CN112532561B - Method, device, system and storage medium for realizing access between devices - Google Patents

Method, device, system and storage medium for realizing access between devices Download PDF

Info

Publication number
CN112532561B
CN112532561B CN201910804478.2A CN201910804478A CN112532561B CN 112532561 B CN112532561 B CN 112532561B CN 201910804478 A CN201910804478 A CN 201910804478A CN 112532561 B CN112532561 B CN 112532561B
Authority
CN
China
Prior art keywords
communication system
information
inter
identity information
request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910804478.2A
Other languages
Chinese (zh)
Other versions
CN112532561A (en
Inventor
李卿
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Banma Zhixing Network Hongkong Co Ltd
Original Assignee
Banma Zhixing Network Hongkong Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Banma Zhixing Network Hongkong Co Ltd filed Critical Banma Zhixing Network Hongkong Co Ltd
Priority to CN201910804478.2A priority Critical patent/CN112532561B/en
Publication of CN112532561A publication Critical patent/CN112532561A/en
Application granted granted Critical
Publication of CN112532561B publication Critical patent/CN112532561B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/54Interprogram communication
    • G06F9/546Message passing systems or structures, e.g. queues
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • H04W4/024Guidance services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/40Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
    • H04W4/44Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P] for communication between vehicles and infrastructures, e.g. vehicle-to-cloud [V2C] or vehicle-to-home [V2H]

Abstract

A method, apparatus, system, and storage medium for enabling inter-device access are disclosed. In response to receiving a first request sent by a first object in the first device based on an interprocess communication protocol for establishing connection with an interprocess communication system in the second device, the second device calls the interprocess communication system to receive a message sent by the first object, the first object sends first identity information and first permission information of the first object to the interprocess communication system, the interprocess communication system converts the first identity information into second identity information which can be recognized by the second device, and in response to receiving a second request sent by the first object for accessing the second object in the second device, the interprocess communication system sends a second request to the second object so that the second object can check the permission information of the first object according to the second identity information. Therefore, the problem of permission check during access between the devices in the scene of device interconnection can be solved.

Description

Method, device, system and storage medium for realizing access between devices
Technical Field
The present disclosure relates to the field of communications, and in particular, to a method, an apparatus, a system, and a storage medium for implementing access between devices.
Background
In the scene of device interconnection, processes or services among different devices have the requirement of mutual access. When a client (a.client) on the a device accesses a service (b.service) on the B device, the b.service providing the service needs to perform permission check based on the requirement of service access security to check whether the a.client has permission to access.
However, the traditional permission system (for example, android permission system) is based on an access control scheme of local devices, and does not support permission check when devices are interconnected, so that a set of permission management and control scheme is required to support permission check when access is performed between devices.
Disclosure of Invention
The technical problem to be solved by the present disclosure is to provide an access scheme between devices in a device interconnection scenario, so as to support permission check when accessing between devices.
According to a first aspect of the present disclosure, a system for enabling access between devices is presented, comprising: the first device and the second device respond to a first request which is sent by a first object in the first device based on an interprocess communication protocol and used for establishing connection with an interprocess communication system in the second device, the second device calls the interprocess communication system to receive a message sent by the first object, the first object sends first identity information and first authority information of the first object to the interprocess communication system, the interprocess communication system converts the first identity information into second identity information which can be approved by the second device, and responds to a second request which is sent by the first object and used for accessing the second object in the second device, the interprocess communication system sends the second request to the second object, so that the second object checks the authority information of the first object according to the second identity information, and determines whether to provide access service for the first object or not based on the checking result.
Optionally, the inter-process communication system starts a process, and receives a message sent by the first object by using the process.
Optionally, the inter-process communication system compares the first permission information with permission information that needs to be checked by the second object to obtain second permission information, and stores the second identity information and the second permission information in an associated manner.
Optionally, the interprocess communication system establishes a session between the first object and the second object, and saves the second right information as session information into the session.
Optionally, the inter-process communication system further stores handle information of the session, and in response to receiving the second request, the inter-process communication system sends the handle information and the first request to the second object.
Optionally, the inter-process communication system converts the identity of the first object into an identity identifier reserved by the second device according to the first identity information.
Optionally, in a case where the second object provides the access service to the first object, the service information provided by the second object is issued to the first object by the inter-process communication system.
According to the second aspect of the present disclosure, there is also provided an inter-device access method, including: in response to receiving a first request sent by a first object in first equipment based on an interprocess communication protocol for establishing connection with an interprocess communication system in second equipment, invoking the interprocess communication system to receive a message sent by the first object; in response to the inter-process communication system receiving the first identity information and the first authority information of the first object sent by the first object, converting the first identity information into second identity information which can be recognized by the second device, and associatively storing the second identity information and the first authority information; in response to the interprocess communication system receiving a second request sent by the first object for accessing the second object in the second device, sending the second request to the second object so that the second object checks the authority information of the first object according to the second identity information, and determining whether to provide the access service to the first object based on the checking result.
Optionally, the step of invoking the interprocess communication system to receive the message sent by the first object includes: the inter-process communication system starts a process and receives a message sent by the first object by using the process.
Optionally, the method further comprises: comparing the first authority information with the authority information of the second object to be checked to obtain second authority information; and the second identity information and the second authority information are stored in association.
Optionally, the step of associatively saving the second identity information and the second right information comprises: and establishing a session between the first object and the second object based on the second identity information, and saving the second authority information as session information into the session.
Optionally, the method further comprises: saving handle information of the session; in response to receiving the second request, the handle information and the second request one are sent to the second object.
Optionally, the step of converting the first identity information into second identity information that can be recognized by the second device comprises: and converting the identity of the first object into an identity identifier reserved by the second equipment according to the first identity information.
Optionally, the method further comprises: and in the case that the second object provides the access service for the first object, the service information provided by the second object is issued to the first object by the interprocess communication system.
Optionally, the interprocess communication protocol is a D-BUS protocol, and the interprocess communication system is a D-BUS.
According to a third aspect of the present disclosure, there is also provided an inter-device access method, including: a first object in a first device sends a first request for establishing connection with an interprocess communication system in a second device to the second device based on an interprocess communication protocol; in response to the connection establishment success, the first object sends first identity information and first permission information of the first object to the interprocess communication system so that the second device converts the first identity information into second identity information which can be approved by the second device; the first object sends a second request for accessing a second object in a second device to the interprocess communication system; and receiving service information provided by the second object forwarded by the interprocess communication system.
Optionally, the interprocess communication protocol is a D-BUS protocol, and the interprocess communication system is a D-BUS.
According to a fourth aspect of the present disclosure, there is also provided an inter-device access apparatus, including: the calling module is used for responding to a first request which is sent by a first object in first equipment based on an interprocess communication protocol and is used for establishing connection with an interprocess communication system in second equipment, and calling the interprocess communication system to receive a message sent by the first object; the conversion module is used for responding to the first identity information and the first authority information of the first object which are sent by the first object and received by the interprocess communication system, converting the first identity information into second identity information which can be recognized by the second equipment, and storing the second identity information and the first authority information in a relevant manner; and the sending module is used for responding to a second request which is sent by the first object and used for accessing a second object in the second equipment and received by the interprocess communication system, sending the second request to the second object so that the second object can check the authority information of the first object according to the second identity information and determine whether to provide access service for the first object or not based on the check result.
According to a fifth aspect of the present disclosure, there is also provided an inter-device access apparatus, including: a first sending module, configured to send, to a second device based on an inter-process communication protocol, a first request that a first object in a first device desires to establish a connection with an inter-process communication system in the second device; the second sending module is used for responding to successful connection establishment and sending the first identity information and the first permission information of the first object to the interprocess communication system so that the second equipment can convert the first identity information into second identity information which can be approved by the second equipment; a third sending module, configured to send a second request for accessing a second object in a second device to the interprocess communication system; and the receiving module is used for receiving the service information provided by the second object forwarded by the interprocess communication system.
According to a sixth aspect of the present disclosure, there is also provided a driving assistance system, including: the vehicle is connected with the server, the vehicle sends a first request for establishing connection with an inter-process communication system in the server to the server based on an inter-process communication protocol, the server calls the inter-process communication system to receive a message sent by the vehicle, the vehicle sends first identity information and first permission information of the vehicle to the inter-process communication system, the inter-process communication system converts the first identity information into second identity information which can be approved by the server, the inter-process communication system sends a second request to the server in response to receiving a second request sent by the vehicle for accessing the server, and therefore the server can check the permission information of the first object according to the second identity information and determine whether to provide access service for the vehicle based on a check result.
Optionally, the server is a map navigation application in the mobile device, the map navigation application provides map navigation service for the vehicle in the case that it is determined that access service is provided for the vehicle, or the server is an intelligent parking lot, and the intelligent parking lot provides service of available parking space information for the vehicle in the case that it is determined that access service is provided for the vehicle.
According to a seventh aspect of the present disclosure, there is also provided a driving assistance system including: the vehicle is connected with the terminal device, the terminal device sends a first request for establishing connection with an inter-process communication system in the vehicle to the vehicle based on an inter-process communication protocol, the vehicle calls the inter-process communication system to receive a message sent by the terminal device, the terminal device sends first identity information and first permission information of the terminal device to the inter-process communication system, the inter-process communication system converts the first identity information into second identity information which can be approved by the vehicle, and in response to receiving a second request sent by the terminal device and used for accessing a server in the vehicle, the inter-process communication system sends the second request to the server, so that the server can check the permission information of the terminal device according to the second identity information and determine whether to provide access service for the vehicle based on a check result.
Optionally, the terminal device is a smart watch, the server is an account login service, and the account login service provides account login information to the smart watch when it is determined that the access service is provided to the terminal device.
According to an eighth aspect of the present disclosure, there is also presented a computing device, comprising: a processor; and a memory having executable code stored thereon, which when executed by the processor, causes the processor to perform a method as set forth in the second or third aspect of the disclosure.
According to a ninth aspect of the present disclosure, there is also proposed a non-transitory machine-readable storage medium having stored thereon executable code, which when executed by a processor of an electronic device, causes the processor to perform the method as set forth in the second or third aspect of the present disclosure.
The method and the system can establish the conversation among different devices based on an interprocess communication mechanism, and can solve the problem of permission check during the access among the devices under the scene of device interconnection through identity information conversion.
Drawings
The above and other objects, features and advantages of the present disclosure will become more apparent by describing in greater detail exemplary embodiments thereof with reference to the attached drawings, in which like reference numerals generally represent like parts throughout.
Fig. 1 shows a schematic flow chart of an access method between devices according to an embodiment of the present disclosure.
Fig. 2 shows a schematic diagram of one application scenario of the present disclosure.
Fig. 3 shows a schematic block diagram of the structure of an access means between devices according to one embodiment of the present disclosure.
Fig. 4 shows a schematic block diagram of the structure of an inter-device access apparatus according to another embodiment of the present disclosure.
FIG. 5 shows a schematic structural diagram of a computing device according to an embodiment of the present disclosure.
Detailed Description
Preferred embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While the preferred embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited by the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
In the device interconnection scene, processes or services among different devices have the requirement of mutual access. For ease of distinction, this disclosure refers to a device for accessing as a first device and a device providing access services as a second device. The first device and the second device may be connected in various ways, such as wirelessly through the internet, internet of things, and the like, or in a wired manner.
In a scenario where a first device and a second device are interconnected, there may be a case where an object in the first device needs to access an object in the second device. For ease of distinction, an object of a first device that desires access to a second device may be referred to as a first object, which may be, but is not limited to, a process, a client application, or the like type of object. The object in the second device that provides the access service may be referred to as a second object, which may be, but is not limited to, a process, a client application, or the like type of object.
Fig. 1 shows a schematic flow chart of an inter-device access method according to an embodiment of the present disclosure.
Referring to fig. 1, in step S110, the first object may first send a first request to the inter-process communication system in the second device based on the inter-process communication protocol, where the first request is used to characterize that the first object desires to establish a connection with the inter-process communication system in the second device.
The interprocess communication system mentioned in the disclosure refers to a system for implementing local interprocess communication in the second device, and the interprocess communication protocol refers to a protocol corresponding to the interprocess communication system.
As an example, the interprocess communication system may be the D-BUS, and the interprocess communication protocol refers to the D-BUS protocol. The D-BUS is an advanced interprocess communication mechanism. The D-BUS supports one-to-one and many-to-many peer-to-peer communication among processes, and during many-to-many communication, the role of a background process is required to transfer messages, when one process sends a message to the other process, the message is sent to the background process firstly, and then the information is forwarded to a target process through the background process. The D-BUS background process acts as a router. Before communication between processes, the processes need to be connected to the BUS (BUS), and a dbus _ BUS _ get function can be called to connect the processes to the BUS, so as to establish connection (DBusConnection) between the processes and the BUS (BUS).
Taking the example where the interprocess communication system is a D-BUS, the first object may send sd _ BUS _ open (i.e., the first request) over a remote service acquisition interface (getRemoteService) to the second device to connect to the BUS in the second device.
Upon receiving the first request, the second device may invoke the interprocess communication system to receive the message sent by the first object, whereby a connection of the first object to the interprocess communication system may be established. Wherein the interprocess communication system may start a process and receive a message sent by the first object using the process. The processes mentioned herein may refer to background processes, proxy processes. Alternatively, the process may act as a router for the first object by establishing a thread (e.g., a Proxy thread) corresponding to the first object, receiving a message for the first object, and forwarding the message to the first object. In addition, the process may be configured to process a received message sent by the first object, and the translation of the identity information and the issuing of the authority information, which are described below, may be performed by the process (or a thread in the process).
In step S120, the first object transmits first identity information and first rights information of the first object to the inter-process communication system.
The first identity information may include device information of the first device and first object information, wherein the first object information may refer to information capable of characterizing an identity of the first object in the first device. The first rights information may be rights information used by the first object, i.e. which rights the first object uses. The first object is different, and the specific contents of the first identity information and the first authority information are different, and details of the first identity information and the first authority information are not described in detail in the disclosure.
The first object may send the first identity information and the first rights information to the interprocess communication system together or in batches.
Optionally, the first identity information and the first rights information may be transmitted to the second device in addition to the first request. In this way, after the connection between the first object and the interprocess communication system is established, the first identity information and the first authority information can be handed over to the interprocess communication system for processing.
Taking the interprocess communication system as a D-BUS as an example, a BUS _ create _ session operation may be newly added when the BUS in the second device is connected, and a BUS _ create _ session request may be sent to the BUS when the BUS in the second device is connected or after the BUS is connected, and the BUS _ create _ session request may be accompanied by the first identity information and the first permission information of the first object.
In step S210, identity information conversion and permission issue.
Upon receiving the first identity information of the first object, the identity of the first object may be converted to a legitimate identity on the second device. Reference herein to a "legitimate identity" is to the identity of the transformed first object to the second device as if it were a local object in the second device. That is, the first identity information may be converted into second identity information that can be recognized by the second device.
For example, the second device may reserve a portion of the identity identifier for use in inter-device service access. For example, the second device may reserve an identity identifier of a corresponding type according to the type of the device and/or the type of the object, and may assign an identity identifier matching its identity according to the first identity information of the first object, for example, according to the device information and the object information in the first identity information. The reserved identity identifier of the second device refers to a legal identity identifier on the second device, e.g., the reserved identity identifier may be an identifier that is consistent with the identity identifier of the local object in the second device. Thus, after the identity conversion, the second identity information of the second object appears to the second device as if it is a local object existing in the second device. Alternatively, the identity identifier may be a UID (User Identification).
After the identity information is converted, permission issue can be performed according to the converted second identity information, where the permission issue refers to storing the first permission information and the second identity information in association with each other in the second device.
In step S130, the first object sends a second request for accessing a second object in the second device to the interprocess communication system.
The second request may include the object desired to be accessed and the content of the object specifically desired to be accessed. After receiving the second request, the interprocess communication system may execute step S220 to forward the second request to the second object. Thus, the second object may perform the step S310 of performing the authority check on the first object.
Since the identity information of the first object is the converted second identity information approved by the second device, the authority information of the first object is stored in the second device in association with the second identity information. Therefore, when the second object performs the authority check on the first object, the local authority check system can be utilized to perform the authority check on the first object according to the second identity information. That is, the second object can perform the permission check on the service access request between the devices as well as checking the local request without additional modification. Therefore, the method and the device can support the permission check during the access between the devices while being compatible with the local permission check.
It should be noted that, the second object may also establish a connection with the interprocess communication system according to the interprocess communication protocol, and since the second object and the interprocess communication system are both located in the second device, reference may be made to an existing interprocess communication mechanism for a connection establishment manner between the second object and the interprocess communication system, which is not described in detail in this disclosure.
In order to improve the authority checking efficiency, the disclosure proposes that before the authority checking, the first authority information and the authority information of the second object to be checked may be compared to obtain the second authority information, and then the second identity information and the second authority information are stored in an associated manner. The second permission information may be the compared permission information, for example, the second permission information may be the permission information that the second object needs to be checked, which is extracted from the first permission information. Thus, when the first object is checked for the right, the check can be performed directly based on the second right information corresponding to the first object.
As an example, a session of the first object and the second object may be established based on the second identity information, and the second rights information may be saved as session information into the session. For example, handle information for the session may be saved, and in response to receiving the second request, the handle information may be sent to the second object along with the second request one. Therefore, after the second object receives the second request, the corresponding session can be quickly searched according to the handle information, so that the stored second permission information can be obtained, and the permission checking efficiency can be improved. The handle is an abstract idea in the field of program design, and in a broad sense, things capable of carrying a large amount of data from a numerical value can be called the handle, so that details of kernel implementation are hidden, convenience is provided for calling, the safety of the kernel is guaranteed, and the concept of the handle is mature technology in the field and is not described herein any more.
After the permission check, the second object may perform step S230, sending a reply to the first object to the interprocess communication system, and the interprocess communication system may perform step S240, forwarding the reply to the first object. The sent reply may be service information provided by the second object when the authority of the first object meets the requirement of the second object, and the sent reply may be access failure information, that is, access refusal information when the authority of the first object does not meet the requirement of the second object.
Application example
The disclosure is further described below with respect to an interprocess communication protocol, D-BUS, as an example.
Aiming at the service access scene among the devices, the method and the device can be combined with the D-BUS to expand the device interconnection scene, and the requirement for checking the service access permission among the devices is met. Therefore, the method and the device can be realized as a device interconnection access scheme based on the D-BUS, and the problem of service access authority check among devices can be solved by modifying and expanding the service access process under the device interconnection scene. The disclosed D-BUS based device interconnect access scheme generally involves connecting the device BUS and accessing services.
Taking a first device as a device a, a first object as a client on the device a, a second device as a device B, and a second object as a server on the device B as an example, the device a and the device B are interconnected.
Based on the existing D-BUS mechanism, a client on the device A can call the initiation sd _ BUS _ open to be connected to the BUS of the device B through getRemoteServer, and once the connection is made, the Proxy process of the device B can start a thread to specially process the request processing and forwarding among devices. Here, the Proxy agent process mentioned here may refer to a background process (e.g., a background daemon process) for implementing the BUS of the device B. After the client side of the equipment A sends a request, the request is firstly sent to a Proxy thread of the equipment B through a D-BUS protocol, the Proxy thread re-encapsulates the request and then forwards the request to the server side of the equipment B, the server side processes the request and sends a reply, and finally the Proxy replies the reply to the client side of the equipment A by using a D-BUS message, so that service access among the equipment is completed.
The method modifies and expands a D-BUS-based inter-device service access mechanism, a BUS _ create _ session operation is newly added when the BUS is connected, and the Proxy agent adds the processing of the create session, the inter-device identity conversion and the support of a session handle, so that a server on the B device can be realized based on a local authority checking system when the client of the A device is checked for authority.
Specifically, when the client of the a device is connected to the B device BUS, the D-BUS protocol adds a BUS _ create _ session operation for attaching the authority (i.e., the first authority information mentioned above) and the identity information (i.e., the first identity information mentioned above) of the client in order to establish the inter-device access session, and it should be noted that all subsequent requests for connection without establishing the session are illegal.
After receiving the bus _ create _ session request, the Proxy agent of the device B first analyzes the identity information and the authority information of the client, and then performs conversion of the identity information to convert the client identity of the device a into a legal identity on the device B. For example, the B-device may reserve a portion of the UID for inter-device service access use, and the client identity translates to the reserved UID based on the device information and the client information.
And then, the Proxy agent thread can issue the authority information according to the converted legal identity of the client, and establish a session from the client to the server. When the conversation is established, the conversation management module can calculate the authority information of the connection according to the identity and the authority information of the client and store the authority information in the conversation, and the Proxy agent thread stores the handle information of the conversation. When the client of the device a subsequently initiates a request, the Proxy agent thread receives the request, attaches the saved session handle to the message, and forwards the message. Finally, the message queries session information and attaches authority information through a kernel kdbus, so that the server side can check the authority of the service request among the devices like checking a local request without any additional change.
The invention solves the problem of permission check of service access in the scene of device interconnection, is compatible with the permission check of local devices, and the server can simultaneously process the service access between the devices and the local devices by using a unified set of permission mechanism based on the scheme of the invention.
The method and the device can be applied to service access control under various device interconnection scenes. The following is an exemplary description of implementation of the present disclosure in a specific application scenario, taking the application of the present disclosure to service access control in a scenario where a vehicle and other devices or platforms are interconnected as an example.
Fig. 2 shows a schematic diagram of one application scenario of the present disclosure.
As shown in fig. 2, the present disclosure may be applied to, but not limited to, access control when a vehicle is interconnected with a smart watch, a mobile phone, a smart parking lot, and the like.
When the method is applied to a scene of interconnection of the vehicle and other equipment, the method can be realized as a driving assistance system.
In one embodiment of the disclosure, the driving assistance system may include a vehicle and a server, and the vehicle may be used as a client for accessing a service and connected with the server for providing the service. The server can be, but is not limited to, a map navigation application in a mobile device (such as a mobile phone), an intelligent parking lot.
The vehicle can send a first request for establishing connection with an inter-process communication system in the server to the server based on an inter-process communication protocol, the server calls the inter-process communication system to receive a message sent by the vehicle, the vehicle sends first identity information and first permission information of the vehicle to the inter-process communication system, the inter-process communication system converts the first identity information into second identity information which can be approved by the server, the inter-process communication system sends a second request for accessing the server to the server in response to receiving the second request for accessing the server sent by the vehicle, so that the server can check the permission information of the first object according to the second identity information and determine whether to provide access service for the vehicle based on a check result.
Taking a service end as a map navigation application in a mobile device as an example, in the case that it is determined that the access service is provided to the vehicle, the map navigation application may provide the map navigation service to the vehicle. Therefore, under the scene of interconnection of the mobile equipment and the intelligent vehicle, the vehicle can automatically switch the navigation of the mobile equipment to the vehicle navigation by accessing the map navigation service in the mobile equipment.
Taking the service end as an intelligent parking lot as an example, under the condition that the access service is provided for the vehicle, the intelligent parking lot can provide the service of available parking space information for the vehicle. Therefore, under the scene of interconnection of the vehicle and the intelligent parking lot, the vehicle can realize automatic navigation parking by accessing the service of the available parking space information of the intelligent parking lot.
In another embodiment of the disclosure, the driving assistance system may include a vehicle and a terminal device, and the vehicle may include a service end for providing a service, and the terminal device is connected to the terminal device for accessing the service end in the vehicle.
The terminal device can send a first request for establishing connection with an inter-process communication system in the vehicle to the vehicle based on an inter-process communication protocol, the vehicle calls the inter-process communication system to receive a message sent by the terminal device, the terminal device sends first identity information and first permission information of the terminal device to the inter-process communication system, the inter-process communication system converts the first identity information into second identity information which can be approved by the vehicle, the inter-process communication system sends a second request to the server in response to receiving a second request sent by the terminal device and used for accessing the server in the vehicle, so that the server can check the permission information of the terminal device according to the second identity information and determine whether to provide access service for the vehicle based on a check result.
As an example, the terminal device may be a smart watch, the server may be an account login service, and the account login service provides account login information to the smart watch in case it is determined that the access service is provided to the terminal device. Therefore, under the scene that the intelligent watch is interconnected with the vehicle, the intelligent watch can realize safe vehicle system account login by accessing login service on the vehicle system.
Fig. 3 shows a schematic block diagram of the structure of an access means between devices according to one embodiment of the present disclosure. The access means between the devices shown in fig. 3 may be provided in the device for providing access service, i.e. the second device mentioned above. The functional blocks of the access means between the devices can be implemented by hardware, software or a combination of hardware and software implementing the principles of the present invention. It will be appreciated by those skilled in the art that the functional blocks depicted in fig. 3 may be combined or divided into sub-blocks to implement the inventive principles described above. Thus, the description herein may support any possible combination, or division, or further definition of the functional modules described herein.
In the following, functional modules that an access apparatus between devices may have and operations that each functional module may perform are briefly described, and for the details related thereto, reference may be made to the above-mentioned related description, which is not described herein again.
Referring to fig. 3, the inter-device access apparatus 300 includes a calling module 310, a converting module 320, and a transmitting module 330.
The invoking module 310 is configured to, in response to receiving a first request sent by a first object in a first device based on an interprocess communication protocol for establishing a connection with an interprocess communication system in a second device, invoke the interprocess communication system to receive a message sent by the first object.
The conversion module 320 is configured to, in response to the inter-process communication system receiving the first identity information and the first permission information of the first object sent by the first object, convert the first identity information into second identity information that can be recognized by the second device, and store the second identity information and the first permission information in an associated manner.
The sending module 330 is configured to, in response to the inter-process communication system receiving a second request sent by the first object for accessing a second object in the second device, send the second request to the second object, so that the second object checks the authority information of the first object according to the second identity information, and determines whether to provide an access service to the first object based on a result of the check.
Fig. 4 shows a schematic block diagram of the structure of an access means between devices according to another embodiment of the present disclosure. The access means between the devices shown in fig. 4 may be provided in the device for accessing, i.e. the first device mentioned above. The functional blocks of the access means between the devices can be implemented by hardware, software or a combination of hardware and software implementing the principles of the present invention. It will be appreciated by those skilled in the art that the functional blocks described in fig. 4 may be combined or divided into sub-blocks to implement the principles of the invention described above. Thus, the description herein may support any possible combination, or division, or further definition of the functional modules described herein.
In the following, functional modules that an access apparatus between devices may have and operations that each functional module may perform are briefly described, and for the details related thereto, reference may be made to the above-mentioned related description, which is not described herein again.
Referring to fig. 4, the inter-device access apparatus 400 includes a first transmitting module 410, a second transmitting module 420, a third transmitting module 430, and a receiving module 440.
The first sending module 410 is configured to send, to the second device, a first request that the first object in the first device desires to establish a connection with an interprocess communication system in the second device based on an interprocess communication protocol.
The second sending module 420 is configured to send, in response to successful connection establishment, the first identity information and the first permission information of the first object to the inter-process communication system, so that the second device converts the first identity information into second identity information that can be recognized by the second device.
The third sending module 430 is configured to send a second request for accessing a second object in the second device to the inter-process communication system.
The receiving module 440 is configured to receive the service information provided by the second object forwarded by the inter-process communication system.
For the operations that the inter-device access apparatus 400 can perform and the details involved therein, refer to the description above in conjunction with fig. 1, and are not described herein again.
Fig. 5 is a schematic structural diagram of a computing device that can be used to implement the above-described inter-device access method according to an embodiment of the present invention.
Referring to fig. 5, the computing device 1000 includes a memory 1010 and a processor 1020.
The processor 1020 may be a multi-core processor or may include multiple processors. In some embodiments, processor 1020 may include a general-purpose host processor and one or more special purpose coprocessors such as a Graphics Processor (GPU), digital Signal Processor (DSP), or the like. In some embodiments, processor 1020 may be implemented using custom circuits, such as an Application Specific Integrated Circuit (ASIC) or a Field Programmable Gate Array (FPGA).
The memory 1010 may include various types of storage units, such as system memory, read Only Memory (ROM), and permanent storage. Wherein the ROM may store static data or instructions that are needed by the processor 1020 or other modules of the computer. The persistent storage device may be a read-write storage device. The persistent storage may be a non-volatile storage device that does not lose stored instructions and data even after the computer is powered down. In some embodiments, the persistent storage device employs a mass storage device (e.g., magnetic or optical disk, flash memory) as the persistent storage device. In other embodiments, the permanent storage may be a removable storage device (e.g., floppy disk, optical drive). The system memory may be a read-write memory device or a volatile read-write memory device, such as a dynamic random access memory. The system memory may store instructions and data that some or all of the processors require at run-time. Further, the memory 1010 may include any combination of computer-readable storage media, including various types of semiconductor memory chips (DRAM, SRAM, SDRAM, flash memory, programmable read-only memory), magnetic and/or optical disks, among others. In some embodiments, memory 1010 may include a removable storage device that is readable and/or writable, such as a Compact Disc (CD), a read-only digital versatile disc (e.g., DVD-ROM, dual layer DVD-ROM), a read-only Blu-ray disc, an ultra-density optical disc, a flash memory card (e.g., SD card, min SD card, micro-SD card, etc.), a magnetic floppy disc, or the like. Computer-readable storage media do not contain carrier waves or transitory electronic signals transmitted by wireless or wired means.
The memory 1010 has executable code stored thereon, which when processed by the processor 1020, causes the processor 1020 to perform the inter-device access methods described above.
The inter-device access method, apparatus, system and device according to the present invention have been described in detail above with reference to the accompanying drawings.
Furthermore, the method according to the invention may also be implemented as a computer program or computer program product comprising computer program code instructions for carrying out the above-mentioned steps defined in the above-mentioned method of the invention.
Alternatively, the invention may also be embodied as a non-transitory machine-readable storage medium (or computer-readable storage medium, or machine-readable storage medium) having stored thereon executable code (or a computer program, or computer instruction code) which, when executed by a processor of an electronic device (or computing device, server, etc.), causes the processor to perform the steps of the above-described method according to the invention.
Those of skill would further appreciate that the various illustrative logical blocks, modules, circuits, and algorithm steps described in connection with the disclosure herein may be implemented as electronic hardware, computer software, or combinations of both.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems and methods according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems that perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Having described embodiments of the present invention, the foregoing description is intended to be exemplary, not exhaustive, and not limited to the embodiments disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the described embodiments. The terminology used herein is chosen in order to best explain the principles of the embodiments, the practical application, or improvements made to the technology in the marketplace, or to enable others of ordinary skill in the art to understand the embodiments disclosed herein.

Claims (25)

1. A system for enabling access between devices, comprising: a first device and a second device, wherein,
in response to receiving a first request sent by a first object in the first device based on an interprocess communication protocol for establishing connection with an interprocess communication system in a second device, the second device calls the interprocess communication system to receive a message sent by the first object,
the first object transmits first identity information and first rights information of the first object to the inter-process communication system,
the inter-process communication system converts the first identity information into second identity information that can be recognized by the second device,
in response to receiving a second request sent by the first object for accessing a second object in the second device, the inter-process communication system sends the second request to the second object, so that the second object checks the authority information of the first object according to the second identity information, and determines whether to provide an access service to the first object based on a check result.
2. The system of claim 1,
and the inter-process communication system starts a process and receives the message sent by the first object by utilizing the process.
3. The system of claim 1,
and the interprocess communication system compares the first authority information with the authority information of the second object to be checked to obtain second authority information, and stores the second identity information and the second authority information in an associated manner.
4. The system of claim 3,
and the interprocess communication system establishes the session of the first object and the second object and stores the second authority information as session information into the session.
5. The system of claim 4,
the interprocess communication system also saves handle information for the session,
in response to receiving the second request, the interprocess communication system sends the handle information and the second request together to the second object.
6. The system of claim 1,
and the inter-process communication system converts the identity of the first object into an identity identifier reserved by the second equipment according to the first identity information.
7. The system of claim 1,
and under the condition that the second object provides access service for the first object, the service information provided by the second object is transmitted to the first object by the interprocess communication system.
8. An inter-device access method, comprising:
in response to receiving a first request sent by a first object in first equipment based on an interprocess communication protocol for establishing connection with an interprocess communication system in second equipment, invoking the interprocess communication system to receive a message sent by the first object;
in response to the inter-process communication system receiving first identity information and first authority information of the first object sent by the first object, converting the first identity information into second identity information which can be recognized by the second device, and associatively saving the second identity information and the first authority information;
in response to the inter-process communication system receiving a second request sent by the first object for accessing a second object in the second device, sending the second request to the second object, so that the second object checks the authority information of the first object according to the second identity information, and determining whether to provide an access service to the first object based on a check result.
9. The access method according to claim 8, wherein the step of invoking the interprocess communication system to receive the message sent by the first object comprises:
and the inter-process communication system starts a process and receives the message sent by the first object by utilizing the process.
10. The access method according to claim 8, further comprising:
comparing the first permission information with permission information of the second object to be checked to obtain second permission information;
and storing the second identity information and the second authority information in an associated manner.
11. The method according to claim 10, wherein the step of associatively storing the second identity information and the second rights information comprises:
and establishing a session between the first object and the second object based on the second identity information, and saving the second authority information as session information into the session.
12. The access method according to claim 11, further comprising:
saving handle information of the session;
in response to receiving the second request, sending the handle information and the second request one to the second object.
13. The method according to claim 8, wherein the step of converting the first identity information into second identity information that can be recognized by the second device comprises:
and converting the identity of the first object into an identity identifier reserved by the second equipment according to the first identity information.
14. The access method according to claim 8, further comprising:
and under the condition that the second object provides access service for the first object, the service information provided by the second object is transmitted to the first object by the interprocess communication system.
15. The access method according to claim 8,
the interprocess communication protocol is the D-BUS protocol,
the interprocess communication system is a D-BUS.
16. An inter-device access method, comprising:
a first object in a first device sends a first request for establishing connection with an interprocess communication system in a second device to the second device based on an interprocess communication protocol;
in response to successful connection establishment, the first object sending first identity information and first permission information of the first object to the inter-process communication system so that the second device converts the first identity information into second identity information which can be approved by the second device;
the first object sends a second request for accessing a second object in the second device to the inter-process communication system, so that the inter-process communication system sends the second request to the second object in response to receiving the second request, so that the second object checks the authority information of the first object according to the second identity information, and determines whether to provide an access service to the first object based on a check result; and
and receiving the service information provided by the second object forwarded by the interprocess communication system.
17. The access method according to claim 16,
the inter-process communication protocol is a D-BUS protocol,
the interprocess communication system is a D-BUS.
18. An inter-device access apparatus, comprising:
the system comprises a calling module, a receiving module and a sending module, wherein the calling module is used for responding to a first request which is sent by a first object in first equipment based on an interprocess communication protocol and is used for establishing connection with an interprocess communication system in second equipment, and calling the interprocess communication system to receive a message sent by the first object;
the conversion module is used for responding to the first identity information and the first authority information of the first object, which are sent by the first object, received by the inter-process communication system, converting the first identity information into second identity information which can be recognized by the second equipment, and storing the second identity information and the first authority information in an associated manner;
and the sending module is used for responding to a second request which is sent by the first object and used for accessing a second object in the second equipment and is received by the inter-process communication system, sending the second request to the second object so that the second object can check the authority information of the first object according to the second identity information and determine whether to provide access service for the first object or not based on the check result.
19. An inter-device access apparatus, comprising:
a first sending module, configured to send, to a second device based on an inter-process communication protocol, a first request that a first object in a first device desires to establish a connection with an inter-process communication system in the second device;
a second sending module, configured to send, in response to successful connection establishment, first identity information and first permission information of the first object to the inter-process communication system, so that the second device converts the first identity information into second identity information that can be recognized by the second device;
a third sending module, configured to send a second request for accessing a second object in the second device to the inter-process communication system, so that the inter-process communication system sends the second request to the second object in response to receiving the second request, so that the second object checks, according to the second identity information, the authority information of the first object, and determines, based on a check result, whether to provide an access service to the first object; and
and the receiving module is used for receiving the service information provided by the second object forwarded by the interprocess communication system.
20. A driving assistance system characterized by comprising: a vehicle and a service end, wherein the vehicle is connected with the service end,
the vehicle sends a first request for establishing connection with an interprocess communication system in the server to the server based on an interprocess communication protocol, the server calls the interprocess communication system to receive a message sent by the vehicle,
the vehicle transmits first identity information and first authority information of the vehicle to the inter-process communication system,
the inter-process communication system converts the first identity information into second identity information which can be approved by the server,
and in response to receiving a second request sent by the vehicle and used for accessing the server, the inter-process communication system sends the second request to the server, so that the server can check the authority information of the vehicle according to the second identity information, and determine whether to provide access service for the vehicle based on a check result.
21. The driver assistance system according to claim 20,
the server is a map navigation application in the mobile equipment, and the map navigation application provides the map navigation service for the vehicle under the condition that the access service is determined to be provided for the vehicle, or
The service end is an intelligent parking lot, and under the condition that the access service is provided for the vehicle, the intelligent parking lot provides the service of available parking space information for the vehicle.
22. A driving assistance system characterized by comprising: a vehicle and a terminal device, the vehicle being connected to the terminal device,
the terminal device sends a first request for establishing connection with an inter-process communication system in the vehicle based on an inter-process communication protocol, the vehicle calls the inter-process communication system to receive the message sent by the terminal device,
the terminal device sends first identity information and first permission information of the terminal device to the inter-process communication system,
the inter-process communication system converts the first identity information into second identity information that can be recognized by the vehicle,
and in response to receiving a second request sent by the terminal equipment and used for accessing a server in the vehicle, the inter-process communication system sends the second request to the server, so that the server can check the authority information of the terminal equipment according to the second identity information and determine whether to provide access service for the terminal equipment based on a check result.
23. The driver assistance system of claim 22, wherein the terminal device is a smart watch, the server is an account login service, and the account login service provides account login information to the smart watch if it is determined that access service is provided to the terminal device.
24. A computing device, comprising:
a processor; and
a memory having executable code stored thereon, which when executed by the processor, causes the processor to perform the method of any of claims 8 to 17.
25. A non-transitory machine-readable storage medium having stored thereon executable code, which when executed by a processor of an electronic device, causes the processor to perform the method of any of claims 8-17.
CN201910804478.2A 2019-08-28 2019-08-28 Method, device, system and storage medium for realizing access between devices Active CN112532561B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910804478.2A CN112532561B (en) 2019-08-28 2019-08-28 Method, device, system and storage medium for realizing access between devices

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910804478.2A CN112532561B (en) 2019-08-28 2019-08-28 Method, device, system and storage medium for realizing access between devices

Publications (2)

Publication Number Publication Date
CN112532561A CN112532561A (en) 2021-03-19
CN112532561B true CN112532561B (en) 2023-04-07

Family

ID=74973962

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910804478.2A Active CN112532561B (en) 2019-08-28 2019-08-28 Method, device, system and storage medium for realizing access between devices

Country Status (1)

Country Link
CN (1) CN112532561B (en)

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101917438A (en) * 2010-08-23 2010-12-15 浪潮(北京)电子信息产业有限公司 Access control method and system in network communication system
US9032493B2 (en) * 2011-03-31 2015-05-12 Intel Corporation Connecting mobile devices, internet-connected vehicles, and cloud services
CN105468462B (en) * 2014-08-14 2020-11-03 腾讯科技(深圳)有限公司 Method and system for interprocess communication identity verification and communication between application software
CN107784221B (en) * 2016-08-30 2021-07-27 斑马智行网络(香港)有限公司 Authority control method, service providing method, device and system and electronic equipment
CN107133516B (en) * 2017-04-24 2020-10-30 深信服科技股份有限公司 Authority control method and system
CN109511115B (en) * 2017-09-14 2020-09-29 华为技术有限公司 Authorization method and network element
CN109587097A (en) * 2017-09-29 2019-04-05 阿里巴巴集团控股有限公司 A kind of system, method and apparatus for realizing secure access internal network
CN109587100A (en) * 2017-09-29 2019-04-05 阿里巴巴集团控股有限公司 A kind of cloud computing platform user authentication process method and system
CN109995754B (en) * 2019-02-20 2021-06-22 石化盈科信息技术有限责任公司 Method for application to access server side API and computer readable storage medium

Also Published As

Publication number Publication date
CN112532561A (en) 2021-03-19

Similar Documents

Publication Publication Date Title
CN108182121B (en) Method and system for communication between modules of Android central control large screen system
US20230008666A1 (en) Group Creation Method, Apparatus, and System
CN107784221B (en) Authority control method, service providing method, device and system and electronic equipment
US20200100111A1 (en) Connection establishment method, device, and system
US10551508B2 (en) Quick positioning system and vehicle-mounted system
US20170126556A1 (en) Information transmission method and apparatus, device and storage medium
US20180295658A1 (en) Method for establishing wireless connection for application of user equipment
US11190966B2 (en) Information indication method, terminal, and computer storage medium
CN112654100B (en) Information processing method and related network equipment
CN108024308B (en) Method and equipment for sharing and connecting wireless access points
CN108900607B (en) SMB protocol request processing method and device and server
WO2020038443A1 (en) Bridging communication method and device
CN107819768B (en) Method for server to actively disconnect illegal long connection, terminal equipment and storage medium
CN112532561B (en) Method, device, system and storage medium for realizing access between devices
CN112434325B (en) Data high-speed encryption and decryption method and vehicle-mounted unit
US20180337922A1 (en) Method and device for controlling smart device, server and storage medium
CN114244643A (en) Network distribution method, device, system, equipment and storage medium of intelligent equipment
CN110958278B (en) API gateway-based data processing method and system and API gateway
JP6877388B2 (en) Information processing equipment, mobiles, information processing methods, and programs
CN106899652B (en) Method and device for pushing service processing result
CN111163457B (en) Processing method, device and storage medium for access terminal
CN106453573A (en) Method and system for processing CGI request in HTTP server
WO2019104989A1 (en) Terminal and communication method
CN114640991A (en) Network request method and application thereof
CN108021459B (en) Method and device for sending dotting logs across processes

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant