CN108462685A - Based on binary electric vehicle data interconnection intercommunication authority control method and system - Google Patents
Based on binary electric vehicle data interconnection intercommunication authority control method and system Download PDFInfo
- Publication number
- CN108462685A CN108462685A CN201711477987.6A CN201711477987A CN108462685A CN 108462685 A CN108462685 A CN 108462685A CN 201711477987 A CN201711477987 A CN 201711477987A CN 108462685 A CN108462685 A CN 108462685A
- Authority
- CN
- China
- Prior art keywords
- data
- user
- authorization
- value
- tables
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
- H04L67/025—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Power Engineering (AREA)
- Electric Propulsion And Braking For Vehicles (AREA)
- Charge And Discharge Circuits For Batteries Or The Like (AREA)
Abstract
The present invention relates to car networking service fields, more particularly to a kind of to be based on binary electric vehicle data interconnection intercommunication authority control method and system.Described method includes following steps:(1) user model is established, authorization sequence attribute is added in user's table;(2) before the authorization value in generating data list, delegated strategy need to be formulated to user, is judged according to Property Name and data value;(3) authority credentials for being accessed data table row record is updated;(4) authorization message is externally provided by the authority list generated with the authorization sequence in user's table by authorization value in tables of data, when a plurality of data permission inquired under user, which returns, enumerates data.The system comprises policy definition module, data resource module, permissions list module and line modules.The present invention proposes a kind of new charge information and interconnects digital right management scheme, improves high efficiency, flexibility and the safety of data permission management.
Description
Technical field
The present invention relates to car networking service fields, more particularly to a kind of to be based on binary electric vehicle data interconnection intercommunication
Authority control method and system.
Background technology
With wideling popularize for electric vehicle, electric automobile charging pile operator develops to " various schools of thinkers from " letting a single flower blossom "
Contend " situation, domestic main charging pile operator at least has 20 or more.Oneself is issued in each operation commercial city at present
Recharged card and App applications, and the recharged card of different operators and App cannot achieve shared and general, be filled to automobile user
Electricity brings great puzzlement.To solve the convenient charge requirement of user, State Grid Corporation of China builds in car networking service platform
The service of interconnecting passes through the information interconnection and intercommunication that the service module realizes different operators charging services.Electrically-charging equipment takes
Business quotient can by the service interface that interconnects by the information on services of electrically-charging equipment, as station information, location information, facility information,
The data such as equipment running status information share to other relevant platforms, other related sides are enable to get setting for service provider
Apply situation.
The service of interconnecting is open service Internet-based, can also face and hold when enjoying the open facility brought
Put the risk of formula service.To solve the problems, such as network attack that open service is brought, each in interconnecting need to be serviced into
Row security hardening.It usually asks all to need to carry out data permission verification each time, request every time is required for enumerating all permissions.
Access control based roles are the security authorization mechanisms that current information management system generally uses.Based role
System security controls feature is to complete authorizing and cancelling for user right by distributing and cancelling role.Safety manager's root
According to needing to define various roles, and suitable access rights are set, and user is designated as difference again according to its responsibility and qualifications and record of service
Role.
Entire access control process is just divided into two parts, i.e. access rights are associated with role, and role is closed with user again
Connection, to realize the logical separation of user and access rights, role can regard the language of an expression access control policy as
Adopted structure, it can indicate to undertake the qualification of particular job.
For the application of interconnecting in electric automobile the Internet services platform, the method for based role administration authority exists
Following disadvantage:
1, the user that interconnects includes all kinds of social charge information suppliers and charge information user, is not affiliated with same
Fixed tissue, it is difficult to establish the mapping relations of role and entity;
2, interconnect user permission and social development, policy change and cooperation policy adjustment be closely related, have compared with
Big flexibility safeguards that the workload of role and authority relation is huge;
3, the mode of based role administration authority needs to research and develop a large amount of management function, and the access for the user that interconnects is
It is realized by interface mode;
4, the data object that different user accesses is entirely different, and the mode of based role administration authority cannot achieve data pair
As the separation with permission object, it is not suitable for the system that data permission item magnitude is larger, permission user is more.
Abbreviation and Key Term definition:
Access control based roles:Role-Based Access Control (RBAC) are at present using most common
A kind of authority control method.
Car networking service platform:The electric automobile the Internet services platform that State Grid Corporation of China builds, it is intended to pass through construction
Three stake networking, car networking and intelligent grid Internet of Things, allow automobile user to enjoy one-stop convenient service by internet.
Permission:To car networking service platform interconnect data or with other resources that data indicate access permitted
It can.
Invention content
It is a kind of based on binary electric vehicle data it is an object of the invention to propose for the problems in background technology
Interconnect authority control method and system.
To achieve the above object, the following technical solutions are proposed by the present invention:
One kind being based on binary electric vehicle data interconnection intercommunication authority control method, which is characterized in that the method
Include the following steps:
(1) user model is established:Manual maintenance user property, according to pre-defined when storing user data in user's table
Sequence automatically generate user's authorization sequence, authorization sequence is not reproducible;Authorization sequence indicates user's authorization value in tables of data
Position, determine whether the user has the permission of access row data according to the authorization value in authorization sequence combination data list;
(2) before the authorization value in generating data list, delegated strategy need to be formulated to user, according to tables of data Property Name
Judged with data value, reducing the manual screening before authorizing with this works;
(3) authorization value for being accessed tables of data is established:For existing tables of data, increase and authorize bit field, according to user
Authorization sequence and delegated strategy generate the authorization value of data table row record, and the data line is accessed to judge whether the user has
The permission of record;
(4) permissions list is generated according to the authorization sequence in authorization value in tables of data and user's table, externally provides and authorizes letter
Breath, when a plurality of data permission inquired under user, which returns, enumerates data, efficiently inquires data, and the data permission data generated exist
Each permissions data carries out data check when having change, is matched with the authorization value in raw data list, by what is be tampered
Permissions data is restored to reset condition.
Further, in step (3), authorizing the data stored in position is generated according to the policy definition table that user formulates
Mandate position, the minimum value for representing authorization code in user's table successively from low level to a high position represents and can visit to maximum value, 1
It asks, 0 represents inaccessible, this binary number is converted to 16 binary datas and is stored, and reduces memory space.
One kind being based on binary electric vehicle data interconnection intercommunication authority control system, it is characterised in that:
The system comprises policy definition module, data resource module, permissions list module and line modules;
The line module accesses user for managing, and generates user's table, the authorization sequence of maintenance access user, title,
Phone, address, affiliated organization's encoded attributes;
The policy definition module is used to define access strategy of the user to data resource according to user's table, tables of data, raw
At policy definition table;
The data resource module is used to store the charging pile of user's access, charging station data resource, and fixed according to strategy
Authorization sequence in adopted table and user's table generates and stores the access mandate value that all users record each data table row;
The permissions list module is used to automatically generate permissions list according to tables of data and user's table, and recording each user has
The data record accessed is weighed, the access rights and rapid feedback request data result of each user are verified based on permissions list.
Further, the policy definition table includes user USERID, data table name, tables of data Property Name, data
Filter condition, data access authority.
Further, the tables of data include DATAID, authorization value, charging station ID, carrier ID, side ID belonging to equipment,
Charge station name, charging station country code, charging station province districts under city administration coding, better address, Service Phone, type of site, website
Whether state parking stall quantity, longitude, latitude, builds place, charging tariffs on electricity, service rate, parking fee, the means of payment, supports
Reservation, modification time, deletes mark at remarks.
Further, the permissions list include table major key, table name, data major key, User ID, whether readable field.
Compared with the existing technology, beneficial effects of the present invention are as follows:
The present invention interconnects the data permission regulatory requirement and general-purpose rights controlling mechanism of service for car networking platform
Not applicable problem, it is proposed that a kind of new charge information interconnects digital right management scheme, improves the height of data permission management
Effect property, flexibility and safety.This method has the following effects that after promoting:
1, for the data interaction of interface mode, it can be achieved that user right dynamic management, substantially reduces grinding for rights management
Send out cost;
2, data object and permission control are integrated, the time that permission judges when reducing user accesses data, is carried
High data access efficiency;
3, there is trackability to the control of user right, it, can be quickly extensive by tracing to the source when permission is by illegal distort
It is multiple, there is higher-security.
Description of the drawings
Fig. 1 is the configuration diagram based on binary electric vehicle data interconnection intercommunication authority control system.
Specific implementation mode
With reference to the accompanying drawings and detailed description, detailed elaboration is made to specific embodiments of the present invention.These tools
Body embodiment is only not supposed to be a limitation to the present invention for narration or implementation principle, and protection scope of the present invention is still with power
Subject to profit requires, including obvious changes or variations etc. made on this basis.
The rights management that the service of interconnecting of car networking service platform provides is mainly the access control to charging service data
System has the characteristics that authority items magnitude is big, permission user is more and permission changes greatly.Currently, user mainly looks into data permission
It askes, realization method is interface.Efficiently read according to permission grant quantity, legal power safety, permission anti-destructive, permission etc.
Factor formulates rationally effective mandated program, and the service robustness that can just make to interconnect obtains basic guarantee.The present invention is for mutual
The data permission feature for joining interoperability services is generated, authority items by rights token rule, right customization, authentication, authority items
The mechanism and multiples such as verification, devise it is a kind of based on it is binary efficiently, safety, flexible data interconnect permission control program.
The permission control program based on radix-2 algorithm proposed in the present invention refers to representing user with binary number 1/0
Yes/No has the access rights that tables of data records.When multi-user, according to the sequence of user's authorization sequence, it is arranged in order from right to left
Multi-user authority binary string is generated, the binary string of generation is ultimately converted to the authorization value that hexadecimal number is stored in tables of data
In field.
It is as shown in Figure 1 based on binary electric vehicle charge data permission control program architecture design that interconnects.Base
It interconnects permission control program in binary electric vehicle charge data, it is contemplated that the service of interconnecting externally is providing clothes
When business, the data access authority that each user is assigned is different, and the permission reusing degree between user and user is low, so
It needs to be directed to each user storage data access right data.In order to facilitate Authorized operation is carried out, plan is increased before mandate
Link is slightly defined, mandated program is formulated according to user and data field in definition strategy, permission bits are stored in data resource.
According to the relationship of permission bits in user and data resource, permissions list is generated.User is when accessing data resource, by enumerating power
The data resource in list is limited, data resource list is provided.
The system of the present invention includes policy definition module, data resource module, permissions list module and line module;
The line module accesses user for managing, and generates user's table, the authorization sequence of maintenance access user, title,
The attributes such as phone, address, affiliated organization coding;
The policy definition module is used to define visit of the user to data resource (row records) according to user's table, tables of data
Ask that strategy, generation strategy define table, including user USERID, data table name, tables of data Property Name, data filtering condition
(manner of comparison), data access authority etc.;
The data resource module is used to store the data resources such as charging pile, the charging station of user's access, and according to strategy
Authorization sequence in table and user's table is defined, the access mandate value that all users record each data table row is generated and store;
The permissions list module is used to automatically generate permissions list according to tables of data and user's table, and recording each user has
The data record accessed is weighed, the access rights and rapid feedback request data result of each user are verified based on permissions list.
It is provided by the invention a kind of based on binary electric vehicle data interconnection intercommunication authority control method, specific steps
It is as follows:
1, user model is established, authorization sequence attribute is added in user's table, wherein what is stored is user in tables of data
The position-order train value of authorization value determines whether this object has access and be somebody's turn to do according to the mandate position in this sequential value combination data list
The permission of data, authorization code should be a sequences and not reproducible.
1 user's table of table
2, before the authorization value in generating data list, preauthorization information need to be formulated to user, wherein according to Property Name
Judged with data value, reducing the manual screening before authorizing with this works.
2 policy definition table of table
3, the basic model for being accessed tables of data is established.It is the plan formulated according to user wherein to authorize the data stored in position
The authorization value for slightly defining table generation represents the minimum value of authorization code in user's table to maximum value successively from low level to a high position, and 1
Representative can access, and 0 represents inaccessible, this binary number is converted to 16 binary datas and is stored, and reduce memory space.
3 tables of data of table
4, it can externally provide and award by the authority list generated with the authorization sequence in user's table by authorization value in tables of data
Information is weighed, when a plurality of data permission inquired under user can return to and enumerate data, efficiently inquire data, and the data permission generated
Data carry out data check when each permissions data has change, are matched with the authorization value in raw data list, will be by
The permissions data distorted is restored to reset condition.
4 authority list of table.
Claims (6)
1. one kind being based on binary electric vehicle data interconnection intercommunication authority control method, which is characterized in that the method packet
Include following steps:
(1) user model is established:Manual maintenance user property, according to pre-defined sequence when storing user data in user's table
Row automatically generate user's authorization sequence, and authorization sequence is not reproducible;Authorization sequence indicates the position of user's authorization value in tables of data
It sets, determines whether the user has the permission for accessing row data according to the authorization value in authorization sequence combination data list;
(2) before the authorization value in generating data list, delegated strategy need to be formulated to user, according to tables of data Property Name and number
Judged according to value, reducing the manual screening before authorizing with this works;
(3) authorization value for being accessed tables of data is established:For existing tables of data, increase and authorize bit field, is authorized according to user
Sequence and delegated strategy generate the authorization value of data table row record, and data line record is accessed to judge whether the user has
Permission;
(4) permissions list is generated according to the authorization sequence in authorization value in tables of data and user's table, authorization message is externally provided, is looked into
It is returned when asking a plurality of data permission under user and enumerates data, efficiently inquire data, and the data permission data generated are each
Permissions data carries out data check when having change, is matched with the authorization value in raw data list, the permission that will be tampered
Data are restored to reset condition.
2. one kind according to claim 1 is based on binary electric vehicle data interconnection intercommunication authority control method,
It is characterized in that:
In step (3), it is the authorization value for the policy definition table generation formulated according to user to authorize the data that store in position, from low
The minimum value that position represents the authorization code in user's table to a high position successively is represented and can be accessed to maximum value, 1, and 0 represents and can not visit
It asks, this binary number, which is converted to 16 binary datas, to be stored, and memory space is reduced.
3. one kind being based on binary electric vehicle data interconnection intercommunication authority control system, it is characterised in that:
The system comprises policy definition module, data resource module, permissions list module and line modules;
The line module accesses user for managing, and generates user's table, the authorization sequence of maintenance access user, title, phone,
Address, affiliated organization's encoded attributes;
The policy definition module is used to define user according to user's table, tables of data to the access strategy of data resource, generates plan
Slightly define table;
The data resource module is used to store the charging pile of user's access, charging station data resource, and according to policy definition table
And authorization sequence in user's table, generate and store the access mandate value that all users record each data table row;
The permissions list module is used to automatically generate permissions list according to tables of data and user's table, records each user and has the right to visit
The data record asked verifies the access rights and rapid feedback request data result of each user based on permissions list.
4. one kind according to claim 3 is based on binary electric vehicle data interconnection intercommunication authority control system,
It is characterized in that:
The policy definition table includes user USERID, data table name, tables of data Property Name, data filtering condition, data
Access rights.
5. one kind according to claim 3 is based on binary electric vehicle data interconnection intercommunication authority control system,
It is characterized in that:
The tables of data includes DATAID, authorization value, charging station ID, carrier ID, side ID belonging to equipment, charging station name, fills
Power station country code, charging station province districts under city administration coding, better address, Service Phone, type of site, station state, parking stall quantity,
Longitude, latitude build place, charging tariffs on electricity, service rate, parking fee, the means of payment, whether support reservation, remarks, modification
Time deletes mark.
6. one kind according to claim 3 is based on binary electric vehicle data interconnection intercommunication authority control system,
It is characterized in that:
The permissions list include table major key, table name, data major key, User ID, whether readable field.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711477987.6A CN108462685A (en) | 2017-12-29 | 2017-12-29 | Based on binary electric vehicle data interconnection intercommunication authority control method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711477987.6A CN108462685A (en) | 2017-12-29 | 2017-12-29 | Based on binary electric vehicle data interconnection intercommunication authority control method and system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108462685A true CN108462685A (en) | 2018-08-28 |
Family
ID=63220532
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711477987.6A Pending CN108462685A (en) | 2017-12-29 | 2017-12-29 | Based on binary electric vehicle data interconnection intercommunication authority control method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108462685A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111159729A (en) * | 2019-12-13 | 2020-05-15 | 中移(杭州)信息技术有限公司 | Authority control method, device and storage medium |
CN114124424A (en) * | 2020-08-31 | 2022-03-01 | 通用汽车环球科技运作有限责任公司 | Differentiated access control in automotive shared services |
-
2017
- 2017-12-29 CN CN201711477987.6A patent/CN108462685A/en active Pending
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111159729A (en) * | 2019-12-13 | 2020-05-15 | 中移(杭州)信息技术有限公司 | Authority control method, device and storage medium |
CN114124424A (en) * | 2020-08-31 | 2022-03-01 | 通用汽车环球科技运作有限责任公司 | Differentiated access control in automotive shared services |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102761551B (en) | System and method for multilevel cross-domain access control | |
CN110197058B (en) | Unified internal control security management method, system, medium and electronic device | |
CN105871914B (en) | CRM system access control method | |
CN105872094B (en) | A kind of service robot cloud platform interface system and method based on SOA | |
CN101631116B (en) | Distributed dual-license and access control method and system | |
CN103347090B (en) | A kind of software license management method based on enterprise network | |
CN101286845B (en) | Control system for access between domains based on roles | |
US20140289829A1 (en) | Computer account management system and realizing method thereof | |
CN101453357B (en) | Network management control method and network management control system | |
Li et al. | RBAC-based access control for SaaS systems | |
US6678682B1 (en) | Method, system, and software for enterprise access management control | |
CN102422298A (en) | Access control of distributed computing resources system and method | |
CN104301301B (en) | A kind of Data Migration encryption method based between cloud storage system | |
CN103312721A (en) | Cloud platform access control framework and implementation method thereof | |
CN104463005A (en) | Method for controlling access permissions of electronic document | |
WO2008086757A1 (en) | Control device of accessing e-document and method as the same | |
CN111935073A (en) | Authority management method and system of cloud platform based on multi-organization architecture | |
CN106067119A (en) | Client relation management method based on privately owned cloud | |
CN102004866A (en) | Method and device for user identity verification and access control of information system | |
CN109525570A (en) | A kind of data hierarchy safety access control method of Cargo Oriented on Group client | |
CN106096976A (en) | Small business's client relation management method | |
CN103023921A (en) | Authentication and access method and authentication system | |
CN111865943A (en) | Multi-level tenant authentication method and device based on micro-service | |
CN104866774B (en) | The method and system of account rights management | |
CN100574210C (en) | A kind of based on the access control method that shines upon between the off grade role |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
WD01 | Invention patent application deemed withdrawn after publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20180828 |