CN113728600B

CN113728600B - Access control method, equipment and storage medium

Info

Publication number: CN113728600B
Application number: CN201980095766.3A
Authority: CN
Inventors: 杨宁
Original assignee: Guangdong Oppo Mobile Telecommunications Corp Ltd
Current assignee: Guangdong Oppo Mobile Telecommunications Corp Ltd
Priority date: 2019-09-11
Filing date: 2019-09-11
Publication date: 2023-10-24
Anticipated expiration: 2039-09-11
Also published as: WO2021046782A1; CN113728600A

Abstract

An access control method, comprising: the terminal device (1100) determines the role of the access device (1200) of the security domain in which it is located; in case that at least one access control role of the access control list of the terminal device (1100) includes the role of the access device (1200), the terminal device (1100) allows the access device (1200) to configure a security resource in the terminal device (1100), the access control role being a role that is allowed to perform configuration of the security resource. Another access control method, an electronic device (1400), and a storage medium are also provided.

Description

Access control method, equipment and storage medium

Technical Field

The invention relates to the technology of the internet of things, in particular to an access control method, equipment and a storage medium, wherein the equipment comprises at least one of the following: terminal device, access device and activation device.

Background

In the related art, a terminal device can only be configured by an On Board Tool (OBT), that is, only one device owner (device owner), and a device in the terminal device can also configure a resource, a security resource such as a certificate, and only one resource owner (resource owner). Since only resource own has the right to configure the corresponding secure resource, when the terminal device is configured into one secure domain and enters the other secure domain again, the terminal device needs to be reconfigured into the other secure domain by interworking with the device in the other secure domain. Thus, the terminal device needs to be reconfigured each time it moves in a different security domain.

Disclosure of Invention

The embodiment of the invention provides an access control method, equipment and a storage medium, which can avoid repeated and complicated configuration process of safety resources of a resource owner and break access isolation of terminal equipment in different safety domains.

The technical scheme of the embodiment of the invention is realized as follows:

in a first aspect, an embodiment of the present invention provides an access control method, including:

the terminal equipment determines the role of the access equipment of the security domain;

in the case that at least one access control role of the access control list of the terminal device includes the role of the access device, the terminal device allows the access device to configure a security resource in the terminal device, where the access control role is a role that is allowed to configure the security resource.

In a second aspect, an embodiment of the present invention provides an access control method, including:

the access equipment sends the role of the access equipment to the terminal equipment of the security domain where the access equipment is located; in the case where the role of the access device is included in at least one access control role in the access control list of the terminal device, the terminal device allows the access device to configure the secure resource in the terminal device, the access control role being a role that is allowed to perform configuration of the secure resource.

In a third aspect, an embodiment of the present invention provides an access control method, including:

the method comprises the steps that an activating device configures an access control list to a terminal device, wherein the access control list is used for at least one access control role of the access control list, the role of the access device is included, the terminal device allows the access device to configure security resources in the terminal device, and the access control role is a role allowed to configure the security resources.

In a fourth aspect, an embodiment of the present invention provides a terminal device, including:

a role determination module configured to determine a role of an access device of a security domain in which the access device is located;

and the permission management module is configured to allow the access equipment to configure the security resources in the terminal equipment when at least one access control role of the access control list of the terminal equipment comprises the role of the access equipment, wherein the access control role is the role allowed to configure the security resources.

In a fifth aspect, an embodiment of the present invention provides an access device, including:

the sending module is configured to send the role of the access device to the terminal device in the security domain; in the case where the role of the access device is included in at least one access control role in the access control list of the terminal device, the terminal device allows the access device to configure the secure resource in the terminal device, the access control role being a role that is allowed to perform configuration of the secure resource.

In a sixth aspect, an embodiment of the present invention provides an activation device, the method including:

the list configuration module is configured to configure an access control list to a terminal device, wherein the access control list is used for at least one access control role of the access control list, the role of the access device is included, the terminal device allows the access device to configure security resources in the terminal device, and the access control role is a role allowed to configure the security resources.

In a seventh aspect, an embodiment of the present invention provides a terminal device, including a processor and a memory for storing a computer program capable of running on the processor, where the processor is configured to execute steps of an access control method executed by the terminal device when running the computer program.

In an eighth aspect, an embodiment of the present invention provides an access device, including a processor and a memory for storing a computer program capable of running on the processor, where the processor is configured to execute steps of an access control method executed by the access device when running the computer program.

In a ninth aspect, an embodiment of the present invention provides an activation device, including a processor and a memory for storing a computer program capable of running on the processor, where the processor is configured to execute steps of an access control method executed by the activation device when the computer program is run.

In a tenth aspect, an embodiment of the present invention provides a storage medium storing an executable program, where the executable program when executed by a processor implements the access control method executed by the terminal device.

In an eleventh aspect, an embodiment of the present invention provides a storage medium storing an executable program that, when executed by a processor, implements the access control method executed by the above-described access device.

In a twelfth aspect, an embodiment of the present invention provides a storage medium storing an executable program that, when executed by a processor, implements the access control method executed by the activation device described above.

The access control method provided by the embodiment of the invention comprises the following steps: the terminal equipment determines the role of the access equipment of the security domain; in case that the role of the access device is included in at least one access control role of the access control list of the terminal device, the terminal device allows the access device to configure the security resources in the terminal device. Because the access control list is set in the terminal equipment, when the role of the access equipment is included in at least one role of the access control list, which is allowed to perform the configuration of the security resources, the access equipment can be considered to have configuration authority on the security resources in the terminal equipment, and the access equipment is allowed to configure the security resources in the terminal equipment, so that the configuration of the access equipment in different security domains on the security resources in the terminal equipment is realized based on the access control list, the repeated tedious configuration process of resource owners can be avoided, and the access isolation of the terminal equipment in different security domains is broken.

Drawings

FIG. 1 is a schematic flow diagram of an alternative embodiment of the present invention for providing role declarations;

FIG. 2 is a schematic flow diagram of an alternative device configuration provided by an embodiment of the present invention;

fig. 3 is an optional structural schematic diagram of an internet of things system according to an embodiment of the present invention;

fig. 4 is an optional structural schematic diagram of an internet of things system according to an embodiment of the present invention;

FIG. 5 is a schematic flow chart of an alternative access control method according to an embodiment of the present invention;

FIG. 6 is a schematic flow chart of an alternative access control method according to an embodiment of the present invention;

FIG. 7 is a schematic flow chart of an alternative access control method according to an embodiment of the present invention;

FIG. 8 is a schematic flow chart of an alternative access control method according to an embodiment of the present invention;

FIG. 9 is a schematic flow chart of an alternative access control method according to an embodiment of the present invention;

FIG. 10 is a schematic flow chart of an alternative access control method according to an embodiment of the present invention;

fig. 11 is an alternative structural schematic diagram of a terminal device according to an embodiment of the present invention;

FIG. 12 is a schematic diagram of an alternative configuration of an access device provided by an embodiment of the present invention;

FIG. 13 is a schematic diagram of an alternative configuration of an activation device provided by an embodiment of the present invention;

fig. 14 is a schematic structural diagram of an alternative electronic device according to an embodiment of the present invention.

Detailed Description

The present invention will be further described in detail with reference to the accompanying drawings, for the purpose of making the objects, technical solutions and advantages of the present invention more apparent, and the described embodiments should not be construed as limiting the present invention, and all other embodiments obtained by those skilled in the art without making any inventive effort are within the scope of the present invention.

Before the access control method provided by the embodiment of the invention is described in detail, the resource, role statement and terminal equipment configuration of the Internet of things system are briefly described.

In the internet of things, information such as the physical equipment of the internet of things, functional services provided by the physical equipment of the internet of things, the state of the equipment and the like can be expressed through resources. The device providing the resource is a server and the device accessing the resource is a client. The client and the server are logical functional entities, and each internet of things device can be a client, a server or both a client and a server. For example, a device (e.g., a light bulb) that implements some of the most basic functions may only be a server, and may be provided to clients for querying and controlling, without itself having control or the need to query other devices.

After the client uses the certificate to authenticate the server, the client may declare one or more roles by updating the server role resource with the role certificate. The role credential must be a certificate credential and should include a chain of certificates. The server will verify each certificate chain. In addition, the public key used for authentication of the terminal entity must be identical to the public key in all role certificates. In addition, the principal-resolved names in the terminal entity identity verification and role certificate must match. The declared roles are encoded in the objectialtname extension of the role certificate. The objectialtname field may have multiple values, allowing a single role certificate to encode multiple roles for a client. Wherein different roles can be distinguished by different role identifications, such as: a host (owner), family member (family), guest (guest), etc., different roles may have different access rights, such as: the master (owner) may have full control of the terminal device, the family member may have full control of part of the resources in the terminal, and the visitor (guest) has access to only part of the resources in the terminal.

Fig. 1 is an interaction flow of client-side role declaration to server-side, including:

In step S101, the client sends an UPDATE request to the server.

The UPDATE request is sent by the client to the server to UPDATE the character resources on the server partially or fully. Here, a uniform resource identifier (Uniform Resource Identifier, URI) is used to identify the name of the resource, which URI may be indicated by a uniform resource locator (Uniform Resource Location, URL), such as: the URI of the character resource is oic, and the URL of the character resource is/oic/sec/roles. Each resource contains an attribute for describing state information of the resource, the attribute appearing in the form of "< key > = < value >" key-value pair.

The client uses the UPDATE request to write role information associated with the role certificate to the role resource of the device.

Examples of resource expressions for UPDATE requests are, for example:

here, the role of the client is declared in the above resource expression.

A resource expression is a snapshot of attributes. Interaction with the resource is achieved by exchanging requests and responses containing representations of the resource. For example, a read request is made to the resource, the representation of the resource is obtained by the response, and the resource is updated by updating the resource representation.

Step S102, the server updates the role resources.

After receiving the UPDATE request, the server verifies whether the client sending the request has the right to UPDATE the role resource. In addition, the client UPDATEs the role resource information based on the parameters in the UPDATE request.

Step S103, the server returns an UPDATE response to the client.

The terminal device needs to be activated to interact with other terminal devices in the security domain. The first step in activating the terminal device is to configure the ownership of the terminal device. Legal users establish ownership of the terminal device through OBT using an Owner Transfer Method (OTM). After ownership is established, the OBT is used for configuring the terminal equipment, so that the terminal equipment can normally operate and interact with other terminal equipment.

Fig. 2 is a schematic diagram of an interaction flow configured by a terminal device, as shown in fig. 2, including:

step S201, the OBT discovers the terminal equipment needing to be configured in the security domain.

Here, the discovered device is a new terminal device that is unoccupied and needs to be configured.

Step S202, the terminal equipment returns the supported owner transfer method to the OBT.

Wherein steps S201 and S202 find new devices for the OBT and find the appropriate owner transfer method.

Step S203, the OBT establishes a secure connection with the terminal equipment according to the owner transfer method supported by the terminal equipment.

Step S203 is used to execute the owner transfer method.

Step S204, the OBT configures the ID of the OBT to the owner resource of the terminal equipment.

Here, the URL of the owner resource may be/oic/sec/doxm, and the ID of the OBT may be configured to a device owner identification (deviceowneruuid) attribute of the owner resource of the terminal device.

Step S204 is used to establish the owner identity of the terminal device

Step S205, the OBT requests the owner credential type supported by the terminal device.

The owner credential types supported by the terminal device may include: symmetric keys, asymmetric keys, certificates, etc.

Step S206, OBT selects the proper owner credentials.

OBT selects an appropriate security credential based on the type of owner credential supported by the terminal device

Step S207, OBT configures owner credentials.

The OBT configures the selected owner credential to the credential resource of the terminal device, which may be a URL of/oic/sec/cred.

Steps S205 to S207 are for determining whether the terminal device uses symmetric and/or asymmetric credentials used by the device owner.

Step S208, the OBT allocates the terminal device to the credential management server.

The credential management server (Credential Management Service, CMS) may typically be part of an OBT, considering extensibility and modular design, and the CMS may also be deployed separately as a service.

Step S208 is for adding information of a new terminal device to the device management related service.

Step S209, OBT configures own ID to owner resource of terminal equipment.

OBT configures the OBT as the owner of the owner resource. Here, the OBT may configure its own ID to a owner identification (roweruid) attribute of the terminal device/oic/sec/doxm.

Step S2010, the OBT configures the ID of the CMS to the credential resource of the terminal device.

The OBT sets the CMS as the owner of the credential resource. The OBT configures the ID of the CMS to the owner identification (roweruid) attribute of per oic/sec/cred.

Steps S2011, OBT configure CMS credentials for establishing a secure connection with the CMS to the credential resources of the terminal device.

Steps S209 to S2011 are used to define terminal devices and representative management services, such as CMS credentials and device owners.

Step S2012, the OBT/CMS changes the state of the terminal device into a service configuration state.

Step S2013 OBT/CMS configures credentials for establishing a local area network secure connection with other devices to the credential resources of the terminal device.

Wherein in step S2012 and step S2013, the new device is configured using the peer-to-peer credentials and the access control policy.

And step S2014, the OBT/CMS changes the state of the terminal equipment into a normal working state.

And enabling the terminal equipment to work normally through step S2014.

In the above-mentioned flow, the owner credential configured in step S207 is a credential for interconnecting the OBT and the terminal device, the CMS credential configured in step S2011 is a credential for interconnecting the CMS and the terminal device, and the credential configured in step S2013, i.e., the end-to-end (P2P) credential, is a credential for interconnecting the terminal device in the security domain with other terminal devices in the security domain.

In one example, the structure of the owner resource may be:

here, the OBT, i.e. the activation device, is the master of the security domain, and may configure interconnection and interworking between the client and the server in the security domain. The owners of different security domains are different OBTs. After the client or the server in the security domain is configured, the OBT is the owner of the configured terminal equipment. The devices in a network, which are configured by the same OBT, can be interconnected and intercommunicated with each other, and the devices are considered to form a security domain. Wherein, for example, in a home network environment, all devices are configured by a mobile phone APP (as an OBT) of a man owner, so that a client and a server in the home can form a security domain for establishing a secure communication connection; the interconnected devices in the adjacent home network are configured by the neighboring cell phone APP (another OBT), and form another security domain different from the home security domain.

The configuration information of the different security domains is independent of each other, and the configuration information of one security domain cannot be used for other security domains, so that accesses between devices of the different security domains are isolated from each other. For example, after the terminal device is configured to the security domain a, the configuration information in the terminal device is the configuration information of the security domain a; when the terminal equipment enters the security domain B, interconnection and intercommunication cannot be carried out between the terminal equipment and the equipment in the security domain B through configuration information in the security domain A; if the terminal device is to be interconnected with a device in security domain B, a reconfiguration is required to configure the terminal device into security domain B.

For example, fig. 3 is the establishment of a security domain in a home environment:

the client APP is installed in the activation device 301, and the activation device 301 creates various roles of the terminal devices in the security domain (such as a home network), and an administrator (admin), family members (family), guests (guests), and the like of the respective terminal devices. I.e. the activation device 301 is an OBT of the home network. The activation device 301 discovers and configures the light bulb 1 and can control the light bulb 1.

The terminal device 302 is provided with a client APP, the client APP of the activation device 301 discovers the client APP of the terminal device 302, configures the APP of the terminal device 302, and gives authority to the APP family member (family) of the terminal device 302, so that the terminal device 302 can also control the bulb 1. The activation device 301 may also give the terminal device 302 an administrator (admin) authority, and the terminal device 302 may also configure and manage the light bulb 1.

For an internet of things device, such as bulb 2, configuration is performed in the same manner as bulb 1.

For a new terminal device with client APP, its roles and rights are configured in the same way as terminal device 302.

In the scheme, the terminal equipment can be configured by only one OBT, namely only one equipment owner can be provided, and the owner resources, the credential resources and other security resources can also only be provided with one resource owner. Because only the resource owners have the authority to configure the corresponding security resources, when one terminal device enters other security domains outside the security domain corresponding to the current device owner, the owners of the other security domains cannot configure the security resources of the terminal device, so that the current device cannot be interconnected and intercommunicated with the devices in the other security domains. For example: after the Client APP of the terminal device 302 in fig. 3 is configured by the activation device 301, when the terminal device 302 enters the office, since the host of the security domain in the office network is the Client APP (OBT) of the activation device Boss, the activation device Boss cannot configure the Client APP of the terminal device 302 to interconnect and interwork the terminal device 302 with the terminal device in the security domain of the office.

Even if the configuration information in the terminal device is reset, so that the terminal device can be interconnected with and intercommunicated with the terminal device in other security domains, when the terminal device reenters the current security domain, the terminal device cannot control the device in the current security domain.

Taking the terminal device 302 shown in fig. 3 as an example, even if the client APP of the terminal device 302 is reset, the activating device Boss can configure the client APP of the terminal device 302, so as to implement interconnection and interworking between the terminal device 302 and devices in the office network, when the terminal device 302 reenters the home security domain, the device in the home security domain cannot be controlled again, and needs to be reconfigured by the activating device 301. Thus, when the terminal equipment moves in different security domains, reconfiguration is required each time, and the user experience is poor.

Based on the above-mentioned problems, the present invention provides an access control method, and the access control method in the embodiment of the present invention may be applied to the internet of things system 400 shown in fig. 4, including: an activation device 401, a credential management server 402, a terminal device 403-1, an activation device 404, a credential management server 405, and a terminal device 403-2.

Wherein the activation device 401 and the credential management server 402 belong to the same security domain: security domain 1, the activation device 404 and the credential management server 405 belong to the same security domain: security domain 2. The activation device 401 is the OBT of security domain 1, the master, and the credential management server 402 manages and configures the credentials of the devices in security domain 1. The activation device 404 is the OBT of the network 2, the master, and the credential management server 405 manages and configures the credentials of the devices in the security domain 2.

When terminal device 403-1 or terminal device 403-2 enters the network in which security domain 1 is located, activation device 401 configures terminal device 403-1 or terminal device 403-2 so that terminal device 403-1 or terminal device 403-2 enters security domain 1. As shown in fig. 4, when the terminal device 403-2 and the terminal device 403-1 enter the security domain 1 at the same time, the terminal device 403-2 and the terminal device 403-1 may be interconnected.

The activation device 401, the terminal device 403-1, and the terminal device 403-2 may refer to an access terminal, a User Equipment (UE), a subscriber unit, a subscriber station, a mobile station, a remote terminal, a mobile device, a User terminal, a wireless communication device, a User agent, or a User Equipment. An access terminal may be a cellular telephone, a cordless telephone, a session initiation protocol (Session Initiation Protocol, SIP) phone, a wireless local loop (Wireless Local Loop, WLL) station, a personal digital assistant (Personal Digital Assistant, PDA), a handheld device with wireless communication capabilities, a computing device or other processing device connected to a wireless modem, an in-vehicle device, a wearable device, a terminal device in a 5G network, or a device in a future evolved PLMN, etc.

Fig. 4 illustrates two security domains and two terminal devices, and optionally, the internet of things system 300 may include more than two security domains and more than two terminal devices, which is not limited by the embodiment of the present invention, and the number of terminal devices under one security domain is not limited.

Here, the security domain 1 and the security domain 2 may belong to the same network or may belong to different networks.

The internet of things shown in fig. 4 may further include: and the system comprises a sensor, a laser scanning system, intelligent household appliances and other Internet of things equipment.

An optional process flow of the access control method provided by the embodiment of the present invention, as shown in fig. 5, includes the following steps:

in step S501, the terminal device determines the role of the access device of the security domain in which it is located.

Optionally, the security domain in which the terminal device is located is an already entered security domain. Optionally, the security domain where the terminal device is located is a security domain which is not entered but is to be entered.

Taking the security domain in which the terminal equipment is located as the security domain which has entered as an example, the activation equipment corresponding to the current security domain configures the terminal equipment, and the terminal equipment can be interconnected and intercommunicated with other terminal equipment in the current security domain.

Taking the security domain in which the terminal equipment is located as a security domain to be entered as an example, the activation equipment corresponding to the current security domain does not configure the terminal equipment, and the terminal equipment and other terminal equipment in the current security domain cannot be interconnected and intercommunicated.

The access device is a device in the security domain where the terminal device is located, where the access device requests to configure a security resource in the terminal device, and may be at least one of the following devices in the security domain where the terminal device is located: activating devices, CMS, and other terminal devices.

In the embodiment of the present invention, before step S501, as shown in fig. 5, the method includes step S500, where the access device sends the role of the access device to the terminal device. At this time, the terminal device receives the role of the access device transmitted by the access device.

Optionally, the roles of the access devices of the different security domains are the same. Optionally, the roles of the access devices of the different security domains are different.

Optionally, the access device sends a role certificate to the terminal device in the security domain where the access device is located, and the public field of the role certificate includes the role of the access device. At this time, step S501 the terminal device determines the role of the access device of the security domain, including: the terminal device determines the role of the access device from the public field in the role certificate sent by the access device of the security domain where the terminal device is located.

In embodiments of the present invention, the role of the access device may be characterized by a role identification. Optionally, the roles of the different access devices are the same, such as: the roles of access device 1 and access device 2 are owner. Optionally, the roles of the different access devices are different, such as: the role of access device 1 is owner1 and the role of access device 2 is owner2.

Step S502, where the access control role of the access control list of the terminal device includes the role of the access device, the terminal device allows the access device to configure the secure resource in the terminal device.

After the terminal device determines the role of the access device, it is queried whether at least one access control role of an access control list (Access Control List, ACL) in the terminal device includes the role of the access device. And if the terminal equipment is not included, the access equipment is not allowed to configure the security resources in the terminal equipment. Wherein the access control role is a role that is allowed to perform configuration of the secure resource

In the embodiment of the invention, roles in different role certificates can be the same, and the roles of the role certificates are marked in a public field of the role certificate.

In the embodiment of the invention, the terminal equipment comprises at least one access control list, and one access control list comprises one or more access control roles. Wherein an access control list may include one or more access control items, one access control item corresponding to one access control role, different access control items corresponding to different or the same access control roles.

In an example, 3 access control lists are included in the terminal device: list 1, list 2 and list 3, wherein the access control role in list 1 is role 1, the access control role in list 2 is role 2 and role 3, the access control role in list 3 is role 4, when the role of the access device is role 2, the access device is allowed to configure the security resources in the terminal device, and when the role of the access device is role 5, the access device is not allowed to configure the security resources in the terminal device.

Optionally, the secure resources in the terminal device include: one or more of the resources related to the initialization configuration in the terminal device, such as owner resource (/ oic/sec/doxm), credential resource (/ oic/sec/cred), status resource (/ oic/sec/pstat). The owner resource is a resource related to the equipment owner, the credential resource is a resource related to the security credential, and the state resource is a resource related to the configuration state.

Optionally, the access device configures the secure resource to add, modify, delete, etc. information in the secure resource.

Taking the access device as a credential management server and the credential management server performing an operation of adding the credential resource, the credential resource of the terminal device includes: and the terminal equipment establishes a certificate 1 connected with the refrigerator, and the terminal equipment establishes a certificate 2 connected with the television. When the terminal equipment allows the credential management server to configure the credential resource in the terminal equipment, the credential management server adds the credential 3 for establishing connection between the terminal equipment and the desk lamp to the credential resource in the terminal equipment, so that the terminal equipment can be interconnected and intercommunicated with the desk lamp on the basis of being interconnected and intercommunicated with the refrigerator and the washing machine.

Optionally, the access list further includes: security resources allowed to be accessed corresponding to the access control roles; the terminal device in step S502 allows the access device to configure secure resources in the terminal device, including: the terminal equipment allows the access equipment to configure target security resources in the terminal equipment, wherein the target security resources are security resources which correspond to roles of the access equipment and are allowed to be accessed.

The security resources in the access control list that are allowed to be accessed are indicated by URLs.

Such as: the access control role in the access control list is role 1, and the security resources allowed to access corresponding to role 1 are: URL1, the terminal device allows the access device to access the secure resource indicated by URL1 in case the role of the access device is role 1.

In an embodiment of the present invention, the security resources allowed to be accessed in the access control list include one or more security resources, and different security resources are indicated by different URLs. When multiple access control items correspond to the same access control role, security resources corresponding to the access control roles in the access control items can be different.

Optionally, the access control list further includes: the operation authority corresponding to the access control role; correspondingly, in step S502, the terminal device allows the access device to configure the secure resource in the terminal device, including: the terminal equipment allows the access equipment to carry out configuration corresponding to target operation authority on the security resources in the terminal equipment, wherein the target operation authority is the operation authority corresponding to the role of the access equipment.

The operation authority comprises the following steps: creation (Create), retrieval (Update), deletion (Delete), notification (Notify), etc., wherein the operation rights corresponding to the access control role may include one or more of the operation rights described above. Taking the operation authority as an update example, the terminal device allows the access device to update the security resource in the terminal device.

The access control list comprises: the access control role, the security resource allowed to access corresponding to the access control role, and the operation authority corresponding to the access control role are taken as examples, and the access control list comprises the following contents:

/>

here, the access control role of the access control item is included in the body to which the access control item corresponds.

The above access control list indicates that an access device having the role of oic. Per oil/sec/doxm,/oil/sec/cred and/oil/sec/pstat).

In the embodiment of the invention, for different access devices, the access control list is the same access control list, and roles of the different access devices are the same; or for different access devices, the access control list is different access control lists, and the roles of the different access devices are different.

Taking access devices of different security domains as the same access control list, and the roles of the access devices of the different security domains are the same, and taking a credential management server as an example, the roles of the credential management server 1 of the security domain 1 and the credential management server 2 of the security domain 2 are owner, if the terminal device includes the access control list with the access control role of owner, the credential management server 1 and the credential management server 2 are allowed to configure security resources in the terminal device.

Taking access devices of different security domains as different access control lists, and roles of the access devices of the different security domains are different, taking a credential management server as an example as the access device, the role of the credential management server 1 of the security domain 1 is owner1, the role of the credential management server 2 of the security domain 2 is owner2, the access control list 1 with the access control role of owner1 is included in the terminal device, the credential management server 1 is allowed to control security resources in the terminal device based on the access control list 1, the access control list 2 with the access control role of owner2 is included in the terminal device, and the credential management server 2 is allowed to control security resources in the terminal device based on the access control list 2.

In practical application, among access control roles included in an access control list of a terminal device, a part of access control roles are common roles of a plurality of different access devices, and the part of access control roles respectively correspond to the different access devices.

Optionally, the access control list is pre-arranged in the terminal device. The access control list in the terminal device may be preset in the terminal device before shipment, and the access control list preset in the terminal device may not be cleared when the terminal device is initialized.

Optionally, the access control list is configured by the activation device.

Taking the access control list as an example, the activation device comprises: the activation equipment of the security domain where the terminal equipment is located; or an activation device of a security domain other than the security domain in which the terminal device is located.

When the activation device is an activation device of a security domain other than the security domain in which the terminal device is located, the access control list is configured to the terminal device when the terminal device is configured by the activation device of the security domain other than the security domain in which the terminal device is located.

In the embodiment of the invention, in the access control roles of the access control list included in the terminal equipment by one role, the active equipment of other security domains no longer configures the access control list of the role in the access control roles to the terminal equipment, so that the same access control list can be shared in a plurality of security domains with the same roles, and repeated configuration of the access control list is avoided.

In the case where the access control list is configured by the active device of the current security domain, before step S501, as shown in fig. 6, it includes: in step S600, the activation device configures an access control list to the terminal device.

The access control list is used for at least one access control role of the access control list, wherein the role of the access equipment is included, and the terminal equipment allows the access equipment to configure the security resources in the terminal equipment.

Optionally, the access control list further includes at least one of: and corresponding to the security resources and the operation authorities which are allowed to be accessed by the access control roles.

In the embodiment of the present invention, before step S502, as shown in fig. 7, step S701 is included: and the terminal equipment authenticates the role certificate of the access equipment according to the trust root so as to confirm the role of the access equipment.

Here, the root of trust includes a key such as a public key for authenticating the role certificate of the access device, and the signature of the role certificate of the access device is verified by the key to verify the validity of the role certificate, thereby confirming the role of the access device. Here, if the signature verification of the role certificate of the access device passes, a certificate authority (Certificate Authority, CA) that characterizes the access device and the CA of the terminal device are the same CA or CA that are mutually trusted, and the role certificate of the access device is legal.

In practical application, the trust root may further include information such as a certificate chain for determining the CA issuing the role certificate, where when the terminal device verifies the role certificate of the access device according to the trust root, the CA of the access device is determined.

Optionally, the root of trust is the same root of trust for access devices of different security domains. Optionally, the root of trust is a different root of trust for access devices of different security domains.

The role certificates of the access devices of different security domains are different, and roles in different role certificates may be the same or different. The access devices of different security domains have the same CA, and then the access devices of different security domains are authenticated by the same trust root, and the access devices of different security domains have different CAs, and then the access devices of different security domains are authenticated by different trust roots.

Optionally, the trust root is pre-placed in the terminal device. The trust root in the terminal equipment can be preset in the terminal equipment before leaving the factory, and the trust root preset in the terminal equipment cannot be removed when the terminal equipment is initialized.

Optionally, the root of trust is configured by the activation device.

Taking the configuration of the root of trust by an activation device as an example, the activation device comprises: the activation equipment of the security domain where the terminal equipment is located; or an activation device of a security domain other than the security domain in which the terminal device is located.

When the activation device is an activation device of a security domain other than the security domain in which the terminal device is located, the activation device of the security domain other than the security domain in which the terminal device is located configures a root of trust to the terminal device.

In the embodiment of the invention, under the condition that the trust root authenticating the access equipment role certificates of the plurality of security domains is the same trust root, after the trust root is arranged in the terminal equipment, the active equipment of other security domains does not configure the trust root to the terminal equipment, so that the same trust root can be shared in the plurality of security domains, and repeated configuration of the trust root is avoided.

In the embodiment of the invention, under the condition that the access control list and the trust root are preset, the access control list corresponding to the security domains is configured, so that the OTM operation is not required to be repeated when the access control list is configured each time, and the excessive and complicated resource master configuration is avoided.

In the case where the root of trust is configured by the active device of the current security domain, prior to step S501, as shown in fig. 7, it includes: in step S700, the activation device configures a trust root for the terminal device.

The trust root is used for authenticating the role certificate of the access device by the terminal device so as to confirm the role of the access device.

In an embodiment of the present invention, before the terminal device enters the security domain, the method further includes:

the terminal equipment reserves configuration information corresponding to the safety resource; or initializing configuration information corresponding to the safety resource by the terminal equipment.

Here, the configuration information of the secure resource is the configuration of the secure resource by the access device in the secure domain before the terminal device.

And under the condition that the terminal equipment reserves the configuration information corresponding to the security resource, the terminal equipment reserves the configuration information in the previous security domain, so that when the current security domain moves to the previous security domain, the terminal equipment can directly perform interconnection and intercommunication with the equipment in the previous security domain based on the reserved configuration information.

And under the condition that the terminal equipment initializes the configuration information corresponding to the safety resource, clearing the configuration information in the previous safety domain in the terminal equipment, and restoring the factory setting.

Here, the configuration information is mainly initialization information of security resources such as owner resources, credential resources, status resources, and the like configured in the previous security domain. The terminal device is sold or transferred to others and the information previously configured by the user should be emptied to restore the terminal device to a non-home state. The terminal device is not sold or transferred, but enters a new security domain, and various initialization information configured by the previous security domain can be reserved.

Optionally, the reservation condition of the terminal device for reserving the configuration information corresponding to the secure resource includes at least one of the following: receiving a reservation instruction for indicating to reserve the configuration information; and not receiving an initialization instruction indicating to initialize the configuration information.

Optionally, the initializing condition of the terminal device for initializing the configuration information corresponding to the secure resource includes at least one of the following: receiving an initialization instruction for initializing the configuration information; and not receiving a reservation instruction indicating to reserve the configuration information.

Optionally, the terminal device defaults to retain the configuration information, and the terminal device may output a hint whether the configuration information is initialized before entering the security domain. Initializing configuration information corresponding to the security resource under the condition that an initialization instruction for initializing the configuration information is received by a user; and under the condition that an initializing instruction of initializing the configuration information is not received by a user, reserving the configuration information corresponding to the security resource.

Optionally, the terminal device defaults to initialize the configuration information, and before entering the security domain, the terminal device may output a prompt about whether the configuration information is reserved. Under the condition that a reservation instruction of a user for indicating to reserve the configuration information is received, reserving the configuration information corresponding to the security resource; and initializing the configuration information corresponding to the security resource under the condition that a reservation instruction of a user for indicating to reserve the configuration information is not received.

The access control method provided by the embodiment of the invention comprises the following steps: the terminal equipment determines the role of the access equipment of the security domain; in case that the role of the access device is included in at least one access control role of the access control list of the terminal device, the terminal device allows the access device to configure the security resources in the terminal device. Because the access control list is set in the terminal equipment, when the role of the access equipment is included in the access control role of the access control list, the access equipment can be considered to have configuration authority on the security resources in the terminal equipment, and the access equipment is allowed to configure the security resources in the terminal equipment, so that the configuration of the access equipment in different security domains on the security resources in the terminal equipment is realized based on the access control list, the repeated tedious configuration process of resource owners can be avoided, and the access isolation of the terminal equipment in different security domains is broken.

In the access control method provided by the embodiment of the invention, when a Trust root (TA) is preset or configured by an activation device, an ACL is preset or configured by the activation device, and the access control method provided by the embodiment of the invention comprises the following scenes:

scene 1, TA presetting, ACL presetting;

scene 2, TA preset, ACL is configured by OBT;

scene 3, TA is configured by OBT, ACL is configured by OBT;

scene 4, TA is configured by the OBT, ACL preset.

The role of the ACL is to enable the opposite terminal equipment to have corresponding rights according to the role of the opposite terminal equipment, and the ACL sets a necessary role of oic.owner to access the credential resource, so that the role of the CMS must be authenticated as oic.owner to configure the credential resource.

The TA is used to authenticate the identity of the role certificate of the CMS, and after the terminal device receives the role certificate declared by the CMS, the TA is used to verify whether the role certificate is legal, if so, the device considers that the CMS has the role identity in the role certificate, such as oic.

In the present invention, the role authority set by the ACL is oic.owner1, and the TA-authenticatable certificate is a certificate of oic.owner2 role. When the CMS is connected with the character certificate of oic.owner1, the identity of the oic.owner1 character cannot be verified due to the fact that the proper TA is not available; when the CMS is connected with the oic.owner2 role certificate, the role identity can be verified, but no corresponding configuration authority exists due to mismatch of ACLs. Therefore, the ACL and the TA have an association relationship (such as both being associated to the oic.owner) to play a role, thereby ensuring the validity of the peer device.

In the following, the embodiment of the present invention uses a terminal device as a mobile device and an access device as a CMS as an example, and describes a provided access control method through different application scenarios. In the embodiments, the access control method provided by the embodiments of the present invention is described by taking the access device as the CMS in the first to third embodiments, and in practical application, when the access device is an OBT, the interaction between the OBT and the mobile device may refer to the interaction between the CMS and the mobile device.

Example one

The mobile device presets an access control list for an owner role (oic.owner). When the accessed peer device, i.e., the access device, authenticates as being oic. The access control list may be configured in the form of ACL resources.

In one example, the contents of the ACL security resource include the following:

the ACL described above indicates that the peer device with role authentication of oic. "/oic/sec/doxm", "/oic/sec/cred" and "/oic/sec/pstat".

Role certificates are preset in the OBT and the CMS. The public and private keys of the role certificate adopt the public and private keys of the corresponding devices, and the role ID of the certificate is marked in a certificate public field, such as' oic. The role certificates preset by the OBT and CMS in each network all use the same oic.owner role.

When the mobile device purchased by the user Dad enters the home network and the office network respectively, the mobile device can work in the two networks respectively through configuration. And, the mobile device can be seamlessly handed over after moving from one network to another.

The flow of configuration of a mobile device in two networks is shown in fig. 8, comprising:

step S801, the mobile device enters a home network.

The user Dad makes the mobile device enter a Home network, namely a network 1, wherein the owner of the Home network is a Mom mobile phone APP (OBT), and the credential management server in the Home network is a Home CMS and is responsible for managing and configuring the credentials of the devices in the Home network.

Here, before step S801, further includes: step S800: an ACL is preset.

Step S802, the mobile equipment enters a configuration state.

Dad sets the mobile device to enter a configuration state.

Step S803, the mobile device confirms whether to retain the previous configuration information.

The mobile device asks the user Dad whether to keep the previous configuration information through the man-machine interface, and if the user response is no, all the configuration information needs to be cleared.

Step S804, the mobile device clears all configuration information.

And the user Dad determines that the previous configuration information is not reserved, the mobile equipment clears all the configuration information, and factory settings are restored.

And (5) establishing OTM connection between the OBT of the step S805 and Mom and the mobile equipment.

The OBT of step S806, mom configures TA1 to the mobile device.

Mom's OBT configures the mobile device, writes a Trust root Anchor (TA 1) for the role certificate of Home CMS, namely role certificate. TA1 is used to authenticate the legitimacy of the Home CMS's role certificate. For example, TA1 signs the certificate for the public key of the certificate authority CA, from which the CA public key can be extracted to verify the signature of the role certificate.

At this time, the OBT of Mom completes OTM configuration, and the mobile device starts P2P credential configuration with the Home CMS.

Step S807, the Home CMS establishes a role-based secure connection with the mobile device.

The mobile device uses TA1 to authenticate the role certificate of the Home CMS, and confirms the oic.owner role identity of the Home CMS, so that a role-based connection is established with the mobile device.

Here, establishing the role-based secure connection as a connection established using the role certificate includes: roles of the peer devices are confirmed using the role certificate. Here, authentication is a different role, and then has a different access control authority.

Step S808, the Home CMS configures the security credential Cred1 to the per-oic/sec/Cred resource of the mobile device.

The security credential Cred1 is configured, for example, by the following update request.

Step S809, the mobile device allows the configuration of the Home CMS pair/oic/sec/seed resources according to the preset ACL and the oic.owner role of the Home CMS.

Step S8010, home CMS configures the mobile device to enter a normal working state.

Step S8011, the mobile device enters an office network.

Dad carries the mobile device into the Office network, network 2, the obs of Boss by Office network owner, and the credentials of the devices in the Office network are managed and configured by Office CMS.

Step S8012, the mobile device enters a configuration state.

Dad sets the mobile device to enter a configuration state.

Step S8013, the mobile device confirms whether to retain the previous configuration information.

The mobile device asks the user Dad whether to keep the previous configuration information through the man-machine interface, and if the user response is yes, all the configuration information needs to be kept.

Step S8014, the mobile device retains the existing configuration information.

Dad determines that configuration information was previously retained, and the mobile device does not clear the configuration information, allowing a new OTM connection to be established.

In step S8015, the OBT of Boss establishes an OTM connection with the mobile device.

The OBT of step S8016, boss configures TA2 to the mobile device.

The OBT of Boss configures the mobile device, writes the role certificate Trust Anchor (TA 2) of Office CMS. The TA2 is used to authenticate the legitimacy of the role certificate of Office CMS.

At this point, the obs's OBT completes OTM configuration, and the mobile device starts P2P credential configuration with the Office CMS.

Step S8017, office CMS establishes a role-based secure connection with the mobile device.

The Office CMS establishes a role-based connection with the mobile device, and the mobile device uses TA2 to authenticate the role certificate of the Office CMS and confirms the Oc.owner role identity of the Office CMS.

Step S8018, office CMS configures security credentials Cred2 to the mobile device' S/oic/sec/Cred resources.

For example:

in step S8019, the mobile device allows configuration of the per-oic/sec/shared resource according to the preset ACL and the oic.owner role of the Office CMS.

Step S8020, office CMS configures the mobile device to enter a normal working state.

At this time, the mobile device of the user Dad can be interconnected and intercommunicated with other intelligent devices of the security domain in the office network, so that various intelligent scenes are realized. After the user Dad carries the mobile equipment to go home, the mobile equipment is connected with a home network, and can be interconnected and communicated with other intelligent equipment in a home security domain, so that various intelligent scenes are realized.

Example two

The mobile device does not preset an owner role (oic.owner) oriented ACL access control list.

The OBT and CMS then preset role certificates. The public and private keys of the role certificate adopt the public and private keys of the corresponding devices, and the role ID of the certificate is marked in a certificate public field, such as' oic. The role certificate preset by the Mom's OBT and Home CMS corresponds to the oic.owner.home role, i.e. the role ID of the certificate is designated as oic.owner.home in the certificate disclosure field. The role certificate preset by the obs and the Boss CMS corresponds to the oic.owner.office role, i.e. the role ID of the certificate is designated as oic.owner.office in the certificate disclosure field.

The flow of configuration of a mobile device in two networks is shown in fig. 9, comprising:

step S901, the mobile device enters a home network.

The user Dad makes the mobile device enter a Home network, namely a network 1, wherein the Home network owner is Mom mobile phone APP (OBT), and the certificate management server in the Home network is Home CMS and is responsible for managing and configuring certificates of devices in the Home network.

Step S902, the mobile device enters a configuration state.

Dad sets the mobile device to enter a configuration state.

Step S903, the mobile device confirms whether to retain the previous configuration information.

Step S904, the mobile device clears all configuration information.

The OBT of step S905, mom establishes an OTM connection with the mobile device.

The OBT of step S906, mom configures TA1 and ACL1 to the mobile device.

Mom's OBT configures the mobile device, trust root Trust Anchor (TA 1) and ACL1, which write the role certificate of Home CMS. Wherein, TA1 is used to authenticate the validity of the role certificate of Home CMS. For example, TA1 signs the certificate for the public key of the certificate authority CA, from which the CA public key can be extracted to verify the signature of the role certificate. ACL1 is a peer device that authenticates the Oic.owner role is allowed full control of native "/Oic/sec/doxm", "/Oic/sec/cred" and "/Oic/sec/pstat" resources.

In one example, ACL1 is:

Step S907, the Home CMS establishes a role-based secure connection with the mobile device.

The Home CMS establishes a role-based connection with the mobile device, and the mobile device uses TA1 to authenticate the role certificate of the Home CMS and confirm the oic.

Step S908, home CMS configures security credential Cred1 to the per-oic/sec/Cred resource of the mobile device.

/>

In step S909, the mobile device allows the configuration of the Home CMS pair/oic/sec/shared resources according to the configured ACL and the oic.

Step S9010, home CMS configures the mobile device to enter a normal working state.

Step S9011, the mobile device enters an office network.

Step S9012, the mobile device enters a configuration state.

Dad sets the mobile device to enter a configuration state.

Step S9013, the mobile device confirms whether to retain the previous configuration information.

Step S9014, the mobile device retains the existing configuration information.

The user Dad determines to keep the configuration information before, and the mobile device does not clear the configuration information, allowing a new OTM connection to be established.

The OBT of step S9015, boss establishes an OTM connection with the mobile device.

The OBT of steps S9016, boss configures TA2 and ACL2 to the mobile device.

The OBT of Boss configures the mobile device, writes the role certificate Trust Anchor (TA 2) and ACL2 of Office CMS. This TA2 is used to authenticate the legitimacy of the role certificate of the Home CMS. For example, TA2 signs the certificate for the public key of the certificate authority CA, from which the CA public key can be extracted to verify the signature of the role certificate. ACL2 is a peer device that authenticates the Oic.owner role is allowed full control of native "/Oic/sec/doxm", "/Oic/sec/cred" and "/Oic/sec/pstat" resources.

In one example, ACL2 is:

Step S9017, office CMS establishes a role-based secure connection with the mobile device.

The Office CMS establishes a role-based connection with the mobile device, and the mobile device uses TA2 to authenticate the role certificate of the Office CMS and confirm the oic.

Step s9018, office CMS configures security credentials Cred2 to the mobile device's/oic/sec/Cred resources. For example:

in step S9019, the mobile device allows the configuration of the Office CMS pair/oic/sec/shared resources according to the configured ACL and the oic.owner.office role of the Office CMS.

Step S9020, office CMS brings the mobile device into a normal operating state.

At this time, the mobile device of the user Dad can be interconnected and intercommunicated with other intelligent devices in the security domain in the office network, so that various intelligent scenes are realized. After the user Dad carries the mobile equipment to go home, the mobile equipment is connected with a home network, and can be interconnected and communicated with other intelligent equipment in a home security domain, so that various intelligent scenes are realized.

Example III,

The general TA and ACL are preset in the mobile equipment.

Assume that the role certificates of all the OBT and CMS are issued by the same certificate authority CA. The device presets the TA of the role certificate corresponding to the private key used for issuing the role certificate by the CA, and the TA can be used for verifying the signature of the role certificate so as to verify the validity of the role certificate.

The device presets an owner role (oic.owner) oriented ACL. When the accessed peer device authenticates as being oic.

For example, the terminal device is preset with the following ACL:

/>

the ACL resources described above represent "/oic/sec/doxm", "/oic/sec/cred" and "/oic/sec/pstat" resources that the peer device authenticated as being in the oic.owner role is allowed to fully control.

The OBT and CMS preset role certificates. The public and private keys of the role certificate adopt the public and private keys of the corresponding devices, and the role ID of the certificate is marked in a certificate public field, such as' oic. The role certificates preset by the OBT and CMS in each network all use the same oic.owner role.

When the mobile device purchased by the user Dad enters the home network and the office network respectively, the mobile device can work in the security domains in the two networks respectively through configuration. And, the mobile device can be seamlessly handed over after moving from one network to another.

The flow of configuration of a mobile device in two networks is shown in fig. 10, comprising:

step S1001, the mobile device enters the home network.

The user Dad makes the mobile device enter a Home network, the owner of the Home network is a Mom mobile phone APP (OBT), and a credential management server in the Home network is a Home CMS and is responsible for managing and configuring credentials of the device in the Home network.

Here, before step S1001, further includes: step S1000: ACLs and TAs are preset.

Step S1002, the mobile device enters a configuration state.

Dad sets the mobile device to enter a configuration state.

And step S1003, building OTM connection between the OBT of Mom and the mobile equipment, and performing owner configuration.

Step s1004. The OBT of mom completes OTM configuration, instructing the Home CMS to start configuring mobile device P2P credentials.

Step S1005, the Home CMS establishes a role-based secure connection with the mobile device.

Step S1006.Home CMS configures security credential Cred1 to the mobile device's/oic/sec/Cred resources.

For example, the security credential Cred1 is configured by the following update request:

step S1007, the mobile device allows configuration of the Home CMS pair/oic/sec/seed resources according to the preset ACL and the oic.owner role of the Home CMS.

Step S1008, home CMS makes the mobile device enter a normal working state.

Step S1009, the mobile device enters an office network.

Dad carries the mobile device into the Office network, network 2, the obs of Boss by Office network owner, and the credentials of the devices in the Office network are managed and configured by Office CMS. After the mobile equipment enters the office network, the OBT of the office network, namely the OBT of Boss, is found.

Step S10010, the mobile device enters a configuration state.

The user Dad sets the mobile device to enter a P2P credential configuration state.

Here, with unified TA, no TA configuration is required, and therefore, the OBT step between the mobile device and the OBT of Boss can be skipped.

The OBT of step S10011, boss instructs the Office CMS to begin configuring the mobile device P2P credentials.

Step S10012, office CMS establishes a role-based secure connection with the mobile device.

The Office CMS establishes a role-based connection with the mobile device, and the mobile device uses a pre-configured TA (each CMS role certificate can be authenticated with the TA) to authenticate the role certificate of the Office CMS, and confirms the oic.owner role identity of the Office CMS.

Step S10013, the office CMS configures a security credential Cred2 to the mobile device' S/oic/sec/shared resource.

The security credential Cred2 is configured, for example, by the following update request.

Step S10014, the configuration of the node/sec/seed resources is allowed by the node CMS according to the preset ACL and the node/source role of the node CMS.

Step S10015, office CMS brings the mobile device into a normal operating state.

At this time, the Dad mobile device can be interconnected and intercommunicated with other intelligent devices in the security domain in the office network, so as to realize various intelligent scenes. After Dad carries the mobile equipment home, the mobile equipment is connected with a home network, and can be interconnected and communicated with other intelligent equipment in a home security domain, so that various intelligent scenes are realized.

In order to implement the above access control method, an embodiment of the present invention further provides a terminal device 1100, as shown in fig. 11, including:

a role determination module 1101 configured to determine a role of an access device of a security domain in which the access device is located;

and the permission management module 1102 is configured to allow the access device to configure the security resources in the terminal device by including the role of the access device in at least one access control role in the access control list of the terminal device, wherein the access control role is a role allowed to configure the security resources.

In the embodiment of the present invention, the role determination module 1101 is further configured to determine the role of the access device according to the public field in the role certificate of the access device.

In the embodiment of the present invention, the access list includes: security resources allowed to be accessed corresponding to the access control roles;

the rights management module 1102 is further configured to allow the access device to configure a target secure resource in the terminal device, where the target secure resource is a secure resource that corresponds to a role of the access device and is allowed to be accessed.

In the embodiment of the present invention, the access control list further includes: the operation authority corresponding to the access control role;

And the permission management module 1102 is further configured to allow the access device to perform configuration corresponding to a target operation permission on the security resource in the terminal device, wherein the target operation permission is an operation permission corresponding to a role of the access device.

In the embodiment of the invention, for the access devices in different security domains, the access control list is the same access control list, and the roles of the access devices in different security domains are the same; or (b)

The access control list is different for access devices of different security domains, and the roles of the access devices of different security domains are different.

In the embodiment of the invention, the access control list is pre-arranged in the terminal equipment;

or the access control list is configured by the active device.

In the embodiment of the present invention, the terminal device 1100 further includes:

and the role authentication module is configured to authenticate the role certificate of the access device according to the trust root so as to confirm the role of the access device.

In the embodiment of the invention, for access devices in different security domains, the trust root is the same trust root, or

The root of trust is a different root of trust for access devices of different security domains.

In an embodiment of the present invention,

the trust root is pre-arranged in the terminal equipment; or (b)

The root of trust is configured by the activation device.

In an embodiment of the present invention, the activating device includes:

the activation equipment of the security domain where the terminal equipment is located; or (b)

And activating devices of other security domains except the security domain where the terminal device is located.

In the embodiment of the present invention, the terminal device 1100 further includes: a configuration update module configured to: before the terminal equipment enters the security domain, the configuration information corresponding to the security resource is reserved or initialized.

In the embodiment of the present invention, the reservation condition of the terminal device for reserving the configuration information corresponding to the security resource includes at least one of the following:

receiving a reservation instruction for indicating to reserve the configuration information; and

an initialization instruction indicating to initialize the configuration information is not received.

In the embodiment of the present invention, the initializing condition for initializing the configuration information corresponding to the secure resource by the terminal device includes at least one of the following:

receiving an initialization instruction for initializing the configuration information; and

a reservation instruction indicating to reserve the configuration information is not received.

The embodiment of the invention also provides a terminal device, which comprises a processor and a memory for storing a computer program capable of running on the processor, wherein the processor is used for executing the steps of the access control method executed by the terminal device when the computer program runs.

In order to implement the above access control method, an embodiment of the present invention further provides an access device 1200, including:

a sending module 1201 configured to send the role of the access device to a terminal device in the security domain; in the case where the role of the access device is included in at least one access control role in the access control list of the terminal device, the terminal device allows the access device to configure the secure resource in the terminal device, the access control role being a role that is allowed to perform configuration of the secure resource.

In this embodiment of the present invention, the sending module 1201 is further configured to send a role certificate to the terminal device, where a public field of the role certificate includes a role of the access device.

In the embodiment of the invention, the roles of the access devices in different security domains are the same; or the roles of the access devices of different security domains.

The embodiment of the invention also provides an access device, which comprises a processor and a memory for storing a computer program capable of running on the processor, wherein the processor is used for executing the steps of the access control method executed by the access device when the computer program runs.

The embodiment of the present invention further provides an activation device 1300, including:

a list configuration module 1301, configured to configure an access control list to a terminal device, where the access control list is used for an access control role of the access control list and includes a role of an access device, the terminal device allows the access device to configure a security resource in the terminal device, and the access control role is a role of being allowed to configure the security resource.

In the embodiment of the present invention, the access control list further includes at least one of the following:

and the security resources and the operation authorities which correspond to the access control roles and are allowed to be accessed.

In an embodiment of the present invention, the activation device 1300 further includes:

the root configuration module is configured to configure a trust root for the terminal equipment, wherein the trust root is used for authenticating the role certificate of the access equipment by the terminal equipment so as to confirm the role of the access equipment.

The embodiment of the invention also provides an activating device, which comprises a processor and a memory for storing a computer program capable of running on the processor, wherein the processor is used for executing the steps of the access control method executed by the activating device when the computer program runs.

Fig. 14 is a schematic diagram of a hardware composition structure of an electronic device (a terminal device, an access device, or an activation device) according to an embodiment of the present invention, and an electronic device 1400 includes: at least one processor 1401, memory 1402, and at least one network interface 1404. The various components in electronic device 1400 are coupled together by bus system 1405. It is appreciated that bus system 1405 is used to enable connected communications between these components. Bus system 1405 includes a power bus, a control bus, and a status signal bus in addition to a data bus. But for clarity of illustration the various buses are labeled as bus system 1405 in fig. 14.

It is to be appreciated that memory 1402 can be either volatile memory or nonvolatile memory, and can include both volatile and nonvolatile memory. Wherein the nonvolatile Memory may be ROM, programmable read-Only Memory (PROM, programmable Read-Only Memory), erasable programmable read-Only Memory (EPROM, erasable Programmable Read-Only Memory), electrically erasable programmable read-Only Memory (EEPROM, electrically Erasable Programmable Read-Only Memory), magnetic random access Memory (FRAM, ferromagnetic random access Memory), flash Memory (Flash Memory), magnetic surface Memory, optical disk, or compact disk read-Only Memory (CD-ROM, compact Disc Read-Only Memory); the magnetic surface memory may be a disk memory or a tape memory. The volatile memory may be random access memory (RAM, random Access Memory), which acts as external cache memory. By way of example, and not limitation, many forms of RAM are available, such as static random access memory (SRAM, static Random Access Memory), synchronous static random access memory (SSRAM, synchronous Static Random Access Memory), dynamic random access memory (DRAM, dynamic Random Access Memory), synchronous dynamic random access memory (SDRAM, synchronous Dynamic Random Access Memory), double data rate synchronous dynamic random access memory (ddr SDRAM, double Data Rate Synchronous Dynamic Random Access Memory), enhanced synchronous dynamic random access memory (ESDRAM, enhanced Synchronous Dynamic Random Access Memory), synchronous link dynamic random access memory (SLDRAM, syncLink Dynamic Random Access Memory), direct memory bus random access memory (DRRAM, direct Rambus Random Access Memory). Memory 1402 described by embodiments of the present invention is intended to comprise, without being limited to, these and any other suitable types of memory.

Memory 1402 in embodiments of the present invention is used to store various types of data to support the operation of electronic device 1400. Examples of such data include: any computer program for operating on the electronic device 1400, such as application 14021. A program for implementing the method of the embodiment of the present invention may be included in the application program 14021.

The method disclosed in the above embodiment of the present invention may be applied to the processor 1401 or implemented by the processor 1401. The processor 1401 may be an integrated circuit chip with signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuitry of hardware in the processor 1401 or instructions in the form of software. The processor 1401 as described above may be a general purpose processor, a digital signal processor (DSP, digital Signal Processor), or other programmable logic device, discrete gate or transistor logic device, discrete hardware components, or the like. The processor 1401 may implement or perform the methods, steps, and logic blocks disclosed in embodiments of the present invention. The general purpose processor may be a microprocessor or any conventional processor or the like. The steps of the method disclosed in the embodiment of the invention can be directly embodied in the hardware of the decoding processor or can be implemented by combining hardware and software modules in the decoding processor. The software modules may be located in a storage medium including memory 1402, and processor 1401 reads information in memory 1402 and performs the steps of the methods described above in connection with its hardware.

In an exemplary embodiment, the electronic device 1400 may be implemented by one or more application specific integrated circuits (ASIC, application Specific Integrated Circuit), DSPs, programmable logic devices (PLDs, programmable Logic Device), complex programmable logic devices (CPLDs, complex Programmable Logic Device), FPGAs, general purpose processors, controllers, MCUs, MPUs, or other electronic elements for performing the aforementioned methods.

The embodiment of the invention also provides a storage medium for storing the computer program.

Optionally, the storage medium may be applied to a terminal device in the embodiment of the present invention, and the computer program makes a computer execute corresponding flows in each method in the embodiment of the present invention, which is not described herein for brevity.

Optionally, the storage medium may be applied to the access device in the embodiment of the present invention, and the computer program makes the computer execute the corresponding flow in each method in the embodiment of the present invention, which is not described herein for brevity.

Optionally, the storage medium may be applied to the activating device in the embodiment of the present invention, and the computer program makes the computer execute the corresponding flow in each method in the embodiment of the present invention, which is not described herein for brevity.

The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

The above description is not intended to limit the scope of the invention, but is intended to cover any modifications, equivalents, and improvements within the spirit and principles of the invention.

Claims

1. An access control method, comprising:

under the condition that the terminal equipment moves in different security domains, the terminal equipment determines the roles of access equipment in the security domain;

and under the condition that at least one access control role of the access control list of the terminal equipment comprises the role of the access equipment, the terminal equipment allows the access equipment to configure the security resources in the terminal equipment, wherein the access control role is a role allowed to configure the security resources, the terminal equipment comprises at least one access control list, and for the access equipment of different security domains, the access control list is the same access control list or different access control lists.

2. The method of claim 1, wherein,

the access control list is pre-arranged in the terminal equipment;

or the access control list is configured by the active device.

3. The method according to claim 1 or 2, wherein,

for access devices in different security domains, the access control list is the same access control list, and the roles of the access devices in different security domains are the same; or (b)

4. The method according to claim 1 or 2, wherein the access control list further comprises: security resources allowed to be accessed corresponding to the access control roles;

the terminal device allows the access device to configure the secure resource in the terminal device, including:

the terminal equipment allows the access equipment to configure target security resources in the terminal equipment, wherein the target security resources are security resources which correspond to roles of the access equipment and are allowed to be accessed.

5. The method of claim 1 or 2, wherein the access control list further comprises: the operation authority corresponding to the access control role;

the terminal equipment allows the access equipment to carry out configuration corresponding to target operation authority on the security resources in the terminal equipment, wherein the target operation authority is the operation authority corresponding to the role of the access equipment.

6. The method of claim 1, wherein the method further comprises:

and the terminal equipment authenticates the role certificate of the access equipment according to the trust root so as to confirm the role of the access equipment.

7. The method of claim 6, wherein,

for access devices of different security domains, the trust root is the same trust root, or

8. The method of claim 6, wherein,

the trust root is pre-arranged in the terminal equipment; or (b)

The root of trust is configured by the activation device.

9. The method of claim 2 or 8, wherein the activating device comprises:

10. The method of any of claims 1, 2, 6 to 8, wherein before the terminal device enters a security domain of a different security domain, the method further comprises:

11. The method of claim 10, wherein the reservation condition of the terminal device for reserving the configuration information corresponding to the security resource comprises at least one of:

12. The method of claim 10, wherein the initializing condition of the terminal device to initialize the configuration information corresponding to the secure resource comprises at least one of:

13. The method of any of claims 1, 2, 6 to 8, wherein the determining, by the terminal device, the role of the access device of the security domain in which it is located comprises:

The terminal device determines the role of the access device from a public field in the role certificate sent by the access device.

14. An access control method, comprising:

under the condition that the terminal equipment moves in different security domains, the access equipment sends the role of the access equipment to the terminal equipment in the security domain; in the case that the role of the access device is included in at least one access control role in the access control list of the terminal device, the terminal device allows the access device to configure the security resource in the terminal device, where the access control role is a role allowed to configure the security resource, and the terminal device includes at least one access control list, and for access devices in different security domains, the access control list is the same access control list or the access control list is a different access control list.

15. The method of claim 14, wherein the sending, by the access device, the role of the access device to the terminal device of the security domain in which it is located comprises:

and the access device sends a role certificate to the terminal device of the security domain where the access device is located, and the public field of the role certificate comprises the role of the access device.

16. The method according to claim 14 or 15, wherein,

the roles of the access devices of the different security domains are different.

17. An access control method, the method comprising:

the method comprises the steps that an activating device configures an access control list to a terminal device, wherein the access control list is used for enabling the terminal device to configure security resources in the terminal device according to at least one access control role of the access control list under the condition that the terminal device moves in different security domains, the access control list is used for enabling the terminal device to configure the security resources, the access control role is used for enabling the terminal device to configure the security resources, the terminal device comprises at least one access control list, and for access devices in different security domains, the access control list is the same access control list or different access control lists.

18. The method of claim 17, wherein the access control list further comprises at least one of:

19. The method according to claim 17 or 18, wherein the method further comprises:

The activation device configures a trust root for the terminal device, where the trust root is used for the terminal device to authenticate the role certificate of the access device to confirm the role of the access device.

20. A terminal device, comprising:

the role determination module is configured to determine the roles of the access devices in the security domains under the condition of moving in different security domains;

and the permission management module is configured to allow the access equipment to configure the security resources in the terminal equipment under the condition that at least one access control role of the access control list of the terminal equipment comprises the role of the access equipment, wherein the access control role is a role allowed to configure the security resources, the terminal equipment comprises at least one access control list, and the access control list is the same access control list or different access control lists for the access equipment of different security domains.

21. The terminal device of claim 20, wherein,

the access control list is pre-arranged in the terminal equipment;

or the access control list is configured by the active device.

22. The terminal device according to claim 20 or 21, wherein,

23. The terminal device according to claim 20 or 21, wherein the access control list comprises: security resources allowed to be accessed corresponding to the access control roles;

the permission management module is further configured to allow the access device to configure a target secure resource in the terminal device, wherein the target secure resource is a secure resource which corresponds to the role of the access device and is allowed to be accessed.

24. The terminal device of claim 20 or 21, wherein the access control list further comprises: the operation authority corresponding to the access control role;

the permission management module is further configured to allow the access device to perform configuration corresponding to target operation permission on the security resources in the terminal device, wherein the target operation permission is the operation permission corresponding to the role of the access device.

25. The terminal device of claim 20, wherein the terminal device further comprises:

26. The terminal device of claim 25, wherein,

27. The terminal device of claim 25, wherein,

the trust root is pre-arranged in the terminal equipment; or (b)

The root of trust is configured by the activation device.

28. The terminal device of claim 21 or 27, wherein the activation device comprises:

29. The terminal device of any of claims 20, 21, 25 to 27, wherein the terminal device further comprises:

a configuration update module configured to: before the terminal equipment enters a security domain in different security domains, the configuration information corresponding to the security resources is reserved or initialized.

30. The terminal device of claim 29, wherein the reservation condition of the terminal device to reserve the configuration information corresponding to the secure resource comprises at least one of:

31. The terminal device of claim 29, wherein the initializing condition of the terminal device to initialize the configuration information corresponding to the secure resource comprises at least one of:

32. The terminal device of any of claims 20, 21, 25 to 27, wherein the role determination module is further configured to determine the role of the access device from a public field in a role certificate sent by the access device.

33. An access device, comprising:

the sending module is configured to send the role of the access device to the terminal device in the security domain where the terminal device moves in different security domains; in the case that the role of the access device is included in at least one access control role in the access control list of the terminal device, the terminal device allows the access device to configure the security resource in the terminal device, where the access control role is a role allowed to configure the security resource, and the terminal device includes at least one access control list, and for access devices in different security domains, the access control list is the same access control list or the access control list is a different access control list.

34. The access device of claim 33, wherein the sending module is further configured to send a role certificate to the terminal device, the role of the access device being included in a public field of the role certificate.

35. The access device of claim 33 or 34, wherein,

the roles of the access devices of the different security domains are the same; or (b)

36. An activation device, comprising:

the list configuration module is configured to configure an access control list for a terminal device, wherein the access control list is used for at least one access control role of the access control list to comprise the role of the access device when the terminal device moves in different security domains, the terminal device allows the access device to configure security resources in the terminal device, the access control role is a role allowed to configure the security resources, the terminal device comprises at least one access control list, and the access control list is the same access control list or different access control lists for the access devices in different security domains.

37. The activation device of claim 36, wherein said access control list further comprises at least one of:

and corresponding to the security resources and the operation authorities which are allowed to be accessed by the access control roles.

38. The activation device of claim 36 or 37, wherein the activation device further comprises:

39. A terminal device comprising a processor and a memory for storing a computer program capable of running on the processor, wherein,

the processor is arranged to execute the steps of the access control method of any of claims 1 to 13 when the computer program is run.

40. An access device comprising a processor and a memory for storing a computer program capable of running on the processor, wherein,

the processor being adapted to perform the steps of the access control method of any of claims 14 to 16 when the computer program is run.

41. An activation device comprising a processor and a memory for storing a computer program capable of running on the processor, wherein,

The processor being adapted to perform the steps of the access control method of any of claims 17 to 19 when the computer program is run.

42. A storage medium storing an executable program which, when executed by a processor, implements the access control method of any one of claims 1 to 13.

43. A storage medium storing an executable program which, when executed by a processor, implements the access control method of any one of claims 14 to 16.

44. A storage medium storing an executable program which, when executed by a processor, implements the access control method of any one of claims 17 to 19.