CN106997440A - A kind of role access control method - Google Patents

A kind of role access control method Download PDF

Info

Publication number
CN106997440A
CN106997440A CN201710231151.1A CN201710231151A CN106997440A CN 106997440 A CN106997440 A CN 106997440A CN 201710231151 A CN201710231151 A CN 201710231151A CN 106997440 A CN106997440 A CN 106997440A
Authority
CN
China
Prior art keywords
user
role
access control
control method
confidence level
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710231151.1A
Other languages
Chinese (zh)
Inventor
郝波
郭学光
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CHINA EXPRESS E-COMMERCE Co Ltd
Original Assignee
CHINA EXPRESS E-COMMERCE Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CHINA EXPRESS E-COMMERCE Co Ltd filed Critical CHINA EXPRESS E-COMMERCE Co Ltd
Priority to CN201710231151.1A priority Critical patent/CN106997440A/en
Publication of CN106997440A publication Critical patent/CN106997440A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Abstract

The invention discloses a kind of role access control method, when user accesses, carry out the calculating of User reliability, and judge whether to meet the activation condition of user's access, the security performance of system is ensure that, user's Access Management Access is carried out using the concept of role, is managed with apparent Role hierarchy, and high scalability and adaptability, go for the environment of various cloud storages.The advantage of access control based roles method is as follows:Facilitate empowerment management, be easy to be classified according to need of work, conveniently realize least privilege, conveniently share task, differentiated control, easily extensive realization are conveniently realized to file.

Description

A kind of role access control method
Technical field
The present invention relates to field of information security technology, specifically a kind of role access control method of facing cloud
Background technology
Continue to develop in terms of access control, from it is traditional certainly advocate peace Mandatory Access Control Model after with network and meter Role-based access control model, task-based access control model, Based on Distributed that calculation machine technology develops and occurred Access control model with cross-domain access control model, with temporal and spatial correlations, access control scheme based on security attribute etc..
Traditional access control model has two kinds of self contained navigation and forced symmetric centralization, but both access control moulds The problem of all there is difficult management in type.With continuing to develop for computer system, under cloud computing environment, user needs what is accessed Resource is more and more, occurs in that good to flexibility, adaptable access control model demand.Access control based roles Model, it introduces the concept of role between user and access rights, so ensures to be separated between user and authority, So as to can further ensure the safety of user and access rights, the flexibility of user's access is improved.But this model is uncomfortable Conjunction is applied in distributed system.
Under cloud environment, it is to realize access control by the method for cryptography to study at present relatively large number of, but is counted Calculation amount is larger, while permission modification and revocation are complicated.Therefore, design it is a kind of be applied to the system under cloud storage environment based on can The role access control method of reliability and attribute is imperative.
The content of the invention
It is contemplated that at least solving one of technical problem present in prior art.
Therefore, it is an object of the present invention to by designing a kind of role access control method, being entered using the concept of role Row user's Access Management Access, is managed with apparent Role hierarchy, and high scalability and adaptability.Access control based roles The advantage of model is as follows:Facilitate empowerment management, be easy to be classified according to need of work, conveniently realize least privilege, conveniently share and appointing It is engaged in, differentiated control, easily extensive realization is conveniently realized to file.
To achieve the above object, the present invention provides a kind of role access control method, comprises the following steps:
S1, user's input username and password login system proposes access request, and system of users carries out authentication, together When user related information is collected in verification process;
S2, background server carries out the calculating of synthetic reliability to the user;
S3, role and authority that inquiry user property can be activated;
S4, role is distributed according to the attribute of user, and is matched by user property key value, obtains the affiliated angle of user Colour gamut;
S5, is compared according to User reliability and role's confidence level, judges whether the user meets activation role's Condition;
S6, inquiry user relationship data storehouse, determines executable authority of the user to resource object;
S7, feedback Authorization result information to user.
Further, the system of users carries out authentication and is specially:The user name that is inputted according to user and close Code is matched, if matching is correct, into next step;If it fails to match, refusal is logged in.
Specifically, the synthetic reliability is calculated by equation below:
T=a*AT+b*BT;
Wherein AT represents the basic confidence level of user, and BT represents trustworthy user behavior degree, and a and b represent that user substantially may be used respectively The weight parameter of reliability and trustworthy user behavior degree, and a+b=1.
More specifically, the basic confidence level AT of the user is calculated by equation below:
AT=w1*t+w2*(m1÷n1)+w3*(m2÷n2)+w4*(m3÷n3)+w5*(m4÷n4);
Wherein, n1、n2、n3、n4Credible platform, system, safety means, the number of the generic operation number of application program four are represented respectively Mesh, m1、m2、m3、m4The number of trusted operations in credible platform, system, safety means, application program is represented respectively, and wherein t is Static confidence level.
More specifically, the trustworthy user behavior degree BT is calculated by equation below:
BT=∑s vi÷∑|vi|;
Wherein, viRepresent the susceptibility of Access Events.
Further, owning user attribute key value represents the authority size of user.
It is preferred that, role's confidence level represents the Minimum support4 value needed for system activation certain role set in advance.
It is preferred that, it is described to be compared according to User reliability and role's confidence level, judge whether the user meets sharp The condition of role living is specially:
If User reliability is more than or equal to role's confidence level, judges to meet activation character conditions, carry out next step;If with Family confidence level is less than role's confidence level, then judges to be unsatisfactory for activating character conditions, operation information is refused to user feedback.
It is preferred that, the user related information is static attribute, platform environment, behavioural information.
By technical scheme, when user accesses, the calculating of User reliability is carried out, and judge whether to meet The activation condition that user accesses, it is ensured that the security performance of system, carries out user's Access Management Access using the concept of role, has Apparent Role hierarchy management, and high scalability and adaptability, go for the environment of various cloud storages.
Brief description of the drawings
Fig. 1 shows a kind of flow chart of role access control method of the invention.
Fig. 2 shows mutual role help block diagram.
Embodiment
It is below in conjunction with the accompanying drawings and specific real in order to be more clearly understood that the above objects, features and advantages of the present invention Mode is applied the present invention is further described in detail.It should be noted that in the case where not conflicting, the implementation of the application Feature in example and embodiment can be mutually combined.
Many details are elaborated in the following description to facilitate a thorough understanding of the present invention, still, the present invention may be used also Implemented with being different from mode described here using other, therefore, protection scope of the present invention is not by following public tool The limitation of body embodiment.
Fig. 1 shows a kind of flow chart of role access control method of the invention.
As described in Figure 1, a kind of role access control method, comprises the following steps:
S1, user's input username and password login system proposes access request, and system of users carries out authentication, together When user related information is collected in verification process;
S2, background server carries out the calculating of synthetic reliability to the user;
S3, role and authority that inquiry user property can be activated;
S4, role is distributed according to the attribute of user, and is matched by user property key value, obtains the affiliated angle of user Colour gamut;
S5, is compared according to User reliability and role's confidence level, judges whether the user meets activation role's Condition;
S6, inquiry user relationship data storehouse, determines executable authority of the user to resource object;
S7, feedback Authorization result information to user.
Further, the system of users carries out authentication and is specially:The user name that is inputted according to user and close Code is matched, if matching is correct, into next step;If it fails to match, refusal is logged in.
The confidence level of synthetic reliability measure user in terms of two:One is credible based on user identity and environmental information Degree, equivalent to the direct trust in trust management concept, is defined as basic confidence level AT, the basic confidence level of user passes through System Security Policy and rule are determined.Two be to calculate trustworthy user behavior degree, and the behavior history of system, feedback are accessed according to it Influence of its behavior record to confidence level.Basic confidence level, behavior the confidence level value between [0,1], the totality of user can Reliability is that they calculate and obtained according to default Weight.Synthetic reliability represents the identity of system comprehensive assessment user, put down The confidence value obtained after platform and the information of behavior.With any real number representation on [0,1], numerical value is bigger to represent that user is credible Degree is higher.Role's confidence level represents the Minimum support4 value needed for the activation certain role that system is previously set.
Specifically, the synthetic reliability is calculated by equation below:
T=a*AT+b*BT;
Wherein AT represents the basic confidence level of user, and BT represents trustworthy user behavior degree, and a and b represent that user substantially may be used respectively The weight parameter of reliability and trustworthy user behavior degree, and a+b=1.
The factor of User reliability is influenceed, mainly there are five:Static attribute, credible platform, system, safety means and Application software.
More specifically, the basic confidence level AT of the user is calculated by equation below:
AT=w1*t+w2*(m1÷n1)+w3*(m2÷n2)+w4*(m3÷n3)+w5*(m4÷n4);
Wherein, n1、n2、n3、n4Credible platform, system, safety means, the number of the generic operation number of application program four are represented respectively Mesh, m1、m2、m3、m4The number of trusted operations in credible platform, system, safety means, application program is represented respectively, and wherein t is Static confidence level (by default).
More specifically, the trustworthy user behavior degree BT is calculated by equation below:
BT=∑s vi÷∑|vi|;
Wherein, viRepresent the susceptibility of Access Events.
The sensitivity value of benign Access Events is set to vi=1, malicious access event vi=-2, to embody the slow increasing of confidence level Rapid drawdown principle.Its sensitivity value can be accessed by the history of the historical record of system and user and determined, can also directly by using The behavior purpose and its authority degree that family is accessed at present are determined.
Further, owning user attribute key value represents the authority size of user.
It is preferred that, role's confidence level represents the Minimum support4 value needed for system activation certain role set in advance.
It is preferred that, it is described to be compared according to User reliability and role's confidence level, judge whether the user meets sharp The condition of role living is specially:
If User reliability is more than or equal to role's confidence level, judges to meet activation character conditions, carry out next step;If with Family confidence level is less than role's confidence level, then judges to be unsatisfactory for activating character conditions, operation information is refused to user feedback.
It is preferred that, the user related information is static attribute, platform environment, behavioural information.
Owning user attribute key value represents the authority size of user.For example, user property key value, which is equal to 1, represents the whole network Role, user property key value is equal to 2 and represents microgrid role.The whole network role shows that this user can set to the parameter of the whole network Put or change, microgrid role shows that some microgrid in the whole network is configured or changed.
Wherein, inquiry user relationship data storehouse, determines executable authority of the user to resource object.It is stored with database User relationship data, wherein specifically including authority of the user to resource object.For example, oil price, user can be changed by storing certain user The authority of sequence information etc..
Wherein, above-mentioned steps S2-S7 is performed in background server.
Technical scheme is explained in detail with reference to a specific embodiment.
Fig. 2 shows mutual role help block diagram.
Mutual role help block diagram as shown in Figure 2.It is that traditional Role-based access control model is expanded Exhibition, adds confidence factor in licensing process, and the authority that the more high then entity of confidence level is obtained is also higher, exists while monitoring entity The performance of task is undertaken in role, and is fed back in the current confidence level of entity, is carried out by automatic role activation Dynamic authorization with feedback.Wherein access control components are calculated the confidence level of user, and with Role Activation confidence level Judgement is compared, to determine to access the condition whether user meets activation, wherein Role Activation confidence level is above-mentioned refers to Role's confidence level, it is by the Minimum support4 value needed for system activation certain role set in advance.For example, can use this most Small confidence value is 0.6.
Validated user A access control process
User's A login systems, initiate the data message that request performs modification cloud storage to system first, and step is as follows:
Step 1:System first has to carry out authentication to user A, while collecting other relevant informations.If A recognizes through identity The match is successful for card, into step 2, otherwise, refuses it and logs in.
Step 2:User reliability is calculated according to the information of capture, have recorded in credible report 270 of user A it is related Operation is noted down, and central credible platform, system, safety means, the quantity of application software of adhering to separately is successively:40th, 60,80,90, and divide Belonging to trusted operations Ji Ku quantity is successively:36th, 54,72,81, its static confidence level is 0.9.It is assumed that using expert graded To determine weight, its value is successively:0.2、0.2、0.3、0.1、0.2.According to basic confidence level computing formula, show that user is basic Confidence level is AT=0.9.The benign behavior 8 of user, bad behavior event 1, according to trustworthy user behavior degree formula are recorded in daily record Draw BT=0.8.User's final confidence value can be calculated by formula, and it is 0.5, T=to provide weight according to expert estimation 0.5*0.9+0.5*0.8=0.85.
Step 3:By being matched to user property Key values, the affiliated role domain of user is determined, Key=2 represents user A For microgrid role.
Step 4:Inquire about microgrid Role Activation threshold value in database, thus contrast user A confidence level determines to carry out Role Activation is operated.
Step 6:Database is inquired about, it is determined that executable authority is that can change the authority of cloud storage data.
Step 7:User A is allowed to modify operation.
If user B pretends to be user's A login systems, request performs modification data manipulation, credible platform, system, safety means, The number of trusted operations necessarily declines in the number of application software, and B 190 associative operations record is contained in credible report, Adhere to credible platform, system, safety means, the quantity of application software separately in the inside:10th, 40,60,80, adhere to trusted operations separately Ji Ku quantity is successively:5th, 20,30,40, its static confidence value provided is 0.5, and each Factor Weight ibid, is calculated Its basic confidence value is 0.5.The benign behavior 8 of user, bad behavior event 1 are recorded in daily record, behavior confidence level is 0.8, is used Family synthetic reliability is 0.65, does not reach Role Activation requirement, can enter system, can not but obtain user A any authority. And after its user property value is compared with the data attribute value to be changed, its user property with modification object properties also can not Match somebody with somebody, therefore modification operation can not be realized.
In the description of this specification, the description of term " one embodiment ", " some embodiments ", " specific embodiment " etc. Mean that combining the embodiment or specific features, structure, material or the feature of example description is contained at least one reality of the invention Apply in example or example.In this manual, identical embodiment or reality are not necessarily referring to the schematic representation of above-mentioned term Example.Moreover, description specific features, structure, material or feature can in any one or more embodiments or example with Suitable mode is combined.
The preferred embodiments of the present invention are the foregoing is only, are not intended to limit the invention, for the skill of this area For art personnel, the present invention can have various modifications and variations.Within the spirit and principles of the invention, that is made any repaiies Change, equivalent substitution, improvement etc., should be included in the scope of the protection.

Claims (9)

1. a kind of role access control method, it is characterised in that comprise the following steps:
S1, user's input username and password login system proposes access request, and system of users carries out authentication, while User related information is collected in verification process;
S2, background server carries out the calculating of synthetic reliability to the user;
S3, role and authority that inquiry user property can be activated;
S4, role is distributed according to the attribute of user, and is matched by user property key value, obtains the affiliated role of user Domain;
S5, is compared according to User reliability and role's confidence level, judges whether the user meets the condition of activation role;
S6, inquiry user relationship data storehouse, determines executable authority of the user to resource object;
S7, feedback Authorization result information to user.
2. a kind of role access control method according to claim 1, it is characterised in that:The system of users carries out body Part certification is specially:The username and password inputted according to user is matched, if matching is correct, into next step;If With failure, then refusal login.
3. a kind of role access control method according to claim 1, it is characterised in that:The synthetic reliability passes through such as Lower formula is calculated:
T=a*AT+b*BT;
Wherein AT represents the basic confidence level of user, and BT represents trustworthy user behavior degree, and a and b represent the basic confidence level of user respectively With the weight parameter of trustworthy user behavior degree, and a+b=1.
4. a kind of role access control method according to claim 3, it is characterised in that:The user is substantially credible Degree AT is calculated by equation below:
AT=w1*t+w2*(m1÷n1)+w3*(m2÷n2)+w4*(m3÷n3)+w5*(m4÷n4);
Wherein, n1、n2、n3、n4Credible platform, system, safety means, the number of the generic operation number of application program four, m are represented respectively1、 m2、m3、m4The number of trusted operations in credible platform, system, safety means, application program is represented respectively, and wherein t is that static state can Reliability.
5. a kind of role access control method according to claim 3, it is characterised in that:The trustworthy user behavior degree BT Calculated by equation below:
BT=∑s vi÷∑|vi|;
Wherein, viRepresent the susceptibility of Access Events.
6. a kind of role access control method according to claim 1, it is characterised in that:Owning user attribute key value table Show the authority size of user.
7. a kind of role access control method according to claim 1, it is characterised in that:Role's confidence level represents that system is pre- Minimum support4 value needed for the activation certain role first set.
8. a kind of role access control method according to claim 1, it is characterised in that it is described according to User reliability and Role's confidence level is compared, and judges that the condition whether user meets activation role is specially:
If User reliability is more than or equal to role's confidence level, judges to meet activation character conditions, carry out next step;If user can Reliability is less than role's confidence level, then judges to be unsatisfactory for activating character conditions, operation information is refused to user feedback.
9. a kind of role access control method according to claim 1, it is characterised in that the user related information is quiet State attribute, platform environment, behavioural information.
CN201710231151.1A 2017-04-10 2017-04-10 A kind of role access control method Pending CN106997440A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710231151.1A CN106997440A (en) 2017-04-10 2017-04-10 A kind of role access control method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710231151.1A CN106997440A (en) 2017-04-10 2017-04-10 A kind of role access control method

Publications (1)

Publication Number Publication Date
CN106997440A true CN106997440A (en) 2017-08-01

Family

ID=59433897

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710231151.1A Pending CN106997440A (en) 2017-04-10 2017-04-10 A kind of role access control method

Country Status (1)

Country Link
CN (1) CN106997440A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110113369A (en) * 2019-06-27 2019-08-09 无锡华云数据技术服务有限公司 A kind of method for authenticating of based role permission control
CN110135804A (en) * 2019-04-29 2019-08-16 深圳市元征科技股份有限公司 Data processing method and device
CN110909328A (en) * 2019-11-20 2020-03-24 珠海格力电器股份有限公司 Authority configuration method and device, electronic equipment and storage medium
CN112751867A (en) * 2020-12-31 2021-05-04 南京航空航天大学 Access control authorization method based on logic unit and trust evaluation
CN115664800A (en) * 2022-10-25 2023-01-31 白城师范学院 Big data safety protection system based on cloud computing

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101039322A (en) * 2007-04-20 2007-09-19 华中师范大学 Dynamic access control method of pervasive computing
CN102347958A (en) * 2011-11-18 2012-02-08 上海电机学院 Dynamic hierarchical access control method based on user trust
CN104935590A (en) * 2015-06-10 2015-09-23 南京航空航天大学 HDFS access control method based on role and user trust value
CN105871854A (en) * 2016-04-11 2016-08-17 浙江工业大学 Self-adaptive cloud access control method based on dynamic authorization mechanism
US9516504B2 (en) * 2014-05-19 2016-12-06 Verizon Patent And Licensing Inc. Intelligent role based access control based on trustee approvals

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101039322A (en) * 2007-04-20 2007-09-19 华中师范大学 Dynamic access control method of pervasive computing
CN102347958A (en) * 2011-11-18 2012-02-08 上海电机学院 Dynamic hierarchical access control method based on user trust
US9516504B2 (en) * 2014-05-19 2016-12-06 Verizon Patent And Licensing Inc. Intelligent role based access control based on trustee approvals
CN104935590A (en) * 2015-06-10 2015-09-23 南京航空航天大学 HDFS access control method based on role and user trust value
CN105871854A (en) * 2016-04-11 2016-08-17 浙江工业大学 Self-adaptive cloud access control method based on dynamic authorization mechanism

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
罗超: "基于云存储的智能配用电系统及其访问控制方法研究", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110135804A (en) * 2019-04-29 2019-08-16 深圳市元征科技股份有限公司 Data processing method and device
CN110135804B (en) * 2019-04-29 2024-03-29 深圳市元征科技股份有限公司 Data processing method and device
CN110113369A (en) * 2019-06-27 2019-08-09 无锡华云数据技术服务有限公司 A kind of method for authenticating of based role permission control
CN110909328A (en) * 2019-11-20 2020-03-24 珠海格力电器股份有限公司 Authority configuration method and device, electronic equipment and storage medium
CN110909328B (en) * 2019-11-20 2021-11-23 珠海格力电器股份有限公司 Authority configuration method and device, electronic equipment and storage medium
CN112751867A (en) * 2020-12-31 2021-05-04 南京航空航天大学 Access control authorization method based on logic unit and trust evaluation
CN112751867B (en) * 2020-12-31 2022-07-05 南京航空航天大学 Access control authorization method based on logic unit and trust evaluation
CN115664800A (en) * 2022-10-25 2023-01-31 白城师范学院 Big data safety protection system based on cloud computing

Similar Documents

Publication Publication Date Title
CN105659558B (en) Computer implemented method, authorization server and computer-readable memory
Hu et al. Guide to attribute based access control (abac) definition and considerations (draft)
CN106997440A (en) A kind of role access control method
CN105871854A (en) Self-adaptive cloud access control method based on dynamic authorization mechanism
US20090205018A1 (en) Method and system for the specification and enforcement of arbitrary attribute-based access control policies
US6678682B1 (en) Method, system, and software for enterprise access management control
US9473499B2 (en) Federated role provisioning
CN103258159A (en) Extensible and/or distributed authorization system and/or methods of providing the same
US11580206B2 (en) Project-based permission system
CN107808103A (en) The control method and control device of a kind of data permission
CN107204978B (en) A kind of access control method and device based on multi-tenant cloud environment
US20120159566A1 (en) Access control framework
Riad et al. AR-ABAC: a new attribute based access control model supporting attribute-rules for cloud computing
CN109817347A (en) Inline diagnosis platform, its right management method and Rights Management System
Singh et al. ITrust: identity and trust based access control model for healthcare system security
JP4805615B2 (en) Access control method
Gnesi et al. My data, your data, our data: managing privacy preferences in multiple subjects personal data
Kyriakidou et al. Decentralized Identity With Applications to Security and Privacy for the Internet of Things
Yamany et al. Intelligent security and access control framework for service-oriented architecture
US10872314B2 (en) Portable computerized interactive training profile
Jagadamba et al. Adaptive context-aware access control model for ubiquitous learning environment
CN109818731B (en) Method for reinforcing DSoD strategy by stream protocol
CN102223383B (en) Method and device for controlling access
Uikey et al. RBACA: role-based access control architecture for multi-domain cloud environment
Shamoon et al. Policy conflict management using XACML

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170801

RJ01 Rejection of invention patent application after publication