CN112464216A - Terminal policy management and execution method and system - Google Patents
Terminal policy management and execution method and system Download PDFInfo
- Publication number
- CN112464216A CN112464216A CN202011492447.7A CN202011492447A CN112464216A CN 112464216 A CN112464216 A CN 112464216A CN 202011492447 A CN202011492447 A CN 202011492447A CN 112464216 A CN112464216 A CN 112464216A
- Authority
- CN
- China
- Prior art keywords
- strategy
- policy
- terminal
- management
- verification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a management and execution method and a system of a terminal policy, wherein the method comprises the steps of completing the preparation work of a policy management unit; finishing the work of the policy management unit by using a management method; verifying the work of the policy management unit by using a verification method; and finishing the authentication of the user identity by using a decision method, matching the user identity with the strategy, and authorizing the authority of the user to access the assets if the matching is successful. Has the advantages that: the invention encapsulates the complex strategy logic into the template to realize configuration and support logic multiplexing, so that the evaluation of the strategy effect is easy to complete and the compliance is easy to ensure; the policy expression can support wide logic calculation range, high efficiency and easy reuse; strategy validity verification is added when strategy addition, modification and issuing operations are carried out, so that risks brought to a terminal system by wrong strategies are prevented; meanwhile, the operation of the strategy is recorded, and later-stage query is facilitated.
Description
Technical Field
The invention relates to the field of terminal security, in particular to a method and a system for managing and executing a terminal policy.
Background
With the advent of the big data age, data security and sensitive information problems are more and more emphasized by individuals, enterprises and even countries. Detection methods for data security and system security are increasing, and security auditing modes such as identity authentication, authorization, access control, auditing, asset protection and the like are widely applied. Policy rules are used in the security audit process.
Currently, most systems employ policy configuration and management either manually or directly encoded in the system. With the continuous expansion of the network and terminal scale and the frequent change of the service, the complexity of the scene and the strategy logic is further increased. The number and the day of the strategy rules are greatly increased, the effect evaluation is difficult to complete, and the compliance is difficult to ensure. The logic calculation range which can be supported by the expression language is limited, and if the complex logic is still realized by hard coding, the problems of low efficiency, difficult multiplexing and the like exist.
Based on this, inspired by modular thinking, we provide policy management and decision as a separate system, and use by way of service.
An effective solution to the problems in the related art has not been proposed yet.
Disclosure of Invention
The present invention provides a method and a system for managing and executing a terminal policy, which are directed to the problems in the related art, so as to overcome the above technical problems in the related art.
Therefore, the invention adopts the following specific technical scheme:
according to an aspect of the present invention, there is provided a terminal policy management and execution method, including the steps of:
s1, preparation stage: completing the preparation work of the policy management unit;
s2, policy management stage: finishing the work of the policy management unit by using a management method;
s3, strategy verification stage: verifying the work of the policy management unit by using a verification method;
s4, strategy decision stage: and finishing the authentication of the user identity by using a decision method, matching the user identity with the strategy, and authorizing the authority of the user to access the assets if the matching is successful.
Further, the preparation work for completing the policy management unit in S1 includes preparation work for configuration management and application management.
Further, the step of completing the work of the policy management unit by using the management method in S2 further includes the following steps:
s21, adding a strategy and filling in a strategy name;
s22, selecting a policy type, and completing the items including but not limited to authentication policy, access policy and check policy;
s23, setting a strategy period and filling a strategy expression;
and S24, selecting and storing the terminal for issuing the strategy, selecting whether to issue the strategy or not, and ending if not.
Further, the filling of the policy expression in S23 further includes the following steps:
and manually writing a strategy expression or generating the strategy expression by using a template and filling parameters.
Further, the terminating the policy in S2 further includes the following steps if necessary:
s21', judging the strategy state, if the strategy state is in use, informing the application terminal to terminate the task, and modifying the strategy state to termination;
s22', if the strategy state is not used, the strategy state is modified to be terminated.
Further, the termination of the policy in S2 includes manual termination and life cycle termination.
Further, the step of verifying the operation of the policy management unit by using the verification method in S3 further includes the following steps:
s31, format verification is carried out on the strategy expressions in the newly added, modified and issued strategies, if the verification is passed, life cycle validity verification is carried out, otherwise, the flow is stopped and prompt information is sent;
s32, entering terminal validity check if the life cycle validity check is passed, otherwise stopping the process and sending prompt information;
and S33, if the terminal validity check is passed, storing or issuing the strategy, otherwise, stopping the process and sending a prompt message.
Further, the step S4 of using a decision method to complete authentication of the user identity, matching the user identity with the policy, and if matching is successful, authorizing the user to access the asset further includes the following steps:
s41, the authentication of the user identity is completed by sending an authentication request to the policy decision unit;
s42, the strategy decision unit obtains the strategy from the strategy management unit, and the strategy management unit returns the corresponding strategy;
and S43, the strategy decision unit matches the user identity with the strategy and returns the result, if the matching is successful, the user is authorized to access the authority of the asset, otherwise, the result is returned.
Further, if the policy in S4 is an inspection-type policy, a policy execution process is performed;
wherein the policy execution flow further comprises the steps of:
s41', issuing the strategy and detecting whether the strategy contains an event trigger, if so, triggering a terminal event and executing the strategy;
and S42', if the strategy does not contain the event trigger, the strategy is stored in the terminal.
According to another aspect of the present invention, there is provided a terminal policy management and enforcement system, the system including: the system comprises a policy management unit, a policy verification unit and a policy decision unit;
the policy management unit comprises a configuration management module, an application management module and a policy management module, the policy verification unit is used for verifying the format of a policy expression and verifying the validity of policy application, and the policy decision unit is used for analyzing a policy, executing the policy and returning a policy result;
the system comprises a configuration management module, an application management module, a strategy template and a strategy configuration module, wherein the configuration management module is used for user configuration, role configuration and strategy type configuration, the application management module is used for registering subsystems, components or applications in the system, the strategy management module is used for conventional strategy newly adding, deleting, modifying and inquiring, strategy template newly adding, modifying, inquiring and deleting, and the strategy template is divided into a built-in template and a self-defined template;
the strategy decision is the decision of user identity authentication, authorization and access control, authorization is carried out through the matching of the strategy and an executed body, the authority control is based on the access control of roles, and the access control is based on an industry distributed application credible relation access control model.
The invention has the beneficial effects that: the invention encapsulates the complex strategy logic into the template to realize configuration and support logic multiplexing, so that the evaluation of the strategy effect is easy to complete and the compliance is easy to ensure; the policy expression can support wide logic calculation range, high efficiency and easy reuse; strategy validity verification is added when strategy addition, modification and issuing operations are carried out, so that risks brought to a terminal system by wrong strategies are prevented; meanwhile, the operation of the strategy is recorded, so that later-stage query is facilitated; the strategy execution of the invention is divided into active execution and passive execution, the active execution carries a terminal event trigger besides the strategy, and the terminal event can be actively triggered to execute the strategy.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings needed in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings without creative efforts.
FIG. 1 is a flowchart of a method for managing and executing terminal policies according to an embodiment of the present invention
FIG. 2 is a schematic illustration of configuration management according to an embodiment of the present invention;
FIG. 3 is a schematic illustration of application management according to an embodiment of the present invention;
FIG. 4 is a flow diagram of policy management according to an embodiment of the present invention;
FIG. 5 is a flow diagram of a termination strategy according to an embodiment of the invention;
FIG. 6 is a flow diagram of policy validation according to an embodiment of the invention;
FIG. 7 is a flow diagram of policy decision according to an embodiment of the invention;
FIG. 8 is a flow diagram of policy enforcement according to an embodiment of the present invention;
fig. 9 is a flow chart of a server-to-terminal according to an embodiment of the present invention.
Detailed Description
For further explanation of the various embodiments, the drawings which form a part of the disclosure and which are incorporated in and constitute a part of this specification, illustrate embodiments and, together with the description, serve to explain the principles of operation of the embodiments, and to enable others of ordinary skill in the art to understand the various embodiments and advantages of the invention, and, by reference to these figures, reference is made to the accompanying drawings, which are not to scale and wherein like reference numerals generally refer to like elements.
According to the embodiment of the invention, a method and a system for managing and executing terminal policies are provided.
Referring to the drawings and the detailed description, the present invention will be further described, as shown in fig. 1 to 9, the present invention encapsulates complex policy logic into templates, implements configuration, and supports logic multiplexing. In order to prevent the risk brought to the terminal system by the wrong strategy, the strategy validity verification is added when the strategy is newly added, modified and issued. The strategy execution is divided into active execution and passive execution, the active execution carries a terminal event trigger besides the strategy, and the terminal event can be actively triggered to execute the strategy; passive enforcement simply stores the policy at the terminal, which determines when to enforce it. Meanwhile, the operation of the strategy is recorded, and later-stage query is facilitated.
Specifically, according to the method for managing and executing the terminal policy of the embodiment of the present invention, the method includes the following steps:
s1, preparation stage: completing the preparation work of the policy management unit;
wherein, the preparation work of completing the policy management unit in S1 includes preparation work of configuration management and application management;
the configuration management mainly comprises user configuration, role configuration and strategy type configuration.
Application management is mainly to register subsystems, components or applications in the system, and only the applications registered in policy management can execute policies.
S2, policy management stage: finishing the work of the policy management unit by using a management method;
and S21, adding a strategy. And filling out the strategy name.
S22, selecting strategy type, authenticating strategy, accessing strategy, checking strategy, etc.
And S23, setting a strategy period. And (4) filling out the strategy expression, and manually writing and using the template can be selected.
And S24, selecting a terminal issued by the strategy. And storing and selecting whether to issue. And sending the data to the terminal or ending the data.
The termination strategy specifically comprises the following steps:
and S21', terminating the strategy, which is divided into manual termination and life cycle termination. And judging the policy state. The policy state is in use. And informing the application terminal to terminate the task. The policy state is modified to terminate.
S22', the policy state is unused. The policy state is modified to terminate.
S3, strategy verification stage: verifying the work of the policy management unit by using a verification method;
the strategy expression is verified when the strategy is newly added, modified and issued, so that the condition that the operation of the system is influenced by an illegal strategy is prevented. The method comprises the steps of checking the strategy expression, checking the life cycle and checking the application.
And S31, formulating a strategy. And (4) checking the expression, performing format checking on the strategy expression, entering life cycle checking through checking, and stopping the flow and sending prompt information if the strategy expression fails.
And S32, life cycle verification, wherein the validity of the life cycle is verified, the terminal verification is carried out through the verification, and if the terminal verification fails, the process is stopped and prompt information is sent.
And S33, verifying the terminal validity, storing or issuing the terminal through verification, and stopping the process and sending prompt information if the terminal fails.
S4, strategy decision stage: and finishing the authentication of the user identity by using a decision method, matching the user identity with the strategy, and authorizing the authority of the user to access the assets if the matching is successful.
Policy decisions are mainly authentication, authorization and access control decisions. Authorization is performed through matching of the policy and the executed body. The entitlement control is based on RBAC (role based access control) and the access control is based on ABAC (industry distributed application trusted relationship access control model).
RBAC (role based access control): the basic idea is that various permissions for system operation are not directly granted to specific users, but a role set is established between a user set and a permission set. Each role corresponds to a set of corresponding permissions. Once a user is assigned the appropriate role, the user has all the operational rights for that role.
ABAC (industry distributed application trusted relationship access control model): the access control model is a trusted relationship access control model for solving industry distributed application, and researches how to perform access control by using the attributes of related entities (such as subjects, objects and environments) as the basis of authorization. For such purposes, the attributes of an entity can be divided into a subject attribute, and an environment attribute, unlike conventional IBACs (identity-based access control). In attribute-based access control, access decisions are based on attributes that requesters and resources have, which are identified by properties in the ABAC, rather than just IDs, as in IBACs, which allows the ABAC sufficient flexibility and extensibility.
S41, the user needs identity authentication. The authentication sends an authentication request to the policy service.
S42, the decision component acquires the strategy from the management component. The management component returns the corresponding policy.
And S43, returning a result through matching by the decision component. The asset may be accessed after successful authorization. And returning the authorization failure.
And the checking type strategy directly goes through the strategy execution flow. Policy enforcement is divided into active enforcement and passive enforcement. The active execution strategy not only has a strategy expression, but also has an event trigger, and a terminal event can be actively triggered to execute the strategy. The passive execution strategy only has a strategy expression, and the terminal executes the latest issued strategy by updating the strategy at regular time.
S41', and issuing a strategy. It is detected whether an event trigger is included. Contains event trigger, triggers terminal event and executes strategy.
S42', no event trigger exists, and the strategy is stored in the terminal.
According to another aspect of the present invention, there is provided a terminal policy management and enforcement system that divides a policy service into three components, policy management, policy validation and policy decision. The policy management main functions are as follows: configuration management, application management, and policy management. The main functions of policy validation are: and verifying the format of the policy expression and verifying the validity of the policy application. The policy decision has the main functions of: analyzing the strategy, executing the strategy and returning a strategy result;
the policy management function: configuration management, application management, and policy management.
The configuration management mainly comprises user configuration, role configuration and strategy type configuration.
Application management is mainly to register subsystems, components or applications in the system, and only the applications registered in policy management can execute policies.
The strategy management comprises conventional strategy newly adding, deleting, modifying and inquiring, and strategy template newly adding, modifying, inquiring and deleting. Each policy has a unique policy ID, policy name, policy type, policy expression, etc. Each policy may set a lifecycle, and over time, the policy automatically fails, and if the policy is executing, the corresponding application is notified to terminate executing the policy, and the default is permanently valid. The strategy template is divided into a built-in template and a custom template, and the newly-added custom template follows the template format rule;
the strategy decision is the decision of user identity authentication, authorization and access control, authorization is carried out through the matching of the strategy and an executed body, the authority control is based on the access control of roles, and the access control is based on an industry distributed application credible relation access control model.
In conclusion, the invention encapsulates the complex strategy logic into the template, realizes the configuration and supports the logic multiplexing, so that the evaluation of the strategy effect is easy to complete and the compliance is easy to ensure; the policy expression can support wide logic calculation range, high efficiency and easy reuse; strategy validity verification is added when strategy addition, modification and issuing operations are carried out, so that risks brought to a terminal system by wrong strategies are prevented; meanwhile, the operation of the strategy is recorded, so that later-stage query is facilitated; the strategy execution of the invention is divided into active execution and passive execution, the active execution carries a terminal event trigger besides the strategy, and the terminal event can be actively triggered to execute the strategy.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.
Claims (10)
1. A management and execution method of terminal policy is characterized in that the method comprises the following steps:
s1, preparation stage: completing the preparation work of the policy management unit;
s2, policy management stage: finishing the work of the policy management unit by using a management method;
s3, strategy verification stage: verifying the work of the policy management unit by using a verification method;
s4, strategy decision stage: and finishing the authentication of the user identity by using a decision method, matching the user identity with the strategy, and authorizing the authority of the user to access the assets if the matching is successful.
2. The method for managing and executing terminal policies according to claim 1, wherein the preparation of the policy management unit in S1 includes preparation of configuration management and application management.
3. The method for managing and executing terminal policies according to claim 1, wherein the step of performing the policy management unit using the management method in S2 further comprises the following steps:
s21, adding a strategy and filling in a strategy name;
s22, selecting a policy type, and completing the items including but not limited to authentication policy, access policy and check policy;
s23, setting a strategy period and filling a strategy expression;
and S24, selecting and storing the terminal for issuing the strategy, selecting whether to issue the strategy or not, and ending if not.
4. A method for managing and executing terminal policies according to claim 3, wherein the step of populating policy expressions in S23 further comprises the steps of:
and manually writing a strategy expression or generating the strategy expression by using a template and filling parameters.
5. The method for managing and executing terminal policies according to claim 3, wherein the step of terminating the policy in S2 further includes the following steps if necessary:
s21', judging the strategy state, if the strategy state is in use, informing the application terminal to terminate the task, and modifying the strategy state to termination;
s22', if the strategy state is not used, the strategy state is modified to be terminated.
6. The method for managing and executing terminal policies according to claim 5, wherein the termination of policies in S2 includes manual termination and lifecycle termination.
7. The method for managing and executing terminal policies according to claim 1, wherein the step of verifying the operation of the policy management unit using the verification method in S3 further comprises the steps of:
s31, format verification is carried out on the strategy expressions in the newly added, modified and issued strategies, if the verification is passed, life cycle validity verification is carried out, otherwise, the flow is stopped and prompt information is sent;
s32, entering terminal validity check if the life cycle validity check is passed, otherwise stopping the process and sending prompt information;
and S33, if the terminal validity check is passed, storing or issuing the strategy, otherwise, stopping the process and sending a prompt message.
8. The method for managing and implementing terminal policies according to claim 1, wherein in S4, the user identity is authenticated by using a decision method, and the user identity is matched with the policies, and if the matching is successful, the method for authorizing the user to access the asset further comprises the following steps:
s41, the authentication of the user identity is completed by sending an authentication request to the policy decision unit;
s42, the strategy decision unit obtains the strategy from the strategy management unit, and the strategy management unit returns the corresponding strategy;
and S43, the strategy decision unit matches the user identity with the strategy and returns the result, if the matching is successful, the user is authorized to access the authority of the asset, otherwise, the result is returned.
9. The method for managing and executing a terminal policy according to claim 8, wherein if the policy in S4 is an inspection-class policy, a policy execution procedure is performed;
wherein the policy execution flow further comprises the steps of:
s41', issuing the strategy and detecting whether the strategy contains an event trigger, if so, triggering a terminal event and executing the strategy;
and S42', if the strategy does not contain the event trigger, the strategy is stored in the terminal.
10. A terminal policy management and enforcement system for implementing the steps of a terminal policy management and enforcement method according to any one of claims 1 to 9, the system comprising: the system comprises a policy management unit, a policy verification unit and a policy decision unit;
the policy management unit comprises a configuration management module, an application management module and a policy management module, the policy verification unit is used for verifying the format of a policy expression and verifying the validity of policy application, and the policy decision unit is used for analyzing a policy, executing the policy and returning a policy result;
the system comprises a configuration management module, an application management module, a strategy template and a strategy configuration module, wherein the configuration management module is used for user configuration, role configuration and strategy type configuration, the application management module is used for registering subsystems, components or applications in the system, the strategy management module is used for conventional strategy newly adding, deleting, modifying and inquiring, strategy template newly adding, modifying, inquiring and deleting, and the strategy template is divided into a built-in template and a self-defined template;
the strategy decision is the decision of user identity authentication, authorization and access control, authorization is carried out through the matching of the strategy and an executed body, the authority control is based on the access control of roles, and the access control is based on an industry distributed application credible relation access control model.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011492447.7A CN112464216B (en) | 2020-12-17 | 2020-12-17 | Terminal policy management and execution method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011492447.7A CN112464216B (en) | 2020-12-17 | 2020-12-17 | Terminal policy management and execution method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112464216A true CN112464216A (en) | 2021-03-09 |
| CN112464216B CN112464216B (en) | 2022-12-30 |
Family
ID=74803097
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011492447.7A Active CN112464216B (en) | 2020-12-17 | 2020-12-17 | Terminal policy management and execution method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112464216B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115208689A (en) * | 2022-08-08 | 2022-10-18 | 北京雪诺科技有限公司 | Access control method, device and equipment based on zero trust |
| CN116522316A (en) * | 2023-02-23 | 2023-08-01 | 武汉禾正丰科技有限公司 | Service management system based on distributed network |
| CN117113326A (en) * | 2023-08-31 | 2023-11-24 | 金锐软件技术(杭州)有限公司 | Authorized access system based on ABAC model |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101398771A (en) * | 2008-11-18 | 2009-04-01 | 中国科学院软件研究所 | Distributed system access control method based on component and access control system |
| CN109117668A (en) * | 2018-08-10 | 2019-01-01 | 广东工业大学 | A kind of identification authorization safety access method based on block chain building |
-
2020
- 2020-12-17 CN CN202011492447.7A patent/CN112464216B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101398771A (en) * | 2008-11-18 | 2009-04-01 | 中国科学院软件研究所 | Distributed system access control method based on component and access control system |
| CN109117668A (en) * | 2018-08-10 | 2019-01-01 | 广东工业大学 | A kind of identification authorization safety access method based on block chain building |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115208689A (en) * | 2022-08-08 | 2022-10-18 | 北京雪诺科技有限公司 | Access control method, device and equipment based on zero trust |
| CN116522316A (en) * | 2023-02-23 | 2023-08-01 | 武汉禾正丰科技有限公司 | Service management system based on distributed network |
| CN116522316B (en) * | 2023-02-23 | 2023-11-14 | 武汉禾正丰科技有限公司 | Service management system based on distributed network |
| CN117113326A (en) * | 2023-08-31 | 2023-11-24 | 金锐软件技术(杭州)有限公司 | Authorized access system based on ABAC model |
| CN117113326B (en) * | 2023-08-31 | 2024-03-12 | 金锐软件技术(杭州)有限公司 | Authorized access system based on ABAC model |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112464216B (en) | 2022-12-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112464216B (en) | Terminal policy management and execution method and system | |
| AU2017320341B2 (en) | Dynamic access control on blockchain | |
| Benantar | Access control systems: security, identity management and trust models | |
| US8051459B2 (en) | Method and system for extending SELinux policy models and their enforcement | |
| US8726342B1 (en) | Keystore access control system | |
| US8984291B2 (en) | Access to a computing environment by computing devices | |
| US20170286653A1 (en) | Identity risk score generation and implementation | |
| WO2007052388A1 (en) | Method of protecting confidential file and confidential file protecting system | |
| KR100621318B1 (en) | Method for managing access and use of resources by verifying conditions and conditions for use therewith | |
| CN114417287B (en) | Data processing method, system, device and storage medium | |
| US20080066158A1 (en) | Authorization Decisions with Principal Attributes | |
| CN107566375B (en) | Access control method and device | |
| Riad et al. | Adaptive XACML access policies for heterogeneous distributed IoT environments | |
| EP3407241B1 (en) | User authentication and authorization system for a mobile application | |
| US7523488B2 (en) | Method for performing data access transformation with request authorization processing | |
| CN108768918B (en) | Access control method based on authorization management chain | |
| CN111083142A (en) | Data access method, system and equipment applied to Internet of things | |
| US7568039B2 (en) | Method for providing and utilizing a network trusted context | |
| KR100657353B1 (en) | Security system and method for supporting a variety of access control policies, and recordable medium thereof | |
| US20220350900A1 (en) | Secure distribution of embedded policy | |
| CN114143100B (en) | Authorization control method, system, intelligent terminal and computer readable storage medium | |
| CN109948360B (en) | Multi-control-domain security kernel construction method and system for complex scene | |
| Batra et al. | Multilevel policy based security in distributed database | |
| KR20050003587A (en) | Secure system and method for controlling access thereof | |
| CN115396130A (en) | Access control method and device based on block chain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |