CN108462685A - Based on binary electric vehicle data interconnection intercommunication authority control method and system - Google Patents

Based on binary electric vehicle data interconnection intercommunication authority control method and system Download PDF

Info

Publication number
CN108462685A
CN108462685A CN201711477987.6A CN201711477987A CN108462685A CN 108462685 A CN108462685 A CN 108462685A CN 201711477987 A CN201711477987 A CN 201711477987A CN 108462685 A CN108462685 A CN 108462685A
Authority
CN
China
Prior art keywords
data
user
authorization
value
tables
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201711477987.6A
Other languages
Chinese (zh)
Inventor
彭建国
朱承治
谷兴旺
朱炯
秦俭
叶飞
刘剑锋
覃华勤
刘晔
史双龙
严辉
仲轩
张志洋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Zhejiang Electric Power Co Ltd
Beijing Kedong Electric Power Control System Co Ltd
State Grid Electric Vehicle Service Co Ltd
Original Assignee
State Grid Zhejiang Electric Power Co Ltd
Beijing Kedong Electric Power Control System Co Ltd
State Grid Electric Vehicle Service Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Zhejiang Electric Power Co Ltd, Beijing Kedong Electric Power Control System Co Ltd, State Grid Electric Vehicle Service Co Ltd filed Critical State Grid Zhejiang Electric Power Co Ltd
Priority to CN201711477987.6A priority Critical patent/CN108462685A/en
Publication of CN108462685A publication Critical patent/CN108462685A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • H04L67/025Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Power Engineering (AREA)
  • Electric Propulsion And Braking For Vehicles (AREA)
  • Charge And Discharge Circuits For Batteries Or The Like (AREA)

Abstract

The present invention relates to car networking service fields, more particularly to a kind of to be based on binary electric vehicle data interconnection intercommunication authority control method and system.Described method includes following steps:(1) user model is established, authorization sequence attribute is added in user's table;(2) before the authorization value in generating data list, delegated strategy need to be formulated to user, is judged according to Property Name and data value;(3) authority credentials for being accessed data table row record is updated;(4) authorization message is externally provided by the authority list generated with the authorization sequence in user's table by authorization value in tables of data, when a plurality of data permission inquired under user, which returns, enumerates data.The system comprises policy definition module, data resource module, permissions list module and line modules.The present invention proposes a kind of new charge information and interconnects digital right management scheme, improves high efficiency, flexibility and the safety of data permission management.

Description

Based on binary electric vehicle data interconnection intercommunication authority control method and system
Technical field
The present invention relates to car networking service fields, more particularly to a kind of to be based on binary electric vehicle data interconnection intercommunication Authority control method and system.
Background technology
With wideling popularize for electric vehicle, electric automobile charging pile operator develops to " various schools of thinkers from " letting a single flower blossom " Contend " situation, domestic main charging pile operator at least has 20 or more.Oneself is issued in each operation commercial city at present Recharged card and App applications, and the recharged card of different operators and App cannot achieve shared and general, be filled to automobile user Electricity brings great puzzlement.To solve the convenient charge requirement of user, State Grid Corporation of China builds in car networking service platform The service of interconnecting passes through the information interconnection and intercommunication that the service module realizes different operators charging services.Electrically-charging equipment takes Business quotient can by the service interface that interconnects by the information on services of electrically-charging equipment, as station information, location information, facility information, The data such as equipment running status information share to other relevant platforms, other related sides are enable to get setting for service provider Apply situation.
The service of interconnecting is open service Internet-based, can also face and hold when enjoying the open facility brought Put the risk of formula service.To solve the problems, such as network attack that open service is brought, each in interconnecting need to be serviced into Row security hardening.It usually asks all to need to carry out data permission verification each time, request every time is required for enumerating all permissions.
Access control based roles are the security authorization mechanisms that current information management system generally uses.Based role System security controls feature is to complete authorizing and cancelling for user right by distributing and cancelling role.Safety manager's root According to needing to define various roles, and suitable access rights are set, and user is designated as difference again according to its responsibility and qualifications and record of service Role.
Entire access control process is just divided into two parts, i.e. access rights are associated with role, and role is closed with user again Connection, to realize the logical separation of user and access rights, role can regard the language of an expression access control policy as Adopted structure, it can indicate to undertake the qualification of particular job.
For the application of interconnecting in electric automobile the Internet services platform, the method for based role administration authority exists Following disadvantage:
1, the user that interconnects includes all kinds of social charge information suppliers and charge information user, is not affiliated with same Fixed tissue, it is difficult to establish the mapping relations of role and entity;
2, interconnect user permission and social development, policy change and cooperation policy adjustment be closely related, have compared with Big flexibility safeguards that the workload of role and authority relation is huge;
3, the mode of based role administration authority needs to research and develop a large amount of management function, and the access for the user that interconnects is It is realized by interface mode;
4, the data object that different user accesses is entirely different, and the mode of based role administration authority cannot achieve data pair As the separation with permission object, it is not suitable for the system that data permission item magnitude is larger, permission user is more.
Abbreviation and Key Term definition:
Access control based roles:Role-Based Access Control (RBAC) are at present using most common A kind of authority control method.
Car networking service platform:The electric automobile the Internet services platform that State Grid Corporation of China builds, it is intended to pass through construction Three stake networking, car networking and intelligent grid Internet of Things, allow automobile user to enjoy one-stop convenient service by internet.
Permission:To car networking service platform interconnect data or with other resources that data indicate access permitted It can.
Invention content
It is a kind of based on binary electric vehicle data it is an object of the invention to propose for the problems in background technology Interconnect authority control method and system.
To achieve the above object, the following technical solutions are proposed by the present invention:
One kind being based on binary electric vehicle data interconnection intercommunication authority control method, which is characterized in that the method Include the following steps:
(1) user model is established:Manual maintenance user property, according to pre-defined when storing user data in user's table Sequence automatically generate user's authorization sequence, authorization sequence is not reproducible;Authorization sequence indicates user's authorization value in tables of data Position, determine whether the user has the permission of access row data according to the authorization value in authorization sequence combination data list;
(2) before the authorization value in generating data list, delegated strategy need to be formulated to user, according to tables of data Property Name Judged with data value, reducing the manual screening before authorizing with this works;
(3) authorization value for being accessed tables of data is established:For existing tables of data, increase and authorize bit field, according to user Authorization sequence and delegated strategy generate the authorization value of data table row record, and the data line is accessed to judge whether the user has The permission of record;
(4) permissions list is generated according to the authorization sequence in authorization value in tables of data and user's table, externally provides and authorizes letter Breath, when a plurality of data permission inquired under user, which returns, enumerates data, efficiently inquires data, and the data permission data generated exist Each permissions data carries out data check when having change, is matched with the authorization value in raw data list, by what is be tampered Permissions data is restored to reset condition.
Further, in step (3), authorizing the data stored in position is generated according to the policy definition table that user formulates Mandate position, the minimum value for representing authorization code in user's table successively from low level to a high position represents and can visit to maximum value, 1 It asks, 0 represents inaccessible, this binary number is converted to 16 binary datas and is stored, and reduces memory space.
One kind being based on binary electric vehicle data interconnection intercommunication authority control system, it is characterised in that:
The system comprises policy definition module, data resource module, permissions list module and line modules;
The line module accesses user for managing, and generates user's table, the authorization sequence of maintenance access user, title, Phone, address, affiliated organization's encoded attributes;
The policy definition module is used to define access strategy of the user to data resource according to user's table, tables of data, raw At policy definition table;
The data resource module is used to store the charging pile of user's access, charging station data resource, and fixed according to strategy Authorization sequence in adopted table and user's table generates and stores the access mandate value that all users record each data table row;
The permissions list module is used to automatically generate permissions list according to tables of data and user's table, and recording each user has The data record accessed is weighed, the access rights and rapid feedback request data result of each user are verified based on permissions list.
Further, the policy definition table includes user USERID, data table name, tables of data Property Name, data Filter condition, data access authority.
Further, the tables of data include DATAID, authorization value, charging station ID, carrier ID, side ID belonging to equipment, Charge station name, charging station country code, charging station province districts under city administration coding, better address, Service Phone, type of site, website Whether state parking stall quantity, longitude, latitude, builds place, charging tariffs on electricity, service rate, parking fee, the means of payment, supports Reservation, modification time, deletes mark at remarks.
Further, the permissions list include table major key, table name, data major key, User ID, whether readable field.
Compared with the existing technology, beneficial effects of the present invention are as follows:
The present invention interconnects the data permission regulatory requirement and general-purpose rights controlling mechanism of service for car networking platform Not applicable problem, it is proposed that a kind of new charge information interconnects digital right management scheme, improves the height of data permission management Effect property, flexibility and safety.This method has the following effects that after promoting:
1, for the data interaction of interface mode, it can be achieved that user right dynamic management, substantially reduces grinding for rights management Send out cost;
2, data object and permission control are integrated, the time that permission judges when reducing user accesses data, is carried High data access efficiency;
3, there is trackability to the control of user right, it, can be quickly extensive by tracing to the source when permission is by illegal distort It is multiple, there is higher-security.
Description of the drawings
Fig. 1 is the configuration diagram based on binary electric vehicle data interconnection intercommunication authority control system.
Specific implementation mode
With reference to the accompanying drawings and detailed description, detailed elaboration is made to specific embodiments of the present invention.These tools Body embodiment is only not supposed to be a limitation to the present invention for narration or implementation principle, and protection scope of the present invention is still with power Subject to profit requires, including obvious changes or variations etc. made on this basis.
The rights management that the service of interconnecting of car networking service platform provides is mainly the access control to charging service data System has the characteristics that authority items magnitude is big, permission user is more and permission changes greatly.Currently, user mainly looks into data permission It askes, realization method is interface.Efficiently read according to permission grant quantity, legal power safety, permission anti-destructive, permission etc. Factor formulates rationally effective mandated program, and the service robustness that can just make to interconnect obtains basic guarantee.The present invention is for mutual The data permission feature for joining interoperability services is generated, authority items by rights token rule, right customization, authentication, authority items The mechanism and multiples such as verification, devise it is a kind of based on it is binary efficiently, safety, flexible data interconnect permission control program.
The permission control program based on radix-2 algorithm proposed in the present invention refers to representing user with binary number 1/0 Yes/No has the access rights that tables of data records.When multi-user, according to the sequence of user's authorization sequence, it is arranged in order from right to left Multi-user authority binary string is generated, the binary string of generation is ultimately converted to the authorization value that hexadecimal number is stored in tables of data In field.
It is as shown in Figure 1 based on binary electric vehicle charge data permission control program architecture design that interconnects.Base It interconnects permission control program in binary electric vehicle charge data, it is contemplated that the service of interconnecting externally is providing clothes When business, the data access authority that each user is assigned is different, and the permission reusing degree between user and user is low, so It needs to be directed to each user storage data access right data.In order to facilitate Authorized operation is carried out, plan is increased before mandate Link is slightly defined, mandated program is formulated according to user and data field in definition strategy, permission bits are stored in data resource. According to the relationship of permission bits in user and data resource, permissions list is generated.User is when accessing data resource, by enumerating power The data resource in list is limited, data resource list is provided.
The system of the present invention includes policy definition module, data resource module, permissions list module and line module;
The line module accesses user for managing, and generates user's table, the authorization sequence of maintenance access user, title, The attributes such as phone, address, affiliated organization coding;
The policy definition module is used to define visit of the user to data resource (row records) according to user's table, tables of data Ask that strategy, generation strategy define table, including user USERID, data table name, tables of data Property Name, data filtering condition (manner of comparison), data access authority etc.;
The data resource module is used to store the data resources such as charging pile, the charging station of user's access, and according to strategy Authorization sequence in table and user's table is defined, the access mandate value that all users record each data table row is generated and store;
The permissions list module is used to automatically generate permissions list according to tables of data and user's table, and recording each user has The data record accessed is weighed, the access rights and rapid feedback request data result of each user are verified based on permissions list.
It is provided by the invention a kind of based on binary electric vehicle data interconnection intercommunication authority control method, specific steps It is as follows:
1, user model is established, authorization sequence attribute is added in user's table, wherein what is stored is user in tables of data The position-order train value of authorization value determines whether this object has access and be somebody's turn to do according to the mandate position in this sequential value combination data list The permission of data, authorization code should be a sequences and not reproducible.
1 user's table of table
2, before the authorization value in generating data list, preauthorization information need to be formulated to user, wherein according to Property Name Judged with data value, reducing the manual screening before authorizing with this works.
2 policy definition table of table
3, the basic model for being accessed tables of data is established.It is the plan formulated according to user wherein to authorize the data stored in position The authorization value for slightly defining table generation represents the minimum value of authorization code in user's table to maximum value successively from low level to a high position, and 1 Representative can access, and 0 represents inaccessible, this binary number is converted to 16 binary datas and is stored, and reduce memory space.
3 tables of data of table
4, it can externally provide and award by the authority list generated with the authorization sequence in user's table by authorization value in tables of data Information is weighed, when a plurality of data permission inquired under user can return to and enumerate data, efficiently inquire data, and the data permission generated Data carry out data check when each permissions data has change, are matched with the authorization value in raw data list, will be by The permissions data distorted is restored to reset condition.
4 authority list of table.

Claims (6)

1. one kind being based on binary electric vehicle data interconnection intercommunication authority control method, which is characterized in that the method packet Include following steps:
(1) user model is established:Manual maintenance user property, according to pre-defined sequence when storing user data in user's table Row automatically generate user's authorization sequence, and authorization sequence is not reproducible;Authorization sequence indicates the position of user's authorization value in tables of data It sets, determines whether the user has the permission for accessing row data according to the authorization value in authorization sequence combination data list;
(2) before the authorization value in generating data list, delegated strategy need to be formulated to user, according to tables of data Property Name and number Judged according to value, reducing the manual screening before authorizing with this works;
(3) authorization value for being accessed tables of data is established:For existing tables of data, increase and authorize bit field, is authorized according to user Sequence and delegated strategy generate the authorization value of data table row record, and data line record is accessed to judge whether the user has Permission;
(4) permissions list is generated according to the authorization sequence in authorization value in tables of data and user's table, authorization message is externally provided, is looked into It is returned when asking a plurality of data permission under user and enumerates data, efficiently inquire data, and the data permission data generated are each Permissions data carries out data check when having change, is matched with the authorization value in raw data list, the permission that will be tampered Data are restored to reset condition.
2. one kind according to claim 1 is based on binary electric vehicle data interconnection intercommunication authority control method, It is characterized in that:
In step (3), it is the authorization value for the policy definition table generation formulated according to user to authorize the data that store in position, from low The minimum value that position represents the authorization code in user's table to a high position successively is represented and can be accessed to maximum value, 1, and 0 represents and can not visit It asks, this binary number, which is converted to 16 binary datas, to be stored, and memory space is reduced.
3. one kind being based on binary electric vehicle data interconnection intercommunication authority control system, it is characterised in that:
The system comprises policy definition module, data resource module, permissions list module and line modules;
The line module accesses user for managing, and generates user's table, the authorization sequence of maintenance access user, title, phone, Address, affiliated organization's encoded attributes;
The policy definition module is used to define user according to user's table, tables of data to the access strategy of data resource, generates plan Slightly define table;
The data resource module is used to store the charging pile of user's access, charging station data resource, and according to policy definition table And authorization sequence in user's table, generate and store the access mandate value that all users record each data table row;
The permissions list module is used to automatically generate permissions list according to tables of data and user's table, records each user and has the right to visit The data record asked verifies the access rights and rapid feedback request data result of each user based on permissions list.
4. one kind according to claim 3 is based on binary electric vehicle data interconnection intercommunication authority control system, It is characterized in that:
The policy definition table includes user USERID, data table name, tables of data Property Name, data filtering condition, data Access rights.
5. one kind according to claim 3 is based on binary electric vehicle data interconnection intercommunication authority control system, It is characterized in that:
The tables of data includes DATAID, authorization value, charging station ID, carrier ID, side ID belonging to equipment, charging station name, fills Power station country code, charging station province districts under city administration coding, better address, Service Phone, type of site, station state, parking stall quantity, Longitude, latitude build place, charging tariffs on electricity, service rate, parking fee, the means of payment, whether support reservation, remarks, modification Time deletes mark.
6. one kind according to claim 3 is based on binary electric vehicle data interconnection intercommunication authority control system, It is characterized in that:
The permissions list include table major key, table name, data major key, User ID, whether readable field.
CN201711477987.6A 2017-12-29 2017-12-29 Based on binary electric vehicle data interconnection intercommunication authority control method and system Pending CN108462685A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711477987.6A CN108462685A (en) 2017-12-29 2017-12-29 Based on binary electric vehicle data interconnection intercommunication authority control method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711477987.6A CN108462685A (en) 2017-12-29 2017-12-29 Based on binary electric vehicle data interconnection intercommunication authority control method and system

Publications (1)

Publication Number Publication Date
CN108462685A true CN108462685A (en) 2018-08-28

Family

ID=63220532

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711477987.6A Pending CN108462685A (en) 2017-12-29 2017-12-29 Based on binary electric vehicle data interconnection intercommunication authority control method and system

Country Status (1)

Country Link
CN (1) CN108462685A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111159729A (en) * 2019-12-13 2020-05-15 中移(杭州)信息技术有限公司 Authority control method, device and storage medium
CN114124424A (en) * 2020-08-31 2022-03-01 通用汽车环球科技运作有限责任公司 Differentiated access control in automotive shared services

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111159729A (en) * 2019-12-13 2020-05-15 中移(杭州)信息技术有限公司 Authority control method, device and storage medium
CN114124424A (en) * 2020-08-31 2022-03-01 通用汽车环球科技运作有限责任公司 Differentiated access control in automotive shared services

Similar Documents

Publication Publication Date Title
CN102761551B (en) System and method for multilevel cross-domain access control
CN110197058B (en) Unified internal control security management method, system, medium and electronic device
CN105871914B (en) CRM system access control method
CN105872094B (en) A kind of service robot cloud platform interface system and method based on SOA
CN101631116B (en) Distributed dual-license and access control method and system
CN103347090B (en) A kind of software license management method based on enterprise network
CN101286845B (en) Control system for access between domains based on roles
US20140289829A1 (en) Computer account management system and realizing method thereof
CN101453357B (en) Network management control method and network management control system
Li et al. RBAC-based access control for SaaS systems
US6678682B1 (en) Method, system, and software for enterprise access management control
CN102422298A (en) Access control of distributed computing resources system and method
CN104301301B (en) A kind of Data Migration encryption method based between cloud storage system
CN103312721A (en) Cloud platform access control framework and implementation method thereof
CN104463005A (en) Method for controlling access permissions of electronic document
WO2008086757A1 (en) Control device of accessing e-document and method as the same
CN111935073A (en) Authority management method and system of cloud platform based on multi-organization architecture
CN106067119A (en) Client relation management method based on privately owned cloud
CN102004866A (en) Method and device for user identity verification and access control of information system
CN109525570A (en) A kind of data hierarchy safety access control method of Cargo Oriented on Group client
CN106096976A (en) Small business's client relation management method
CN103023921A (en) Authentication and access method and authentication system
CN111865943A (en) Multi-level tenant authentication method and device based on micro-service
CN104866774B (en) The method and system of account rights management
CN100574210C (en) A kind of based on the access control method that shines upon between the off grade role

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20180828