security boundaries without service interruption | |
| CN114244568A (en) | Security access control method, device and equipment based on terminal access behavior | |
| US20150256544A1 (en) | Method and Device for Gateway Managing Terminal | |
| US7761468B2 (en) | Supporting multiple security mechanisms in a database driver | |
| CN102958202A (en) | Wireless router, access equipment and system | |
| CN104823429A (en) | Systems and methods for managing registration and discovery of URI schemes | |
| KR101533857B1 (en) | System and method of tamper-resistant control |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20141105 |