CN111815832A - Intelligent door lock access control method based on attributes - Google Patents
Intelligent door lock access control method based on attributes Download PDFInfo
- Publication number
- CN111815832A CN111815832A CN202010710593.6A CN202010710593A CN111815832A CN 111815832 A CN111815832 A CN 111815832A CN 202010710593 A CN202010710593 A CN 202010710593A CN 111815832 A CN111815832 A CN 111815832A
- Authority
- CN
- China
- Prior art keywords
- attribute
- aar
- access
- applicable
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00309—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Lock And Its Accessories (AREA)
Abstract
The invention discloses an attribute-based safe and convenient intelligent door lock access control method, which is used for solving the problems that malicious users in most intelligent door lock structures in the market escape from authority revocation through disconnection, the diversified application degree of roles in different scenes is not enough, cascade deletion is generated by user hierarchical management and the like. The invention uses the intelligent door lock as a center, and performs access control at the equipment end, thereby reducing the dependence on the server. The visitor, the door lock and the environmental factors are described by using the attributes, and flexible access control is realized. And simultaneously, the sRole attribute is used for associating users at upper and lower levels, and cascade deletion can be performed on the users at multiple levels.
Description
Technical Field
The invention relates to an attribute-based safe and convenient intelligent door lock access control system, and belongs to the field of Internet of things.
Background
With the growing interest in the internet of things, many cyber physical devices for personal use have been commercialized, such as smart home appliances, wearable devices, and new cars. These emerging smart devices expand mechanical devices by integrating them with electronic components that allow an external computer system to control them. However, convenience also brings more risks, such as intelligent voice assistants, car networking, smart home.
The intelligent home is in the presence of internet of things under the influence of the internet, and various devices (such as audio and video devices, lighting devices, curtain control, intelligent door locks, security systems, air conditioner setting and the like) in a home are connected together through the internet of things technology, so that various functions and means such as household appliance control, air conditioner control, lighting control and the like are provided. The smart home is composed of a large number of devices with low power consumption and limited resources, and a large number of small data exchanges are involved in the communication process. Insecure smart home internet of things networks are growing in number and scale, and implementing standard security solutions in the internet of things is a challenge due to limited resources. The fragile smart home internet of things constitutes a huge security threat. It puts smart home network security at risk because it can act as an entry point into the network, while the large amount of personal data of its handset exposes the privacy of the user. In addition, in the internet of things system of the smart home, some devices are more convenient, and meanwhile, the risk which the ordinary family does not have is brought. As the most important guarantee for the household physical security, the intelligent door lock is particularly important for controlling the access of household personnel and equipment.
With the gradual development of smart homes, more and more devices are accessed into a smart home system, and a large amount of data is generated. Data generated by many devices relates to the privacy of users, so that the development of smart homes is likely to generate risks such as privacy disclosure and the like which do not exist originally. Meanwhile, the development of the intelligent door lock makes the unlocking process simpler and simpler. And the more intelligent unlocking process also brings new dangers, such as disconnection avoidance, replay attack, relay attack, accidental unlocking, unauthorized unlocking, permission cascade deletion and the like.
Faced with a number of problems, most research, while solving some problems, still relies on servers. Most of the users still rely on the server to manage the authority, and although the problem of disconnection of the users can be solved to a certain extent, the users still have risks in some special cases. Some protocols can prevent unlimited attack, but cannot well deal with the problem that malicious users break the line and reserve the authority, or require that the mobile phones of the users cannot break the network. And some special technologies have problems themselves while solving some problems, such as that NFC is vulnerable to relay attacks. And most solutions lack consideration of the problem for multi-level users. We have found that attribute-based access control (ABAC) can accommodate diverse users and roles.
In ABAC, we classify attributes into four types, S, O, P and e. S refers to an attribute of the user principal who initiates access and wishes to unlock it, such as sID, sRole, and the like. O represents a property of the accessed object (e.g., an intelligent door lock or access log), such as oID. P represents the authority attribute of the user, and represents various operations that the user can perform, such as opening an intelligent door lock or accessing a log. E represents an environmental attribute, i.e., environmental information when the access control process occurs, such as the time the user initiated the access, the geographic network location of the system, etc. Users of different identities can be classified and controlled from multiple levels. It is independent of the accessor and the resource to be accessed. ABAC allows dynamic modification of attributes in access control decisions, such as time of day and location.
ABAC can achieve fine-grained authorization management, and we know that in policy, our decision of granting access is very flexible, and we can even decide whether a certain attribute in a request satisfies a regular expression or string equality (this is very common, especially when AWS IAM is used as the minimum authority principle), and we can also freely combine many different access rules using the logical and, logical or relationship. You can easily implement flexible policy using the aforementioned specification Pattern, parse JSON or XML to dynamically create rules, and these JSON or XML containing rules can be implemented programmatically (programmable policy is the premise of dynamic authorization verification). Your policy can even do so, only the engineer of the last name can access a certain resource at a certain project, which is difficult in the era of RBAC.
Disclosure of Invention
The invention provides an attribute-based intelligent door lock access control system, which aims at solving the problems that malicious users of an intelligent door lock escape from authority revocation through disconnection, the diversified application degree of roles in different scenes is not enough, cascade deletion is generated by user hierarchical management and the like.
The invention adopts the following technical scheme for solving the technical problems:
an intelligent door lock access control method based on attributes is divided into S, O, P types and E types, wherein S represents subject attributes of users, O represents attributes of accessed objects, namely object attributes, P represents authority attributes of users, and E represents environment attributes of users.
The method specifically comprises the following steps:
in the implementation process of the access control policy, when a user arrives near an intelligent door lock, a mobile phone of the user sends an initial access request NAR after being connected with the intelligent door lock through BLE; after receiving the initial access request NAR, the policy enforcement point PEP accesses the attribute authority list to request the object attribute and the environment attribute related to the subject attribute and the access action; the PEP constructs an access request AAR based on attributes by using the subject attributes, the object attributes and the environment attributes, and transmits the AAR to a policy decision point PDP; the PDP determines the identity information of the user according to the main body attribute, the object attribute and the related environment attribute in the AAR; the PDP compares the AAR with a policy set in the PAP through the interaction with the policy management point PAP to obtain an access result and sends the access result back to the PEP, and finally the PEP executes the access result;
wherein, the attribute authority list records S, O, P and E four types of attribute corresponding relation; the policy set stores access rights of each user and environment attributes of the access rights.
Further, the subject attribute of the user includes an identity attribute sID, a Position attribute Position and a role attribute sRole, the sID represents the authority of the user, the Position represents the Position information of the user, and the sRole represents the authority level of the user.
Further, after comparing the AAR with the policy set P { P1, P2, … pn } in the PAP, if all policies in P are forward authorization policies and all applicable to AAR/P, there is a forward authorization policy applicable to AAR and the rest policies are not applicable to AAR, the access result is permit; and if all the strategies in the P are negative authorization strategies and all the strategies which are applicable to the AAR/P are not applicable to the reverse authorization strategy which is applicable to the AAR in the user request AAR/P, and the other strategies are not applicable to all the positive and negative authorization strategies which are applicable to the AAR/P and are both applicable to the AAR and not applicable to the AAR, the access result is deny.
Further, the attribute access request AAR is abstractly defined as a quadruple < S, O, E, ACT >, the access control policy p ═ sign (SAP, OAP, EAP, ACT) in the policy set, when | | | SAP | | S, | | | OAP | | O, | | EAP | | E are true and ACT belongs to ACT, p is applicable to AAR, otherwise, it is not applicable to not-applicable ACT; when p is applicable to the AAR, the strategy evaluation result is a positive authorization strategy permit or a negative authorization strategy deny, the positive authorization strategy is an access allowance meeting the condition, and the negative authorization strategy is an access denial meeting the condition.
Compared with the prior art, the invention adopting the technical scheme has the following technical effects: the invention relates to an attribute-based safe and convenient intelligent door lock access control method, which is used for solving the problems that malicious users in most intelligent door lock structures in the market escape from permission revocation through disconnection, the diversified application degree of roles in different scenes is not enough, cascade deletion is generated by user hierarchical management and the like. The invention uses the intelligent door lock as a center, and performs access control at the equipment end, thereby reducing the dependence on the server. The visitor, the door lock and the environmental factors are described by using the attributes, and flexible access control is realized. And simultaneously, the sRole attribute is used for associating users at upper and lower levels, and cascade deletion can be performed on the users at multiple levels.
Drawings
FIG. 1 is a diagram of the interaction relationship between an intelligent door lock and a server and a user device according to the present invention;
FIG. 2 is a flow chart of a user accessing a door lock in our invention;
fig. 3 is an example of the situation of family members in the present invention.
Detailed Description
The technical scheme of the invention is further explained in detail by combining the attached drawings:
by analyzing various problems of the smart home and the smart door lock and combining the defects and limitations of the existing smart home system, the problems of coarse granularity, privacy disclosure, permission deletion and the like of the access control system in the smart home are solved. The application of the access control based on the attribute on the intelligent door lock is researched, and the problems of accidental unlocking, fine-grained access control of multi-role access and the like are solved; the cascade relation of the authorities is researched, and the problem of cascade deletion of the multi-level authorities is solved.
In our approach, to avoid attacks on state consistency, we require the administrator to be within the connection range of the door lock when deleting the privilege operation. As shown in FIG. 1, when the administrator deletes a member's rights, it will directly change the smart lock's policy set (which is easy for attribute-based access control). Since the policy set inside the door lock is directly modified, the smart door lock no longer relies on the visitor's mobile device as a gateway to update information. Thus, an attacker cannot circumvent rights deletion by taking the mobile device offline. The administrator may also choose to disable the sRole attribute of a member when deleting its cascading deletion rights.
The core concept of our approach is the attribute. We classify attributes into four types, S, O, P and E. S refers to a subject attribute of a user who initiates access and desires to unlock the smart lock, such as an sID (user identity attribute), sRole (user role attribute), and the like. O denotes attributes of the accessed object such as smart lock and access log. P represents the authority attribute of the user, and represents various operations that the user can perform, such as unlocking the smart lock or accessing the log. E represents an environment attribute, i.e. environment information when the access control procedure takes place, such as the time the user initiated the access, the geographical network location, etc. Users of different identities can be classified and controlled from multiple levels.
The introduction of important attributes in our system is as follows:
subject attribute 1: sID.
In our system, we use the body attribute of sID to distinguish different users. We assign different rights to different users using sID. The most important point of access control is the control of the visitor. However, in existing systems, the rights are indistinguishable and control of the rights depends on the connection of the user's mobile device to the internet. Once the device is disconnected from the network or is adjusted to the flight mode, the authority change information of the device cannot be transmitted to the intelligent lock.
Subject attribute 2: and (4) Position.
The smart lock system cannot identify the location of the user. It is therefore vulnerable to physical attackers. We set the body attribute Position to convey the user's location information. This information is used to determine whether the user's location is within the set range of the door lock, thereby reducing the likelihood of physical attack.
Subject attribute 2: sRed.
In our method, not only does the owner have the ability to assign rights. In order to make distribution of the right more convenient, the resident who lives in the home can also assign the right. However, when the home owner wants to revoke the authority of a resident, the authority issued by the resident should be deleted together. In our approach, we use the subject attribute sRole to associate the surviving user with the person who he issued the rights. These users will have the same sRole. When an administrator adds an access prohibition policy of sRole into the policy set, a user who owns this sRole attribute will lose access capability at the same time.
Time/date, the environment attribute.
This is often the case with conventional smart lock systems, where family member visits require permission to enter the room for a week, or small workers need to visit at a fixed time each day. Their access is limited by time and date. In conventional systems, they can change the time of the device, gaining access to the door lock at an unauthorized time, which also poses a threat to the home. By setting the environmental attributes of time and date, the access time and date of the member needing to be controlled can be effectively controlled. Furthermore, replay attacks while the family is traveling can be prevented.
1) Setting the attribute of the system:
< Subject, Object, Permission, Environment >
Indicating that a Subject having certain properties (denoted by Subject) wishes to perform an operation (denoted by Permission) on an Object having certain properties (denoted by Object) under certain conditions (denoted by Environment); under a given policy, the request may be allowed or denied based on the subject, object, and environment attributes and the operation of the request; we describe various possible attribute values that may be important in a home internet of things environment from an access control perspective;
subject: user's subject attributes
The identity attribute sID of the user is P1, P2, P3, P4, P5, P6, P7
Role attributes of users sRole: { Role1, Role2, Role3}
Object: object property with intelligent door lock and access log as object
(1) Device as object
Object attribute oID Smart Lock
(2) Information as an object
Object attribute oID Text
Environment: environmental attributes
Time attribute, date attribute, position attribute
Permission: movement of
Unlock, write access log write, read access log read
2) Access strategy for various users in intelligent door lock
For different types of people, their access policies in this family are different; different people are in a family; some of them can visit the door lock of the house at any time; some of them are small workers who can only enter the room at a specific time of day; they all have access to door locks, but they have their own limitations; according to different permissions, we classify visitors into four categories: owner, resident, frequent visitor, and temporary visitor; their respective unlocking strategies are as follows:
owner and Resident of a house, whose devices can unlock the door lock in front of the door
Recurring guests are accessed at fixed times of the day, during which they are free to unlock.
Temporary guests are guests or relatives who live at home for a certain period of time and enter the home for a certain period of time without charge.
FIG. 2 illustrates the process of a user accessing a smart lock in our method. Wherein the attribute authority list records the correspondence between attributes (e.g., associate the sID attribute of P1 with the environment attribute date to limit access of P1 on date). The policy enforcement point is used for receiving an original access request from a user, establishing an access request (containing subject attributes, object attributes, actions and environment attributes) based on attributes by using corresponding attributes according to the corresponding relationship after querying the attribute authority list, and finally executing an access result. The policy management point manages a policy set for storing an access policy for each user, including actions that the user can perform and restrictions on environmental attributes such as time and date when performing the actions. The strategy decision point is used for receiving the access request based on the attribute, inquiring the strategy set in the strategy management point, and then comparing the strategy set with the access request based on the attribute to obtain the access result.
Access procedure
In the system designed by us, as shown in fig. 2, in the implementation process of the access policy, when a user arrives near the smart door lock, the mobile phone of the user is connected with the smart door lock through BLE. His handset then issues an initial access request (NAR). Upon receiving this request, the Policy Enforcement Point (PEP) accesses the attribute authority list to request object attributes and environment attributes associated with the subject attributes and access actions. The PEP then constructs an attribute-based access request (AAR) with these attributes and passes the AAR to a Policy Decision Point (PDP). The PDP determines the identity information of the user based on the subject attributes, object attributes and associated context attributes in the attribute-based access request. Through interaction with a policy management point (PAP), the PDP compares the Attribute Access Request (AAR) with the policy set. The result of the access decision (whether to unlock) will be sent back to the PEP to be finally executed by the PEP. When the environmental attribute and the authority of the user access authority exist in the strategy set, the user can normally unlock the intelligent door lock, otherwise, the unlocking operation cannot be completed.
The access request AAR of the user is abstractly defined as a quadruple < S, O, E, act >, where S ═ { savp1, savp2, … savpr } is the set of subject attribute name-value pairs; o ═ { oavp1, oavp2, … oavpr } is the set of object attribute name-value pairs; e ═ { eavp1, eavp2, … eavpr } is the set of pairs of environment attribute name values.
Given an access control policy p ═ sign (SAP, OAP, EAP, ACT) in a policy set and a user request AAR ═ S, O, E, ACT >, when | | | SAP | | S, | | | | OAP | | | O, | | | | EAP | | | E are true and ACT belongs to ACT, the policy p is applicable to the user request, the policy evaluation result | | | | | | p | | | | | | is a result (positive authorization policy permit or negative authorization policy) reserved for the access control policy in the policy set, otherwise, it is not-applicable.
Evaluation of the policy set:
given a user request AAR and a policy set P { P1, P2, … pn }, the evaluation result of P on AAR still is a set, i.e., | | P1|, | | P2| |, … | | | pn | }, after the same elements are combined, there are the following 7 values:
{ permit }: all the policies in P are forward authorization policies (qualified permission access) and are all applicable to AAR, and the decision result of the system should be permit.
{ dent }: all policies in P are negative authorization policies (conditional access barring) and are applicable to AAR, and the decision result of the system should be deny.
{ not-applicable }: all policies in P are not applicable to the user requesting AAR, and the system will, for security reasons, yield a result of deny.
{ permit, not-applicable }: there is a forward authorization policy in P that applies to the AAR, the rest of the policies do not apply to the request, and the system end result is permit.
{ dent, not-applicable }: there is a reverse authorization policy in P that applies to the AAR, the rest of the policies do not apply to the request, and the system end result is deny.
{ permit, deny }: all positive and negative strategies in P are applicable to AAR, and the system derives a result, deny, for security reasons.
{ permit, deny, not-applicable }: both positive and negative policies in P are applicable to AAR, and there are policies not applicable to the request, and the system obtains a result deny for safety.
Cascading deletion of hierarchical rights is another important part of our research. In our method, not only does the owner have the ability to assign rights. In order to make distribution of the right more convenient, the resident who lives in the home can also assign the right. However, when the home owner wants to revoke the authority of a resident, the authority issued by the resident should be deleted together. We consider cascading deletes to be an important component of more convenient access control for smart locks. In the example of FIG. 3, we use the sRed attribute to concatenate deletion rights by associating upper and lower levels. In fig. 3, we show the hierarchical relationship between 8 users. In the family relationship shown in FIG. 3, we use the sRole attribute to associate the principal family members with the members they invite. The sRed attribute of Alice is "manager". The sRed attribute of P1 is "residual 1". P2 has the same sRed attribute as P4 and P5, "residual 2". P3 has the same sRed attribute as P6 and P7, "residual 3". When we disable access to the role attribute residual 2, the three users P2, P4, P5 will lose the unlocking right at the same time.
The above description is only an embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can understand that the modifications or substitutions within the technical scope of the present invention are included in the scope of the present invention, and therefore, the scope of the present invention should be subject to the protection scope of the claims.
Claims (4)
1. An intelligent door lock access control method based on attributes is characterized in that the attributes are divided into S, O, P types and E types, wherein S represents a subject attribute of a user, O represents an attribute of an accessed object, namely an object attribute, P represents an authority attribute of the user, and E represents an environment attribute of the user;
the method specifically comprises the following steps:
in the implementation process of the access control policy, when a user arrives near an intelligent door lock, a mobile phone of the user sends an initial access request NAR after being connected with the intelligent door lock through BLE; after receiving the initial access request NAR, the policy enforcement point PEP accesses the attribute authority list to request the object attribute and the environment attribute related to the subject attribute and the access action; the PEP constructs an access request AAR based on attributes by using the subject attributes, the object attributes and the environment attributes, and transmits the AAR to a policy decision point PDP; the PDP determines the identity information of the user according to the main body attribute, the object attribute and the related environment attribute in the AAR; the PDP compares the AAR with a policy set in the PAP through the interaction with the policy management point PAP to obtain an access result and sends the access result back to the PEP, and finally the PEP executes the access result;
wherein, the attribute authority list records S, O, P and E four types of attribute corresponding relation; the policy set stores access rights of each user and environment attributes of the access rights.
2. The method as claimed in claim 1, wherein the user's subject attributes include an identity attribute sID, a Position attribute Position and a role attribute sRole, the sID represents the user's authority, the Position represents the user's Position information, and the sRole represents the user's authority level.
3. An intelligent door lock access control method based on attributes as claimed in claim 1, wherein after comparing the AAR with the policy set P { P1, P2, … pn } in the PAP, if all policies in P are forward authorization policies and all applicable to AAR/P, there is a forward authorization policy applicable to AAR and the rest policies are not applicable to AAR, the access result is permission; and if all the strategies in the P are negative authorization strategies and all the strategies which are applicable to the AAR/P are not applicable to the reverse authorization strategy which is applicable to the AAR in the user request AAR/P, and the other strategies are not applicable to all the positive and negative authorization strategies which are applicable to the AAR/P and are both applicable to the AAR and not applicable to the AAR, the access result is deny.
4. The intelligent door lock access control method based on the attribute of claim 3, wherein the attribute access request AAR is abstractly defined as a quadruple < S, O, E, ACT >, and the access control policy p ═ sign (SAP, OAP, EAP, ACT) in the policy set, when ║ SAP ║ S, ║ OAP ║ O, and ║ EAP ║ E are all true and ACT E ACT, p is applicable to AAR, otherwise, is not applicable to not-applicable; when p is applicable to the AAR, the strategy evaluation result is a positive authorization strategy permit or a negative authorization strategy deny, the positive authorization strategy is an access allowance meeting the condition, and the negative authorization strategy is an access denial meeting the condition.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010710593.6A CN111815832A (en) | 2020-07-22 | 2020-07-22 | Intelligent door lock access control method based on attributes |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010710593.6A CN111815832A (en) | 2020-07-22 | 2020-07-22 | Intelligent door lock access control method based on attributes |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111815832A true CN111815832A (en) | 2020-10-23 |
Family
ID=72861885
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010710593.6A Pending CN111815832A (en) | 2020-07-22 | 2020-07-22 | Intelligent door lock access control method based on attributes |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111815832A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107147665A (en) * | 2017-06-06 | 2017-09-08 | 西安电子科技大学 | Application process of the beam-based alignment model in industrial 4.0 system |
| CN108123936A (en) * | 2017-12-13 | 2018-06-05 | 北京科技大学 | A kind of access control method and system based on block chain technology |
| WO2018160407A1 (en) * | 2017-03-01 | 2018-09-07 | Carrier Corporation | Compact encoding of static permissions for real-time access control |
| US20190258811A1 (en) * | 2018-02-20 | 2019-08-22 | Government Of The United States Of America, As Represented By The Secretary Of Commerce | Access control system and process for managing and enforcing an attribute based access control policy |
| CN110809006A (en) * | 2019-11-14 | 2020-02-18 | 内蒙古大学 | Block chain-based Internet of things access control architecture and method |
-
2020
- 2020-07-22 CN CN202010710593.6A patent/CN111815832A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2018160407A1 (en) * | 2017-03-01 | 2018-09-07 | Carrier Corporation | Compact encoding of static permissions for real-time access control |
| CN107147665A (en) * | 2017-06-06 | 2017-09-08 | 西安电子科技大学 | Application process of the beam-based alignment model in industrial 4.0 system |
| CN108123936A (en) * | 2017-12-13 | 2018-06-05 | 北京科技大学 | A kind of access control method and system based on block chain technology |
| US20190258811A1 (en) * | 2018-02-20 | 2019-08-22 | Government Of The United States Of America, As Represented By The Secretary Of Commerce | Access control system and process for managing and enforcing an attribute based access control policy |
| CN110809006A (en) * | 2019-11-14 | 2020-02-18 | 内蒙古大学 | Block chain-based Internet of things access control architecture and method |
Non-Patent Citations (1)
| Title |
|---|
| MACHINELEARNINGAI: "ABAC基于属性的访问控制", 《CSDN》 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10523656B2 (en) | Session migration between network policy servers | |
| Campbell et al. | Towards security and privacy for pervasive computing | |
| US7331059B2 (en) | Access restriction control device and method | |
| CN106534199B (en) | Distributed system certification and rights management platform under big data environment based on XACML and SAML | |
| CN113542117B (en) | Internet of things equipment resource access control method based on hierarchical block chain | |
| Neisse et al. | Dynamic context-aware scalable and trust-based IoT security, privacy framework | |
| JP4904939B2 (en) | Group participation management method, system and program | |
| Shakarami et al. | Role-based administration of role-based smart home IoT | |
| CN110598388A (en) | Method for controlling login access of authority system | |
| KR20100060130A (en) | System for protecting private information and method thereof | |
| KR20210026710A (en) | Trust-Aware Role-based System in Public Internet-of-Things | |
| CN111815832A (en) | Intelligent door lock access control method based on attributes | |
| Li et al. | A service-oriented identity authentication privacy protection method in cloud computing | |
| KR101213287B1 (en) | Building energy integration management apparatus and building energy integration management method | |
| Lee et al. | Authentication for single/Multi domain in ubiquitous computing using attribute certification | |
| Li et al. | A Traceable Capability-based Access Control for IoT. | |
| TWI468979B (en) | System and method for integrating access control and information facilities | |
| Eustice et al. | Enabling Secure Ubiquitous Interactions. | |
| Kim et al. | Security framework for home network: Authentication, authorization, and security policy | |
| Batra et al. | Autonomous multilevel policy based security configuration in distributed database | |
| Lee et al. | Smart environment authentication: Multi-domain authentication, authorization, security policy for pervasive network | |
| Ma et al. | Privacy-preserving information sharing and management schema for collaborative social networks | |
| Hazazi et al. | 6 Protect the Gate | |
| Lee et al. | User Authentication for Multi Domain in Home Network Environments | |
| Park | USF-PAS: Study on Core Security Technologies for Ubiquitous Security Framework. |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20201023 |
|
| RJ01 | Rejection of invention patent application after publication |