CN104169930A - Resource access method and device - Google Patents

Resource access method and device Download PDF

Info

Publication number
CN104169930A
CN104169930A CN201280001197.XA CN201280001197A CN104169930A CN 104169930 A CN104169930 A CN 104169930A CN 201280001197 A CN201280001197 A CN 201280001197A CN 104169930 A CN104169930 A CN 104169930A
Authority
CN
China
Prior art keywords
resource
access
access rights
rule
rights
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201280001197.XA
Other languages
Chinese (zh)
Other versions
CN104169930B (en
Inventor
许斌
张永靖
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Cloud Computing Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Publication of CN104169930A publication Critical patent/CN104169930A/en
Application granted granted Critical
Publication of CN104169930B publication Critical patent/CN104169930B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/105Arrangements for software license management or administration, e.g. for managing licenses at corporate level
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2145Inheriting rights or properties, e.g., propagation of permissions or restrictions within a hierarchy

Abstract

Disclosed are a resource access method and device. The method comprises: receiving a resource access request of an access device; according to the resource access request, obtaining at least two access authority resources of the resource; according to a parsing rule for the resource and the access authority resources, determining an access rule set for the resource; and according to the access rule set, the device identifier and the resource access operation indication, responding to the resource access request of the access device. The resource access method and device in the embodiments of the present invention achieve the mutual inheritance of access authority resources between resources to enable the access authority of the resources to conduct self-adjustment with the modification of the access authority of the inherited resource, thereby improving the efficiency of resource access authority management.

Description

Resource access method and device
Resource access method and device
Technical field
The present invention relates to the communications field, more particularly to a kind of resource access method and device
Background technology
Machine communication (Machine-to-Machine Communications, M2M) be it is a kind of by core of machine intelligence interaction, the application and service of networking.It realizes the data communication without manual intervention, to meet user to the information system requirement in terms of monitoring, command scheduling, data acquisition and measurement by being internally embedded wirelessly or non-wirelessly communication module and application processing logic in machine.
In M2M, access control mechanisms are to be used to prevent that data are by the application unauthorized access of unauthorized in M2M terminals, gateway and business platform, so as to ensure the privacy of Various types of data, security.General, once accessing the key element being related to includes requestor(Access main body), access operation(Such as " reading ", " writing ")With access object(Access object).The mode of action of access control mechanisms is:It is access rule set according to each access rule related to the access object when accessing the access request of some access operation of the main body initiation to accessing object, it is allowed to or forbid this access request.
Current ETSI (European Telecommunication Standardization
Institute, ETSI) in the M2M specifications formulated, the configuration access rule set in access rights resource, the configuration of limit.
By the ETSI M2M specification regulation access rights resource identifiers formulated can only quote zero or one access rights resource, when quoting zero resource, system default quotes the access rights resource of the parent resource of the resource, therefore is substantially still to quote an access rights resource.In this case, when configuring the access rights resource identifier of resource, there are two kinds of methods according to different demands:Method one, resource to be configured does not have any relation with other resources in access rights, then newly-built one meets desired access rights resource and quotes the resource;Method two, resource to be configured and other resources are related in access rights, such as possessing the resource of set membership has inheritance, then directly quotes the access rights resource of other resources.Because M2M is organized and managed with the structure of resource tree, there is hierarchical relationship between resource, and there are more relation, therefore often application method two in resource(Directly quote the access rights resource of other resources) configuration resource access rights.
But work as a resource and accessed by multiple applications, and each application has different access rights.Or when money Other resources are quoted in the access rights part in source, but when having the authority differed with the resource that is cited, prior art can only just use and re-start the method for authority configuration for the resource, and can not pass through the access rights content of the invention
The present invention provides a kind of resource access method and device, realizes that the access rights between resource are inherited, improves the efficiency of management of resource access rights.
On the one hand there is provided a kind of resource access method, including the resource access request of access equipment is received, the resource access request includes access equipment mark, access resource identification and resource access operations and indicated;Authority resource identification, the access rights resource that each access rights resource identification is indicated is read according at least two access rights resource identifications;According to the resolution rules for the resource and the access rights resource, it is determined that for the access rule set of the resource;Indicated to respond the resource access request of the access equipment according to the access rule set and the device identification and the resource access operations.
Optionally, in addition to:The setting to the access rights of the resource is received to ask, it is described to set request to include at least two access rights resource identifications, set according at least two access rights resource identifications and be directed to the resource access rights.
Optionally, described set also includes rule parsing mark in request, and the basis is directed to the resolution rules and the access rights resource of the resource, it is determined that for the access rule set of the resource, including:The access rights resource is parsed according to rule parsing mark corresponding resolution rules, the access rule set for the resource is obtained.
Optionally, described set also includes access rights resource prioritization rule in request, and the basis is directed to the resolution rules and the access rights resource of the resource, it is determined that for the access rule set of the resource, including:The access rights resource is parsed according to access rights resource prioritization rule and with rule parsing mark corresponding resolution rules, the access rule set for the resource is obtained.
Optionally, described set also includes access rights resource prioritization rule in request, and the basis is directed to the resolution rules and the access rights resource of the resource, it is determined that for the access rule set of the resource, including:The access rights resource is parsed according to access rights resource prioritization rule and with rule parsing mark corresponding resolution rules, the access rule set for the resource is obtained.
Optionally, described set also includes carrying out piecemeal to a variety of access rights resources in request, makes described many Planting access rights resource includes access rights resource father block and multiple sub-blocks corresponding with father's block, father's block and multiple sub-blocks corresponding with father's block include corresponding rule parsing and identified, resolution rules and the access rights resource of the basis for the resource, it is determined that for the access rule set of the resource, including:First basis is parsed with father's block rule parsing corresponding resolution rules of mark to the access rights resource, then the corresponding access rights resource of the sub-block is parsed according to rule parsing corresponding with the multiple sub-block mark, obtains the access rule set for the resource.
Optionally, described set also includes father's block and the priority rule of sub-block in request, and the basis is directed to the resolution rules and the access rights resource of the resource, it is determined that for the access rule set of the resource, including:First the access rights resource is parsed according to corresponding with father's block rule parsing mark resolution rules and priority rule, then according to resolution rules resource access rule set corresponding with the multiple sub-block rule parsing mark.
Optionally, described to set request to include at least two dereference authority resource identifications, the basis is directed to the resolution rules and the access rights resource of the resource, it is determined that for the access rule set of the resource, including:Access rights resource address is obtained according to the dereference authority resource identification, according to the access rights resource address read access authority resource;The access rights resource is parsed according to rule parsing mark corresponding resolution rules, the access rule set for the resource is obtained.
Optionally, the access rule set includes accessing main body collection and access operation set corresponding with accessing main body, it is described to be indicated to respond the resource access request of the access equipment according to the access rule set and the device identification and the resource access operations, including:If the access equipment is matched with the access main body collection, and the resource access operations indicate that indicated access operation is matched with the access operation set, then allow the access equipment to access the resource;If the access equipment is mismatched with the access main body collection, or the access equipment is matched with the access main body collection, but the resource access operations indicate that indicated access operates the access operation set with the access equipment to mismatch, then refuse the access equipment and access the resource;If the access equipment is matched with the access main body collection, but the access operation set of the access equipment is " nothing ", then refuses all kinds of access operation requests of the access equipment.
On the other hand there is provided a kind of resource access device, including:Receiving unit, the resource access request for receiving access equipment, the resource access request includes access equipment mark, accesses resource identification and money At least two access rights resource identifications of corresponding resource are identified, the access rights resource that each access rights resource identification is indicated is read according at least two access rights resource identifications;It is additionally operable to according to the resolution rules for the resource and the access rights resource, it is determined that for the access rule set of the resource;Response unit, for being indicated to respond the resource access request of the access equipment according to the access rule set and the device identification and the resource access operations.
Optionally, the resource access device also includes:Setting unit, is configured, the setting unit includes for the access rights to the resource:Receiving subelement, it is described to set request to include at least two access rights resource identifications for receiving the request of the setting to the access rights of the resource;Subelement is set, and the setting request for being received according to receiving subelement is identified to the access rights resource identifier of the resource.
Optionally, the receiving subelement specifically for:Receive the setting to the access rights of the resource to ask, described set in request also identifies including rule parsing, and the acquiring unit includes:At least two access rights resource identifications in first acquisition unit, the access rights identifier for obtaining the resource, read access authority resource is distinguished according to the access rights resource identification;Second acquisition unit, is parsed according to the rule parsing corresponding resolution rules of mark to the access rights resource, obtains the access rule set for the resource.
Optionally, the receiving subelement also particularly useful for:Receive to set the access rights of the resource and ask, described set also includes access rights resource prioritization rule in request, the acquiring unit also includes:3rd acquiring unit, for being parsed according to access rights resource prioritization rule and with the rule parsing corresponding resolution rules of mark to the access rights resource, the access rule obtained for the resource is optional, the receiving subelement also particularly useful for:The setting to the access rights of the resource is received to ask, described set also includes carrying out piecemeal to a variety of access rights resources in request, a variety of access rights resources are made to include access rights resource father block and multiple sub-blocks corresponding with father's block, father's block and multiple sub-blocks corresponding with father's block include corresponding rule parsing and identified, and the acquiring unit also includes:4th acquiring unit, the access rights resource is parsed with father's block rule parsing mark corresponding resolution rules for first basis, then the corresponding access rights resource of the sub-block is parsed according to rule parsing corresponding with the multiple sub-block mark, obtains the access rule set for the resource. Optionally, the receiving subelement also particularly useful for:The setting to the access rights of the resource is received to ask, described set also includes father's block and the respective priority rule of sub-block in request, the acquiring unit also includes the 5th acquiring unit, for first being parsed according to corresponding with father's block rule parsing mark resolution rules and priority rule to the access rights resource, the access rule set of resource is then stated according to rule corresponding with the multiple sub-block.
Optionally, the receiving subelement also particularly useful for:The setting to the access rights of resource is received to ask, it is described to set request to include at least two dereference authority resource identifications, the acquiring unit also includes the 6th acquiring unit, for obtaining access rights resource address according to the dereference authority resource identification, according to the access rights resource address read access authority resource;The access rights resource is parsed according to rule parsing mark corresponding resolution rules, the access rule set for the resource is obtained.
Optionally, the response unit specifically for:If the access equipment is matched with the access main body collection, and the resource access operations indicate that indicated access operation is matched with the access operation set of the access equipment, then allow the access equipment to access the resource;If the access equipment is mismatched with the access main body collection, or the access equipment is matched with the access main body collection but the resource access operations are mismatched with the access operation set, then refuses the access equipment and access the resource;If the access equipment is matched with the access main body collection, but the access operation set of the access equipment is " nothing ", then refuses all kinds of access operation requests of the access equipment.
Optionally, described device includes:M2M terminals, M2M platforms and M2M gateways.
The resource access method and resource access device of the embodiment of the present invention, the access rights resource identifier of the resource in resource access device is configured by the main body for possessing resource distribution authority, the access rights resource identification of other resources is added in access rights resource identifier, so that resource access device can obtain related access rights resource according to the access rights resource identification, and the resolution rules set according to itself are parsed to the access rights resource, so as to realize the mutual succession of the access rights resource between each resource, the access rights of resource are voluntarily adjusted with the modification of the access rights of heritable resource, improve the efficiency of management of resource access rights, simultaneously, the utilization rate of access rights resource memory space can be improved, save memory space.
Brief description of the drawings
Fig. 1 is typical M2M system architecture diagrams; Fig. 2 is the resource access method flow chart of one embodiment of the invention;Make interaction figure;
Fig. 3 B are the declarative state transferring resource tree of the resource of one embodiment of the invention;
Fig. 4 is the resource access method signaling interaction diagram of an embodiment;
Fig. 5 for another embodiment of the present invention resource access method in resource access rights resource identifier configuration signal interaction figure;
Fig. 6 is the resource access method of the present embodiment;
Fig. 7 sets signaling interaction diagram for the access rights resource identifier of the resource access method of another embodiment of the present invention;
Fig. 8 is the resource access method signaling interaction diagram of another embodiment;Signaling interaction diagram is set;
Fig. 9 B are the access rights resource identifier structure chart with multiple access rights resource blocks of one embodiment of the invention;
Figure 10 is the resource access method signaling interaction diagram of further embodiment of this invention;
Figure 11 is the resource access device schematic diagram of one embodiment of the invention;
Figure 12 is setting unit schematic diagram in the resource access device of one embodiment of the invention;
Figure 13 is acquiring unit schematic diagram in the resource access device of one embodiment of the invention;
Figure 14 is the resource access device schematic diagram of another embodiment of the present invention.Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is only a part of embodiment of the invention, rather than whole embodiments.Based on the embodiment in the present invention, the every other embodiment that those of ordinary skill in the art are obtained under the premise of creative work is not made belongs to the scope of protection of the invention.
Fig. 1 is typical M2M system architecture diagrams, including:
M2M network applications NA 101, for being registered to M2M business platforms 102, the data that M2M equipment is gathered are accessed by mid interfaces, are additionally operable to carry out remote device management to M2M equipment; M2M equipment D, 104, M2M business platforms 102 are connected to by M2M gateways G103;
M2M equipment dl05, M2M business platforms 102 are connected to by M2M gateways G103;
M2M equipment dl05, pass through the connection M2M of M2M equipment D 106 business platforms 102.
Wherein, M2M equipment dl05, and M2M equipment dl05, not meet the legacy equipment of ETSI M2M specifications;M2M equipment D and M2M equipment D, the equipment to meet ETSI M2M specifications, wherein M2M equipment D have the service capability layer that ETSI M2M standards are defined(SCL, Service Capability Layer), M2M equipment D, the service capability layer defined without ETSI M2M standards( SCL, Service Capability Layer ).
M2M gateways G103 interconnects agent functionality using gateway(GIP, Gateway Interworking Proxy) by wirelessly or non-wirelessly communication mode (for example, Zigbee, Bluetooth, DLMS/COSEM, Zwave, BACnet, ANSIC12, mBus etc.) and M2M legacy equipment d and M2M equipment D, interconnection.And the mid interfaces between M2M gateways or M2M equipment D and M2M platforms typically use wired or wireless wide local area Network Communication(Such as:Xdsl, HFC, satellite, GERAN, UTRAN, eUTRAN, W-LAN and WiMAX etc.;).
The overall technical scheme for introducing one embodiment of the invention, is illustrated in figure 2 the resource access method flow chart of one embodiment of the invention below, including:
201st, the resource access request of access equipment is received, the resource access request includes access equipment mark, accesses resource identification and resource access operations instruction;
Specifically, middleware receives the resource access request from access equipment, request carries out associative operation to resource, such as:Reading and writing etc. are operated.Wherein middleware is the logic entity being arranged in M2M terminals or M2M gateways or M2M platforms.The resource access request includes access equipment mark, accesses resource identification and the specific access operation instruction to the resource.
It should be noted that access equipment can be M2M terminals, M2M platforms or M2M gateways.In addition, middleware has carried out related setting to the access rights of resource in advance, is asked specifically, middleware is set according to request equipment to the access rights of the resource, source mark is entered to the access rights resource identifier of the resource, the access rights resource identification points to access rights resource.Wherein the access rights resource includes access rule set, and each access rule at least includes accessing main body collection and accesses operation set.The access main body collection include allow access the resource multiple access main bodys, the access main body can use URI, global identifier or The identifier of specific meanings is described.Access operation set and include admissible access corresponding with allowing to access main body and operate, such as " readings ", " writing " similarly, access that operate also can be using URI, the identifier of global identifier or specific meanings is described.Two access rights resource identifications, the access rights resource that each access rights resource identification is indicated is read according at least two access rights resource identifications.
Specifically, middleware can check the access rights resource identifier of resource corresponding with the resource identification according to the resource identification specified in access request, and its corresponding access rights resource identification is obtained from the access rights resource identifier, the access rights resource of its sensing is read according to the access rights resource identification.
General, access rights resource identification includes the URI of access rights resource, and middleware can be according to this
URI obtains its corresponding access rights resource.
203rd, according to the resolution rules for the resource and the access rights resource, it is determined that for the access rule set of the resource.
Specifically, middleware can preset the rule parsing mark of access rights resource, rule parsing mark indicates the resolution rules of middleware default configuration acquiescence.Access rights resource can be parsed by the resolution rules, obtain the access rule set of resource.
204th, indicated to respond the resource access request of the access equipment according to the access rule set and the device identification and the resource access operations.
Specifically, middleware judges access equipment identifies whether to match with the access main body collection that access rule is concentrated, whether it is to access the access main body that main body is concentrated, then judge whether the access operation of the access equipment matches with the principal access operation set, i.e. whether the access operation of the main body is to access the access operation allowed in operation set.
When access equipment meets above-mentioned two condition simultaneously, middleware allows access equipment to be conducted interviews to the resource that it is specified operation, otherwise, when access equipment is unsatisfactory for any of the above conditions, middleware denied access equipment conducts interviews operation to the resource that it is specified.
The resource access method of one embodiment of the invention as described above, the access rights of resource are configured by the main body for possessing resource distribution authority, the access rights resource identification of other resources is added in access rights resource identifier, so that middleware can obtain related access rights resource according to the access rights resource identification, so as to realize the mutual succession of access rights resource between each resource so that the access rights of resource can be with The modification of the access rights of heritable resource and voluntarily adjust, improve the efficiency of management of resource access rights, meanwhile, can improve the utilization rate of access rights resource memory space, save memory space.
Angle is set from access rights resource identifier below, the resource access method of one embodiment of the invention is described.The access rights identifier for resource in the resource access method of one embodiment of the invention sets signaling interaction diagram as shown in Figure 3A, including:
301st, resource sets request equipment to receiving device, asked as M2M terminals, M2M gateways or M2M platforms send the setting to the access rights of resource, the mark for setting request to include at least two resource access rights marks and resource, is configured with request pair with the access rights of the corresponding resource of mark of resource.Wherein, resource sets the equipment for including setting authority with access rights resource of request equipment, can be M2M platforms.
Specifically, the resource in M2M is used as described in Fig. 3 B, a kind of statement character transfer (RepresentationalState Transfer, RESTful) of resource is described.
Wherein, field containers includes one or more containers<container>.Wherein container<container>Stated for the container resource of prior art, main include is used to describe application or M2M terminals, platform, the data message resource of gateway.
Container<container>There is accessRightID attributes, accessRightID is access rights resource identifier, according to ETSI M2M specifications, accessRightID attributes may be configured as AnyURI [0...1], its implication is 0 to 1 URI, and the URI points to access rights resource accessRight.AccessRightID attributes are such as set to " htt: //m2m. o . com/accessRights/<ar5 >", represent the access rule of the resource by access rights resource<& 5>Description.
Step 302, according to described request is set to be configured the access rights of resource.
Specifically, receiving device can will set accessRightID attributes AnyURI [0...1] to be revised as AnyURI [0...unbounded] (namely AnyURIList), and wherein each URI need to point to access rights resource<accessRight>, that is, what is be introduced into identifies for resource access rights.Realize that the combination at least two access rights resources is quoted with this.
In embodiments of the present invention, request equipment can be M2M platforms or M2M2 gateways, and receiving device can be M2M terminals, M2M platforms or M2M2 gateways.M2M platforms or M2M2 gateways can be pointed to other devices such as M2M terminals by the setting request of the access rights to resource, and the resource of M2M platforms or M2M2 gateways conducts interviews the setting of authority, can also pass through the access right to resource The setting request of limit is pointed to the setting for asking the local resource of equipment to conduct interviews authority.That is, request equipment and receiving device can be same equipment or different equipment.Not zhang restriction herein of the embodiment of the present invention.
The resource access method signaling interaction diagram of the present embodiment is illustrated in figure 4, including:
401st, access equipment sends resource access request to receiving device, and the resource access request includes access identities, resource identification and the resource access operations to the resource and indicated.
402nd, receiving device checks the access rights resource identifier of the resource according to resource identification, obtain at least two access rights resource identifications, and read corresponding access rights resource according at least two access rights resource identifications, resolution rules according to specified by default rule parses mark are parsed at least two access rights resources, obtain the resource access rule set for the resource.
403rd, receiving device is identified according to access rule set, the access equipment of the resource and access equipment operation instruction returns to resource access response to the access equipment.
Rule parsing mark is designated " overlay " by character string descriptor, default rule parsing, and the specified resolution rules of rule parsing mark are " sequentially covering ".Specifically, sequentially obtaining the respective access rights resource of access rights resource identification that resource takes at least two to be introduced into before by rear.Sequentially analyze the access rule in each access rights resource.
The access main body all occurred is concentrated for the access main body in multiple access rules, its access operation set allowed is determined by first access rule comprising the access main body.If access equipment is matched with the access main body collection that the access rule is concentrated, judge whether the access operation of access equipment belongs to access operation set, then allow the access equipment to conduct interviews and operate resource in this way.If access equipment is not belonging to the access main body collection of access rule concentration, if or access equipment belongs to the access main body collection of access rule concentration, but its access operation set for accessing operation and allowing with it is misfitted, or it is " nothing " to access operation set, then refuses the resource access request of the access equipment.
^ mouthfuls of row:AccessRightID category '!" life is set to " htt:〃 m2m.op.com/accessRights/<ar3>; http://m2m.op.com/accessRights/<ar4>", represent the access rights of the resource by access rights resource<& 3>With<& 4>Common description, when access equipment carries out read operation to the resource, reception sets to parse according to default rule and identified(Present embodiment assumes that being " overlay ", the access resolution rules " sequentially covering " of acquiescence), access rights resource is obtained first<& 4>, such as<ar4>Middle setting rule set is access main body Collection " Appl " and " App2 " allow to access operation " Read ", and then obtain access rights resource<& 3>, such as<ar3>Middle setting rule set allows to access operation " Write " to access main body collection " App 1 " and " App3 ", rule set after then parsing allows to access operation " Read " to access main body " Appl ", accessing main body main body " App2 " allows to access operation " Read ", and main body " App3 " allows to access operation " Write ".
Identified below from rule parsing and make the angle that configures, another embodiment of the present invention is elaborated, as Fig. 5 show the access rights resource identifier configuration signal interaction figure of resource in the resource access method of another embodiment of the present invention, including:
501st, the access rights resource identifier that requestor sends resource to receiving device, which is set, asks, and setting request includes resource identification, access rights resource identification and rule parsing mark.
Specifically, resource identification points to the resource for needing to set authority resource identifier, access rights resource identification is the mark of the access rights resource introduced, rule parsing is designated the corresponding mark of the resolution rules that need to be set, by character or character string descriptor, such as " overlay " is may be configured as, " union " etc., represent that the mode of " taking intersection " is parsed to access rights resource using " sequentially covering " respectively.It should be noted that be only example herein, rule parsing mark could be arranged to it is any skilled artisans appreciate that other forms.The value for such as identifying or being identified to rule parsing without rule parsing is not configured, then using the resolution rules of acquiescence, such as:Access rights resource is parsed one by one from rear to preceding.
502nd, request is set to be configured the access rights resource identifier of resource according to described.
Specifically, receiving device such as M2M terminals, M2M gateways or M2M platforms are asked according to the setting, authority resource identifier and the rule parsing mark being introduced into are added in the access rights identifier of resource corresponding with resource identification.
Optionally, a kind of data structure as shown below for statement access rights resource identifier, accessRightlD includes an imports element, the element includes one or more import elements and at least one resolveMode element, each import elements enter access rights resource for bending I, resolveMode parses mark to description rule, to represent certain resolution rules, such as rule parsing mark may be configured as " RFC4745 or " RFC3530 ", to represent to parse access rights resource according to RFC4745 or RFC3530 specifications.The specified resolution rules of RFC4745 or RFC3530 rule parsings mark refer to related specifications.
Here is the example that access rights identifier is described with XML extensible markup languages. <imports>
<import>
http://m2m.op.com/accessRights ar3>
</import>
<import>
http://m2m.op.com/accessRights ar4>
</import>
<resolveMode>
RFC4745
</resolveMode>
</imports>
The resource access method of the present embodiment is illustrated in figure 6, including:
601st, access equipment is sent to receiving device carries resource identification, access equipment mark and the access operation to resource in access request, the access request;
602nd, receiving device checks that access rights mark and rule parsing are identified according to the access rights identifier of the resource, and the access rights resource of the resource is read according to the access rights resource identification, then according to being parsed with the rule parsing corresponding analysis mode of mark to the access rights resource, the access rule set for the resource is obtained.
603rd, operation instruction is identified and accessed according to the access rule set and access equipment respond the access request.
If specifically, access equipment mark belong to access rule concentration access main body collection, and access operation belong to access rule set allow access operation set, then allow access equipment resource access request, otherwise provide huge color.
For example, when access equipment carries out read operation to the resource, middleware obtains resolveMode value first, i.e. " RFC4745 ", the access rule set that the specifications of RFC 4745 parsing represented is directed to the resource is then identified according to the rule parsing.Judge whether access equipment can carry out read operation to the resource according to the access rule set after parsing, if then allowing to read, if otherwise providing refusal respond.
If it is worth mentioning that the analysis mode indicated by some resolveMode has priority requirement to the authority resource of introducing, being parsed according to priority requirement to access rights resource.
Multiple access rights resources are pointed to from access rights resource identifier below, access rights resource has excellent The setting of first level, and exemplified by being configured to rule parsing mark, illustrate that the resource of another embodiment of the present invention accesses symbol setting signaling interaction diagram, including:
701st, equipment is asked to receiving device, asked as M2M terminals, M2M gateways or M2M platforms send the setting to the access rights identifier of specific resources, setting request includes resource identification, the access rights resource identification introduced, rule parsing mark and access rights resource prioritization rule.
702nd, receiving device asks to be configured the access rights resource identifier of specified resource according to the setting.
Specifically, the access rights resource entered to each bow I defines priority value according to access rights resource prioritization rule.
Such as:Priority attributes are set to each import elements of access rights resource identifier, the value of the attribute can be numerical value or character, to the priority relationship for the access rights resource for describing to introduce.It is respectively set to such as in access rights resource identifier by the Priority attributes of preceding three import elements sequentially afterwards:" Priority=l ", " Priority=2 ", " Priority=3 ", illustrate that the priority for the import elements for possessing " Priority=3 " is higher than the priority for the import elements for possessing " Priority=2 ", the priority for possessing the import elements of " Priority=2 " is higher than the priority for the import elements for possessing " Priority=l ".If the Priority attribute values of three import elements are identical, using the priority orders of acquiescence, i.e., reduced step by step by the priority of rear to preceding import elements.
The resource access method signaling interaction diagram of the present embodiment is illustrated in figure 8, including:
801st, access equipment sends resource access request to receiving device, and the resource access request includes resource identification, access equipment mark and the access to the resource and operated.
Wherein, receiving device can be M2M terminals, M2M gateways or M2M platforms, and access equipment can also be M2M terminals, M2M gateways or M2M platforms.
802nd, the access rights resource identifier that resource identification of the receiving device in the resource access request is checked under resource corresponding with the resource identification, read access authority resource is identified according to the access rights under the access rights resource identifier, and identified according to the rule parsing under the access rights resource identifier, access rights resource is parsed using with rule parsing mark corresponding resolution rules, the access rule set for the resource is obtained.
803rd, receiving device identifies according to access equipment, accesses operation and access rule set to access equipment Return to resource access response.
Specifically, if access equipment belongs to the access main body collection of access rule concentration, and judge whether the corresponding access operation of the access operation instruction carried in access request belongs to the access operation set of access main body permission, then allow the access equipment to conduct interviews and operate resource in this way;If the access main body collection that access equipment is concentrated with the access rule is misfitted, or it is accessed and operates the access operation set allowed with it to misfit, then the resource for refusing the access equipment is accessed and operated.
For example, introducing after priority attribute, a kind of use XML language access rights resource identifier accessRightID example:Shown in mouth figure below:
<imports>
<import priority=2>
http://m2m.op. com/access ights/<ar3>
</import>
<import priority=l>
http://m2m.op. com/access ights/<ar4>
</import>
<resolveMode>
overlay
</resolveMode>
</imports>Example as shown above represents the access rights of the resource by access rights resource<ar3 >With<ar4>Common description, and there is priority relationship between the access rights resource introduced,<ar3>Priority be higher than<ar4>Priority, pass through resolveMode in addition and indicate that resolution rules are carried out according to the method for " sequentially cover ".Access rights resource is obtained first<& 3>, such as<ar3>Middle setting rule set allows to access operation " Write " to access main body collection " Appl " and " App3 ", and then obtains access rights resource<ar4>, such as<ar4>Middle setting rule set is access main body collection " Α ρ ρ Γ; and " App2 " allows to access operation " Read "; the rule set after then parsing is to access main body " App 1 " to allow to access operation " Write "; accessing main body main body " App2 " allows access operation " Read ", and main body " App3 " allows to access operation " Write ".If resolveMode is set to " union ", i.e., the analysis mode for " taking intersection " because which is not required priority, therefore ignores the value of " priority ". Rule set after parsing is:Rule set after parsing allows to access operation " Write " and " Read " to access main body " Appl ", and accessing main body main body " App2 " allows to access operation " Read ", and main body " App3 " allows to access operation " Write ".In addition, resolveMode may be arranged as " RFC4745 ", " RFC3530 " etc. is represented according to " RFC4745 " specification respectively, " RFC3530 " specification carries out rule parsing, and concrete mode refer to corresponding normative content.
Multiple access rights resources are pointed to from access rights identifier below, access rights resource piecemeal is introduced, including exemplified by father's block and multiple sub-blocks corresponding with father's block, the resource access method of another embodiment of the present invention is illustrated.
As shown in Figure 9 A, be another embodiment of the present invention resource access method in resource access rights resource identifier set signaling interaction diagram, including:
901st, requestor is to receiving device, asked as M2M terminals, M2M gateways or M2M platforms send the setting to the access rights identifier of resource, setting request includes resource identification, access rights resource identification, the rule of father block, partition is carried out to access rights resource, and rule parsing mark corresponding with father's block, each sub-block difference.
Specifically, " introducing " by setting access rights identifier(That is " imports ") element indicates father's block, by " reference " that sets access rights identifier(That is " import ") element indicates sub-block.
902nd, receiving device asks to be configured the access rights of specified resource according to the setting.Specifically, receiving device is according to resource identification specified in request is set, the resource is obtained, and it is the access rights identifier carried in asking to update the access rights identifier of the resource.Set and piecemeal is carried out to access rights resource, that is, father's block and multiple sub-block access rights resources corresponding with father's block are set.Each sub-block includes at least one access rights resource identification.Each sub-block and each father's block can be set respective rule parsing mark.Each sub-block and each father's block may also set up priority rule simultaneously.
For example, the access rights resource identifier of piecemeal introducing access rights resource can be described as data structure as shown in Figure 9 B.
The access rights resource identifier accessRightID structure charts with multiple imports as shown in Figure 9 B, accessRightID includes an ermissionsRef element, the element includes one or more imports element again, each imports elements include one or more import elements, and each import elements include one or more access rights resource identifications.
It is the resource access method signaling interaction diagram of the present embodiment as shown in Figure 10, including:
1001st, access equipment sends resource access request to receiving device, and the resource access request includes resource identification, access equipment mark and the access to the resource and operated.
Wherein, receiving device can be M2M terminals, M2M gateways or M2M platforms, and access equipment can also be M2M terminals, M2M gateways or M2M platforms. 1002nd, the access rights resource identifier that resource identification of the receiving device in the resource access request is checked under resource corresponding with the resource identification, first the corresponding access rights resource of father's block is parsed according to corresponding with father's block rule parsing mark resolution rules and priority rule, then the corresponding access rights resource of the sub-block is parsed according to rule parsing corresponding with the plurality of sub-block mark and priority rule, obtains the resource access rule set for the resource.
1003rd, receiving device identifies according to access equipment, accesses operation instruction and access rule set to access equipment return resource access response.
As follows is to describe the example that access rights as shown above provide accessRightID with XML language
<permissions ef>
< imports priority=2>
<import priority=l>
http://m2m.op. com/access ights/<ar3>
</import>
<import priority=3>
http://m2m.op. com/access ights/<ar4>
</import>
<import priority=2>
http://m2m.op. com/access ights/<ar5>
</import>
<resolveMode>
RFC4745
</resolveMode>
</imports>
< imports priority=l>
<import priority=2>
http://m2m.op. com/access ights/<arl>
</import>
<import priority=l>
http://m2m.op. com/access ights/<ar2>
</import>
<resolveMode>
RFC3530
</resolveMode>
</imports>
< imports priority=3>
<import priority=l>
http://m2m.op. com/access ights/<ar6>
</import>
<import priority=2>
http://m2m.op. com/access ights/<ar7>
</import>
<resolveMode>
RFC4745
</resolveMode>
</imports>
<resolveMode>
RFC3530 In example as implied above, the access rights of the resource are by access rights resource<arl>, <ar2>, <ar3>, <ar4>, <ar5>, <ar6>^<ar7>Common description, when access equipment is to the read operation to be carried out of resource transmission access operation requests, receiving device is obtained " authority reference " first(That is permissionsRef) element daughter element interpretation of rules resolveMode value " RFC3530 " (i.e. rule parsing is designated RFC3530).Then the access rule set that the specifications of RFC 3530 parsing indicated is directed to the resource is identified according to the rule parsing.The specification analysis modes of RFC 3530 have priority requirement to access rights resource, therefore receiving device reads the priority priority attributes of imports elements, priority ranking is carried out according to the property value size, last imports priority riority property values are 3 herein, therefore the access rights resource in the imports elements is parsed first, followed by first imports element is parsed, because the priority property values of the imports elements are 2, it is finally that middle imports elements are parsed, because the priority property values of the imports elements are 1, the analysis mode of imports elements is then carried out according to the analysis mode indicated by daughter element resolveMode value.Finally, judge that whether requestor can carry out read operation, and respond to the resource according to the access rule set after parsing.
It should be noted that middleware makes refusal or allows response and not always triggered after strictly all rules parsing is finished, but it is triggered immediately when the resource access request for judging the access equipment does not meet access rule.
The resource access method of another embodiment of the present invention is described further so that access rights resource identification directly or indirectly points to multiple access rights resources as an example below.
The present embodiment, and the access rights resource identifier of resource are made up of multiple direct or indirect sensing access rights resource identifications, and indirect implication refers to that access rights resource identification not points to access rights resource in itself.
Constituted for example, directly or indirectly pointing to access rights resource identification by zero or more with the access rights of resource associations.The accessRightID attributes for for example setting resource Resource are " http://m2m.o . com/containers/<container 1 >; http://m2m.op.com/accessRights/<ar5>", represent the access rights of the resource by resource htt://m2m. o . com/containers/<container 1 >Access rights resource, resource htt://m2m. o . com/containers/<container2>Access rights money indicated by accessRightID is when access equipment carries out read operation to resource Resource, and reception sets access rights of the ^^ according to acquiescence Resource resolution rule is limited, is parsed first< 5>Whether the access main body collection of access rule set afterwards includes requestor, if in the presence of and its allow access operation set include read operation, then requestor is allowed to carry out read operation to the resource, if not including read operation in its access operation set allowed, requestor is not allowed to carry out read operation to the resource.
If parsing< 5>The access main body collection of access rule set afterwards is not no comprising requestor, then continues resolving resource<container2>Access rights resource indicated by ^ accessRightlD, until all access rights resources are all parsed and finished.It is worth noting that, in parsing " http://m2m.op om/containers/<container2>/ accessRightID''H, connects ^ L equipment and also needs to source identifier and parsed.In parsing htt:〃 m2m.op.com/containers/<containerl>When, middleware need to read htt:〃 m2m.op.com/containers/<containerl>I " refers to the accessRightlD of resource this access rights resource identifier and parsed.This sunset is foretold, for<container2>^ accessRightlD resolveMode, therefore use the access rights resolution rules of acquiescence.
The resource access device of one embodiment of the invention is described below, as shown in figure 11, the resource access device includes:Setting unit 1101, is configured for the access rights resource identifier to resource, makes the access rights resource identifier of the resource and includes at least two resource access rights marks, the resource access rights mark points to access rights resource;1102 receiving units, the resource access request for receiving access equipment, the resource access request includes access equipment and identified and resource access operations;1103 acquiring units, limit resource identification read access authority resource;The access rights resource is parsed according to default resolution rules, the resource access rule set for the resource is obtained;1104 response units, for according to the resource access rule set and the access equipment mark response access equipment resource access request.
Wherein, setting unit 1101 includes as shown in figure 12:
Receiving subelement 11011, for receiving the request of the setting to the access rights resource identifier of resource, subelement 11012 is set, setting request for being received according to receiving subelement is configured to the access rights resource identifier of the resource, is made the access rights resource identifier of the resource and is included the described at least two resource access rights being introduced into marks. Acquiring unit is shown as shown in figure 13, including:
First acquisition unit, 11031 are used to obtain the access rights resource identification in the access rights identifier of the resource, according to the access rights resource identification read access authority resource;
Second acquisition unit 11032, is parsed according to the rule parsing corresponding resolution rules of mark to the access rights resource, obtains the resource access rule set for the resource.
3rd acquiring unit 11033, for being parsed according to access rights resource prioritization rule and with the rule parsing corresponding resolution rules of mark to the access rights resource, obtains the resource access rule set for the resource.
4th acquiring unit 11034, the access rights resource is parsed with father's block rule parsing mark corresponding resolution rules for first basis, then the corresponding access rights resource of the sub-block is parsed according to rule parsing corresponding with the multiple sub-block mark, obtains the resource access rule set for the resource.
5th acquiring unit 11035, for first being parsed according to corresponding with father's block rule parsing mark resolution rules and priority rule to the access rights resource, then according to the resource access rule set for the resource corresponding with the multiple sub-block.
6th acquiring unit 11036, for obtaining access rights resource address according to the dereference authority resource identification, according to the access rights resource address read access authority resource.
It should be noted that the resource access device of the embodiment of the present invention can be M2M terminals, M2M platforms or M2M gateways.
The resource access device of the embodiment of the present invention as implied above, the access rights resource identifier of the resource in resource access device is configured by the main body for possessing resource distribution authority, the access rights resource identification of other resources is added in access rights resource identifier, so that resource access device can obtain related access rights resource according to the access rights resource identification, so as to realize the mutual succession of the access rights resource between each resource, the access rights of resource are voluntarily adjusted with the modification of the access rights of heritable resource, improve the efficiency of management of resource access rights, simultaneously, the utilization rate of access rights resource memory space can be improved, save memory space.
Figure 14 is the structural representation of another resource access device provided in an embodiment of the present invention, including memory 1401, and processor 1402.Wherein memory 1401 is used to store each unit described in Figure 11-13, place Reason device 1402 is connected with memory 1401, and each unit in run memory 1401 performs the corresponding function of each unit in memory 1401.The function phase of the function of each unit and each unit in Figure 11-13 is same in memory 1401 in Figure 14, and the embodiment of the present invention will not be described in detail herein.
The embodiment of the processing function of each unit included in the above-mentioned device accessed for resource has been described above in embodiment of the method before, and description is not repeated herein.In addition, in M2M networks, M2M platforms can be each computer, the equipment with processor.M2M gateways and M2M terminals do not have strict differentiation in equipment, the equipment for such as doing gateway can also be as terminal, in addition various terminal equipment, such as mobile phone, computer, PDA, notebook computer, remote controllers, household electrical appliance, various instrument and meters, sensor etc. can serve as the gateway or terminal of M2M networks.In said units embodiment, included unit is simply divided according to function logic, but is not limited to above-mentioned division, as long as corresponding function can be realized;In addition, the specific name of each functional unit is also only to facilitate mutually distinguish, the protection domain being not intended to limit the invention.Above-mentioned realization can be completed to the method for charging and the function of each functional unit of the device of charging by the processor operation each unit of M2M gateways or M2M platforms.
One of ordinary skill in the art will appreciate that realizing all or part of flow in above-described embodiment method, computer program is can be by instruct the hardware of correlation to complete, above-mentioned program can be stored in a computer read/write memory medium, the program is upon execution, it may include such as the flow of the embodiment of above-mentioned each method.Wherein, above-mentioned storage medium can be magnetic disc, CD, read-only memory(ROM:Read-Only Memory) or random access memory (RAM:Random Access Memory) etc..
In summary, presently preferred embodiments of the present invention is these are only, is not intended to limit the scope of the present invention.Within the spirit and principles of the invention, any modification, equivalent substitution and improvements made etc., should be included in the scope of the protection.

Claims (16)

  1. Claim
    1st, a kind of resource access method, it is characterised in that including:
    The resource access request of access equipment is received, the resource access request includes access equipment mark, accesses resource identification and resource access operations instruction;Access rights resource identification, the access rights resource that each access rights resource identification is indicated is read according at least two access rights resource identifications;
    According to the resolution rules for the resource and the access rights resource, it is determined that for the access rule set of the resource;
    Indicated to respond the resource access request of the access equipment according to the access rule set and the device identification and the resource access operations.
    2nd, the method as described in claim 1, it is characterised in that this method further comprises:
    The setting to the access rights of the resource is received to ask, it is described to set request to include at least two access rights resource identifications;
    Set according at least two access rights resource identifications and be directed to the resource access rights.
    3rd, method as claimed in claim 2, it is characterised in that also include rule parsing in the setting request and identify, the basis is directed to the resolution rules and the access rights resource of the resource, it is determined that for the access rule set of the resource, including:
    The access rights resource is parsed according to rule parsing mark corresponding resolution rules, the access rule set for the resource is obtained.
    4th, method as claimed in claim 3, characterized in that, described set also includes access rights resource prioritization rule in request, resolution rules and the access rights resource of the basis for the resource, it is determined that for the access rule set of the resource, including:
    The access rights resource is parsed according to access rights resource prioritization rule and with rule parsing mark corresponding resolution rules, the access rule set for the resource is obtained.
    5th, method as claimed in claim 3, it is characterized in that, described set also includes carrying out piecemeal to a variety of access rights resources in request, a variety of access rights resources are made to include access rights resource father block and multiple sub-blocks corresponding with father's block, father's block and multiple sub-blocks corresponding with father's block include corresponding rule parsing and identified, the basis is directed to the resolution rules and the access rights resource of the resource, it is determined that For the access rule set of the resource, including:
    First basis is parsed with father's block rule parsing corresponding resolution rules of mark to the access rights resource, then the corresponding access rights resource of the sub-block is parsed according to rule parsing corresponding with the multiple sub-block mark, obtains the access rule set for the resource.
    6th, method as claimed in claim 5, characterized in that, described set also includes father's block and the priority rule of sub-block in request, resolution rules and the access rights resource of the basis for the resource, it is determined that for the access rule set of the resource, including:
    First the access rights resource is parsed according to corresponding with father's block rule parsing mark resolution rules and priority rule, then the corresponding access rights resource of the sub-block is parsed according to corresponding with the multiple sub-block rule parsing mark resolution rules and priority rule, obtains the resource access rule set for the resource.
    7th, the method as described in claim any one of 3-6, it is characterized in that, it is described to set request to include at least two dereference authority resource identifications, resolution rules and the access rights resource of the basis for the resource, it is determined that for the access rule set of the resource, including:
    Access rights resource address is obtained according to the dereference authority resource identification, according to the access rights resource address read access authority resource;
    The access rights resource is parsed according to rule parsing mark corresponding resolution rules, the access rule set for the resource is obtained.
    8th, the method as described in claim 1, it is characterized in that, the access rule set includes accessing main body collection and access operation set corresponding with accessing main body, it is described to be indicated to respond the resource access request of the access equipment according to the access rule set and the device identification and the resource access operations, including:
    If the access equipment is matched with the access main body collection, and the resource access operations indicate that indicated access operation is matched with the access operation set, then allow the access equipment to access the resource;
    If the access equipment is mismatched with the access main body collection, or the access equipment is matched with the access main body collection, but the resource access operations indicate that indicated access operates the access operation set with the access equipment to mismatch, then refuse the access equipment and access the resource;
    If the access equipment is matched with the access main body collection, but the access operation set of the access equipment is " nothing ", then refuses all kinds of access operation requests of the access equipment.
    9th, a kind of resource access device, it is characterised in that including: Receiving unit, the resource access request for receiving access equipment, the resource access request includes access equipment mark, accesses resource identification and resource access operations instruction;At least two access rights resource identifications in source, the access rights resource that each access rights resource identification is indicated is read according at least two access rights resource identifications;It is additionally operable to according to the resolution rules for the resource and the access rights resource, it is determined that for the access rule set of the resource;
    Response unit, for being indicated to respond the resource access request of the access equipment according to the access rule set and the device identification and the resource access operations.
    10th, device as claimed in claim 9, it is characterised in that described device also includes:Setting unit, is configured, the setting unit includes for the access rights to the resource:Receiving subelement, it is described to set request to include at least two access rights resource identifications for receiving the request of the setting to the access rights of the resource;
    Subelement is set, and the access access rights resource identification to the resource is asked in the setting for being received according to receiving subelement.
    11st, device as claimed in claim 10, it is characterised in that the receiving subelement specifically for:Receive the setting to the access rights of the resource to ask, described set in request also identifies including rule parsing, and the acquiring unit includes:
    At least two access rights resource identifications in first acquisition unit, the access rights identifier for obtaining the resource, read access authority resource is distinguished according to the access rights resource identification;
    Second acquisition unit, is parsed according to the rule parsing corresponding resolution rules of mark to the access rights resource, obtains the access rule set for the resource.
    12nd, device as claimed in claim 10, it is characterised in that the receiving subelement also particularly useful for:
    Receive to set the access rights of the resource and ask, described set also includes access rights resource prioritization rule in request, the acquiring unit also includes:
    3rd acquiring unit, for being parsed according to access rights resource prioritization rule and with the rule parsing corresponding resolution rules of mark to the access rights resource, obtains the access rule set for the resource. 13rd, device as claimed in claim 11, it is characterised in that the receiving subelement also particularly useful for:
    The setting to the access rights of the resource is received to ask, described set also includes carrying out piecemeal to a variety of access rights resources in request, a variety of access rights resources are made to include access rights resource father block and multiple sub-blocks corresponding with father's block, father's block and multiple sub-blocks corresponding with father's block include corresponding rule parsing and identified, and the acquiring unit also includes:
    4th acquiring unit, the access rights resource is parsed with father's block rule parsing mark corresponding resolution rules for first basis, then the corresponding access rights resource of the sub-block is parsed according to rule parsing corresponding with the multiple sub-block mark, obtains the access rule set for the resource.
    14th, device as claimed in claim 13, it is characterised in that the receiving subelement also particularly useful for:
    The setting to the access rights of the resource is received to ask, described set also includes father's block and the respective priority rule of sub-block in request, the acquiring unit also includes the 5th acquiring unit, for first being parsed according to corresponding with father's block rule parsing mark resolution rules and priority rule to the access rights resource, then the corresponding access rights resource of the sub-block is parsed according to rule parsing corresponding with the multiple sub-block mark and priority rule, obtains the access rule set for the resource.
    15th, the device as described in claim any one of 10-14, it is characterised in that the receiving subelement also particularly useful for:
    The setting to the access rights of resource is received to ask, it is described to set request to include at least two dereference authority resource identifications, the acquiring unit also includes the 6th acquiring unit, for obtaining access rights resource address according to the dereference authority resource identification, according to the access rights resource address read access authority resource;
    The access rights resource is parsed according to rule parsing mark corresponding resolution rules, the access rule set for the resource is obtained.
    16th, device as claimed in claim 9, it is characterised in that the response unit specifically for:If the access equipment is matched with the access main body collection, and the resource access operations indicate that indicated access operation is matched with the access operation set of the access equipment, then allow the access equipment to access the resource;
    If the access equipment is mismatched with the access main body collection, or the access equipment is accessed with described Main body collection is matched but the resource access operations are mismatched with the access operation set, then refuses the access equipment and access the resource;
    If the access equipment is matched with the access main body collection, but the access operation set of the access equipment is " nothing ", then refuses all kinds of access operation requests of the access equipment.
    17th, the device as described in claim any one of 9-17, it is characterised in that described device includes:M2M terminals, M2M platforms and M2M gateways.
CN201280001197.XA 2012-07-02 2012-07-02 resource access method and device Active CN104169930B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2012/078071 WO2014005268A1 (en) 2012-07-02 2012-07-02 Resource access method and device

Publications (2)

Publication Number Publication Date
CN104169930A true CN104169930A (en) 2014-11-26
CN104169930B CN104169930B (en) 2017-02-22

Family

ID=49881221

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201280001197.XA Active CN104169930B (en) 2012-07-02 2012-07-02 resource access method and device

Country Status (2)

Country Link
CN (1) CN104169930B (en)
WO (1) WO2014005268A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105915621A (en) * 2016-05-11 2016-08-31 深圳市永兴元科技有限公司 Data access method and pretreatment server
WO2017067385A1 (en) * 2015-10-19 2017-04-27 Huawei Technologies Co., Ltd. Methods, systems, and apparatuses of service provisioning for resource management in a constrained environment
CN109150815A (en) * 2017-06-28 2019-01-04 阿里巴巴集团控股有限公司 Method for processing resource, device and machine readable media
CN113128200A (en) * 2019-12-31 2021-07-16 北京百度网讯科技有限公司 Method and apparatus for processing information
CN116980182A (en) * 2023-06-21 2023-10-31 杭州明实科技有限公司 Abnormal request detection method and device and electronic equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1848022A (en) * 2005-04-13 2006-10-18 华为技术有限公司 Authority control method based on access control list
CN101197026A (en) * 2007-12-20 2008-06-11 浙江大学 Design and storage method for resource and its access control policy in high-performance access control system
US20080235190A1 (en) * 2006-05-22 2008-09-25 Kaihao Zhao Method and System For Intelligently Retrieving and Refining Information
CN101655892A (en) * 2009-09-22 2010-02-24 成都市华为赛门铁克科技有限公司 Mobile terminal and access control method
CN102129539A (en) * 2011-03-11 2011-07-20 清华大学 Data resource authority management method based on access control list

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1848022A (en) * 2005-04-13 2006-10-18 华为技术有限公司 Authority control method based on access control list
US20080235190A1 (en) * 2006-05-22 2008-09-25 Kaihao Zhao Method and System For Intelligently Retrieving and Refining Information
CN101197026A (en) * 2007-12-20 2008-06-11 浙江大学 Design and storage method for resource and its access control policy in high-performance access control system
CN101655892A (en) * 2009-09-22 2010-02-24 成都市华为赛门铁克科技有限公司 Mobile terminal and access control method
CN102129539A (en) * 2011-03-11 2011-07-20 清华大学 Data resource authority management method based on access control list

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017067385A1 (en) * 2015-10-19 2017-04-27 Huawei Technologies Co., Ltd. Methods, systems, and apparatuses of service provisioning for resource management in a constrained environment
CN107637043A (en) * 2015-10-19 2018-01-26 华为技术有限公司 Business for resource management in constraint environment provides mthods, systems and devices device
CN107637043B (en) * 2015-10-19 2020-08-07 华为技术有限公司 Service providing method, system and device for resource management in constraint environment
CN105915621A (en) * 2016-05-11 2016-08-31 深圳市永兴元科技有限公司 Data access method and pretreatment server
CN109150815A (en) * 2017-06-28 2019-01-04 阿里巴巴集团控股有限公司 Method for processing resource, device and machine readable media
CN109150815B (en) * 2017-06-28 2021-11-23 阿里巴巴集团控股有限公司 Resource processing method, device and machine readable medium
CN113128200A (en) * 2019-12-31 2021-07-16 北京百度网讯科技有限公司 Method and apparatus for processing information
CN113128200B (en) * 2019-12-31 2023-07-21 北京百度网讯科技有限公司 Method and device for processing information
CN116980182A (en) * 2023-06-21 2023-10-31 杭州明实科技有限公司 Abnormal request detection method and device and electronic equipment
CN116980182B (en) * 2023-06-21 2024-02-27 杭州明实科技有限公司 Abnormal request detection method and device and electronic equipment

Also Published As

Publication number Publication date
WO2014005268A1 (en) 2014-01-09
CN104169930B (en) 2017-02-22

Similar Documents

Publication Publication Date Title
US11159606B2 (en) Lightweight IoT information model
Vermesan et al. Internet of things beyond the hype: Research, innovation and deployment
Meddeb Internet of things standards: who stands out from the crowd?
CN106572189B (en) A kind of Multi-sensor intelligent monitoring system based on Internet of Things
US11805166B2 (en) Enhanced M2M content management based on interest
CN105246096B (en) A kind of fast access method of low-power consumption internet of things equipment
CN105404258A (en) Intelligent household management method and platform
CN102882990B (en) A kind of wireless sensor network identification analytic method
CN104468711B (en) The general data management coding method of Internet of Things and system
CN104169930A (en) Resource access method and device
CN105453085A (en) Mechanisms for semantics publishing and discovery
CN105610866A (en) System and method for automatically accessing intelligent equipment to home wireless local area network
CN101826979A (en) Intelligent home appliance system
CN105306612A (en) Method for acquiring identifier of terminal in network and management network element
EP3353993A1 (en) Enhanced restful operations
CN102946648A (en) Intelligent terminal system of wireless gateway and automatic control method of intelligent terminal system
KR101988477B1 (en) Method of registration of devices for M2M network using M2M gateway and M2M gateway for it
CN102469553A (en) Method and system for accessing wireless sensor network
Mynzhasova et al. Drivers, standards and platforms for the IoT: Towards a digital VICINITY
CN106550427A (en) For realizing method, WiFi terminal and the system of WLAN rapid configuration
CN102457903A (en) Access control method for accessing wireless sensor network to telecommunication network by multiple gateways and apparatus thereof
US20200220919A1 (en) Overlay resource trees in a communication network
CN106254201A (en) Network-building method and device, method for connecting network and device, network system and terminal
CN102006181A (en) Intelligent home appliance on-line upgrade method
CN103973523A (en) Method for automatically finding and binding mobile phone and home gateway

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20220217

Address after: 550025 Huawei cloud data center, jiaoxinggong Road, Qianzhong Avenue, Gui'an New District, Guiyang City, Guizhou Province

Patentee after: Huawei Cloud Computing Technology Co.,Ltd.

Address before: 518129 Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen

Patentee before: HUAWEI TECHNOLOGIES Co.,Ltd.