CN115499210A - Identification-based industrial internet data dynamic access control method and platform - Google Patents

Identification-based industrial internet data dynamic access control method and platform Download PDF

Info

Publication number
CN115499210A
CN115499210A CN202211124140.0A CN202211124140A CN115499210A CN 115499210 A CN115499210 A CN 115499210A CN 202211124140 A CN202211124140 A CN 202211124140A CN 115499210 A CN115499210 A CN 115499210A
Authority
CN
China
Prior art keywords
data
access
identification
authority
industrial internet
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202211124140.0A
Other languages
Chinese (zh)
Other versions
CN115499210B (en
Inventor
田野
任俊绮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Industrial Internet Research Institute
Original Assignee
China Industrial Internet Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Industrial Internet Research Institute filed Critical China Industrial Internet Research Institute
Priority to CN202211124140.0A priority Critical patent/CN115499210B/en
Publication of CN115499210A publication Critical patent/CN115499210A/en
Application granted granted Critical
Publication of CN115499210B publication Critical patent/CN115499210B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/02Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses an identification-based industrial internet data dynamic access control method and platform. The invention firstly designs an identification coding structure of industrial internet data, endows fine-grained access control authority of the data to the identification of the data, feeds back different identifications of the data dynamically according to the condition when a user inquires the data, and accesses specific data resources through the identifications, thereby realizing fine-grained management and dynamic authorization of the access authority. The data access identifier DAID comprises three parts, wherein the first part is a user identifier, the second part is an object identifier, and the third part is authority information. The method has wider characteristics including dynamic property, fine granularity, universality and expandability, and is a data access control method suitable for industrial internet scenes.

Description

Identification-based industrial internet data dynamic access control method and platform
Technical Field
The invention belongs to the technical field of computer network security, and particularly relates to an identification-based industrial internet data dynamic access control method and platform.
Background
The industrial internet is a product of deep integration of a new generation of information communication technology and industrial economy, and a brand new manufacturing and service system covering a whole industrial chain and a whole value chain is constructed by comprehensively connecting people, machines, objects, systems and the like, so that the industrial internet is an important foundation stone of the fourth industrial revolution. Wherein, the data system is the core element of the industrial internet. Through the circulation and sharing of data, the comprehensive connection of the full elements, the full industry chain and the full value chain of the industrial internet can be really realized.
However, there are many challenges facing the open sharing of industrial internet data. First, industrial data is widely available and complex, and each organization has different ways to process and store data, which makes data circulation sharing across organizations and systems challenging. Therefore, it is necessary to provide an access control method to obtain access rights and access paths of heterogeneous data in different places. Secondly, massive industrial data have different sources and different security levels, and need to have finer-grained management and higher security standards in the process of data circulation and sharing, so that industrial internet data access control needs to meet finer-grained management and control and dynamic authorized access.
Existing access control methods can be broadly classified into conventional model-based access control methods (including DAC, MAC, RBAC, ABAC, TBAC, etc.) and blockchain-based access control methods. The methods have the problems of poor storage expandability, unsatisfied fine granularity, lifelong application once authorized, poor safety and the like. Therefore, the patent designs a method for solving the problem of industrial internet data access control in the form of identification + block chains.
Identification is used as a management mode of identity, and more researches endow identification to virtual objects, particularly to a data layer. Thus, it becomes possible to facilitate identification to conduct management and access of data. The identification of the industrial internet can be regarded as an 'identity card' of an object such as a product, a production line or an acquisition terminal. The resolution of the identifier is used for mapping the object from the identifier to the access address across regions, industries and enterprises in the whole industrial internet system, so that the functions of object positioning, information query and the like are realized, and the method is similar to a domain name resolution system (DNS) in the field of the traditional internet.
The MA mark is a mark system which is commonly recognized by three international organizations of international organization for standardization (ISO), european standard office (CEN) and International automatic identification and Mobile technology Association (AIM), and is a component of an ISO/IEC 15459 information technology automatic identification technology and acquisition technology unique mark of the international standard.
The MA coding structure conforms to the international standard ISO/IEC 15459 information technology automatic identification and data acquisition technology unique identification, is a hierarchical coding structure and is divided into three parts, as shown in figure 1.
The first part is user identification and consists of four nodes. The first node is a root identifier prefix 'MA', and is a global code commonly recognized by three organizations of ISO, CEN and AIM; the second node is a country/region or domain code, where the country region code conforms to the ISO 3166-1.2013 code, which is part 1 for the names of countries and their branches: country code (e.g., ma.156 assigned to china), field code assigned by the MA identification code administration committee (e.g., ma.10000 assigned to the industrial internet field); the third node is a region code or an industry code, and the node can be expanded according to application requirements; the fourth node is a user code and is arranged in sequence according to the application sequence in principle.
The second part is identifying object categories.
The third part is the individual code of the user-defined identification object, and the user can define the number of nodes and the number of bits of each node according to the application requirement.
Every two portions are separated by a "-" or "/" symbol and every portion is separated by a "-" symbol. The MA coding supports the combination of Arabic numerals and English letters, and does not distinguish case from case.
One specific example is as follows:
MA.156.110101.8/20.36550104.01/20170630.0010
wherein, MA.156.110101.8 represents user identification, 20.36550104.01 represents object category, and 20170630.0010 represents user-defined identification object individual code.
Disclosure of Invention
The invention aims to provide an identification-based dynamic access control method and platform for industrial internet data to solve the access control problem in the data circulation and sharing process of the industrial internet.
The method comprises the steps of designing an identification coding structure of industrial internet data, endowing fine-grained access control authority of the data to the identification of the data, dynamically feeding back different identifications of the data according to the condition when a user inquires the data, and accessing specific data resources through the identifications. Therefore, fine-grained management and dynamic authorization of the access authority are realized. Furthermore, traceability of the data access process can be achieved through the traceability anti-tampering characteristics of the block chain technology.
The technical scheme of the invention is as follows:
an identification-based industrial internet data dynamic access control method comprises the following steps:
1) Setting a data access identifier DAID for industrial internet data circulation sharing; the DAID comprises three parts, wherein the first part is a user identifier, the second part is an object identifier, and the third part is authority information;
2) The industrial Internet platform registers a user according to the received user registration information, wherein the user is a data owner or a data demand party; the industrial Internet platform sets attributes for corresponding users according to the user registration information;
3) The industrial internet platform forms a data abstract of the data to be uploaded according to the data information of the data to be uploaded by the data owner, and distributes a data identification ID for the data to be uploaded; wherein the data identification ID is composed of the user identification and the object identification;
4) The industrial internet platform issues a data abstract and a data identification ID of the data to be uploaded; adding different authority information to the data identification ID according to a set security level to generate a plurality of different access authority identifiers; setting a corresponding access control strategy for each access authority identifier; uploading the data identification ID, each access authority identifier and the corresponding access control strategy to a strategy management point of the industrial Internet platform;
5) A data access phase, the data requirementsThe party determines an object to be accessed through the data abstract issued on the industrial internet platform, and then sends an access request and a data identification ID corresponding to the object to the industrial internet platform; the access control module of the industrial Internet platform judges the access condition met by the access subject by reading the access control authority in the strategy information point and comparing the access control authority with the access control strategy in the strategy management point, if the access control condition meets the ith access authority identifier ID i Corresponding access condition, then the access authority identifier ID is used i Returning to the accessing agent;
6) The ID of the access authority of the identification resolution module of the industrial Internet platform to the access subject i Analyzing to obtain the access authority identifier ID i And returning the corresponding data resource to the access subject.
Further, the object identifier includes an object category and a custom identifier object individual code, and is used for distinguishing each specific object.
Further, the authority information includes an authority operation code, a content authority code and a authority validity period.
Further, the data information includes a data source and a data sample.
Furthermore, different authority information is added to the data identification ID according to n set security levels, and n different access authority identifiers are generated<ID 1 -ID n >(ii) a Wherein the nth access right identifier ID n =ID/id n ,id n An nth security level identification of an ID for the data identification.
Further, the higher the security level identification, the more data the corresponding access control policy allows access to.
An industrial Internet platform is characterized by comprising an identity authentication module, an identification registration module, an access control module and an identification analysis module; wherein, the first and the second end of the pipe are connected with each other,
the identity authentication module is used for registering the user according to the received user registration information, setting attributes for the corresponding user according to the user registration information, and authenticating the user logging in the industrial Internet platform; the user is a data owner or a data demand party;
the identification registration module is used for forming a data abstract of the data to be uploaded according to the data information of the data to be uploaded by the data owner and distributing a data identification ID to the data to be uploaded; adding different authority information to the data identification ID according to a set security level to generate a plurality of different access authority identifiers; wherein the data identification ID is composed of the user identification and the object identification; each access authority identifier is provided with a corresponding access control strategy;
the access control module is used for storing the data identification ID, each access authority identifier and the corresponding access control strategy; and judging the access condition met by the access subject by reading the access control authority in the policy information point and comparing the access control authority with the access control policy in the policy management point, and if the access condition meets the ith access authority identifier ID i Corresponding access condition, then the access authority identifier ID is used i Returning to the accessing agent;
the identification resolving module is used for resolving the received access authority identifier ID i Analyzing to obtain the access authority identifier ID i And returning the corresponding data resource to the access subject.
The invention has the advantages that:
by using the industrial internet data access control method provided by the invention, the access authority and the access path of data in different hosts and different places can be acquired. Meanwhile, the data owners of the industrial Internet platform and other third-party platforms can guarantee the related rights and interests of the data owners through the method. The novel industrial internet data access identification system designed in the invention can solve the problem of the existing data circulation sharing and break an information island. The ownership verification function added in the identification code can realize fine-grained access authorization to the data resource. The method and the device can realize the query of the access path and ensure the authorization according to the requirement. Compared with other methods, the method has wider characteristics including dynamic property, fine granularity, universality and expandability, and is a data access control method suitable for industrial internet scenes.
a) The dynamic property is realized, the time limit is set for the access control, namely, different access authorities are set for each time the user accesses different data, so that the access authorities are dynamically generated according to the access condition, and the hidden danger of lifelong application after authorization is prevented;
b) The method has fine-grained authorization, different access levels are divided for access subjects, and the vacancy that the traditional method can only carry out fine-grained control based on access attributes is filled;
c) The traceability is realized, and the access records and the authorization records can be traced through the block chain technology;
d) The method has certain safety, and the block chain technology ensures that the access records are prevented from being tampered;
e) The data access identification system designed by the method is compatible with all data types in the existing industrial field.
Drawings
Fig. 1 is a conventional MA identification hierarchical coding data structure.
Fig. 2 shows the DAID coding structure designed by the present invention.
FIG. 3 is a flow chart of the method of the present invention.
Fig. 4 is a flow chart of a data uploading phase.
Fig. 5 is a flow chart of a data access phase.
Detailed Description
The invention will be described in further detail with reference to the following drawings, which are given by way of example only for the purpose of illustrating the invention and are not intended to limit the scope of the invention.
The method of this patent main points mainly include: the access to different-owner different-place heterogeneous data resources is realized through an identification analysis technology; by combining the identification and the access control, the data resources are divided into fine granularities according to the security level, and the problems of fine granularity management and control and dynamic authorization are solved; the traceability of data access control is realized through the traceability anti-tampering characteristic of the block chain technology.
The MA identification coding structure is based on the international standard ISO/IEC 15459 information technology automatic identification and data acquisition technology unique identification, is a tree-shaped structure, and is coded according to a three-section type. The nodes of each section are separated by ". Multidot.n" symbols and each section is separated by "/" symbols, as shown in FIG. 1.
The technical content of the invention is as follows:
1. a novel Data Access Identifier (DAID) for industrial Internet Data circulation sharing is designed. As shown in fig. 2, the identifier optimizes the second and third parts in terms of the coding structure based on the three-segment MA identification system. And the second part integrates the functions of the second and third parts before, so that the specific objects are distinguished. That is, the first part + the second part can completely mark one object. The third part is used for carrying the authority information of the access object.
For example, one Data or Data set Data is identified by an ID in the form of: ID = ma.10000.95000.00001/123.456.789123, { ID } 1 ,ID 2 ,…,ID n Is the new identity, ID, of the data that carries different permissions to access the data n =ID/id n The shape is as follows: id 1 =0001,id 2 =0002,id n =n,
ID 1 =ID/id 1 MA.10000.95000.00001/123.456.789123/0001,
ID 2 =ID/id 2 MA.10000.95000.00001/123.456.789123/0002
2. A fine-grained Access Control method (DBDAC) based on a novel identifier DAID is designed, as shown in fig. 3. The method takes access control based on attributes as a basic idea, distributes corresponding identifiers to which users should be authorized by calculating an access control strategy tree met by a user attribute set, and then transmits and identifies access rights through the identifiers. The detailed description of the data access control model DBDAC is:
a user registration stage:
1) The user can be a data owner or a data demander, and the user needs to register and then log in the platform.
2) The user registers, needs to upload real identity information including but not limited to enterprise name, enterprise registration place, enterprise business license, name of responsible person, telephone, identity card number, and registers the identity of the accessing agent. When the access subject accesses the platform, the platform single sign-on system can be used for authenticating the identity of the user.
3) The platform sets attributes for the user according to the user registration information, and when the user serves as a data demand party to make a data request, a corresponding access strategy can be set for the demand party on the basis of the user attributes and the data security level set by a data owner.
As shown in fig. 4, the data upload phase:
1) And the data owner carries out data preprocessing, fills in a data source and a data sample and uploads the data source and the data sample to the platform to form a data abstract, and meanwhile, the platform automatically distributes a data Identification (ID) to the data or the data set by utilizing an MA identification analysis system, wherein the ID consists of a user identification and an object identification of the MA. E.g., ID = ma.10000.95000.00001/123.456.789123. The data digest is published into the platform along with the data identification ID.
2) Fine-grained ID classification of data set into security levels<ID 1 -ID n >Wherein ID 1 =ID/id 1 ,ID 2 =ID/id 2 ,ID n =ID/id n And the corresponding access control strategy can be set by the user. For example, there are 8 data tables 1 to 8 in the data set 1 For the highest level of security, full data tables 1 through 8 can be accessed 2 Partial data tables 1 and 2 may be accessed for level 2 security levels.
3) Self-owned identification registration module pair through identification analysis system<ID 1 -ID n >And performing identification registration.
4) Will ID and<ID 1 -ID n >and uploading the corresponding access control strategy to the strategy management point.
As shown in fig. 5, the data access phase:
1) And the data requiring party, namely the access subject, checks the data set abstract issued on the industrial Internet platform, finds the object to be accessed, and uploads the access request and the data identification ID corresponding to the data abstract to the platform party.
2) And after receiving the access request, the industrial internet platform calls the access control module.
3) The access control module judges the access condition met by the access subject by reading the access control authority in the policy information point and comparing the access control authority with the access control policy in the policy management point, and if the access control authority meets the security level, the access control authority is ID i Will correspond to the access rights identifier ID i Returning to the Access principal with ID i The same as the security level of the data set. In the policy information point, a storage platform generates a set of permissions for an accessor, and during each access, it needs to determine whether the permission given by the system to the accessor is the same as the access permission required by the owner (determined by step (5)), and if the permission is the same, it can be determined that the accessor can access the system. The access control authority can be related to or unrelated to the attribute of the access subject, and is set by each industrial internet platform according to the platform attribute.
4) The visitor resolves the access authority identifier ID through the DAID identification resolving module i Thereby obtaining a data set identification ID, and performing the ID pairing i Access of object resources at a security level.
By the method, fine-grained authorization management of data resource access is realized.
Although specific embodiments of the invention have been disclosed for purposes of illustration, and to facilitate an understanding of the context of the invention and its implementation, those skilled in the art will appreciate that: various substitutions, changes and modifications are possible without departing from the spirit and scope of the present invention and the appended claims. Therefore, it is intended that the invention not be limited to the particular embodiment disclosed as the best mode contemplated for carrying out this invention, but that the invention will include all embodiments falling within the scope of the appended claims.

Claims (10)

1. An identification-based industrial internet data dynamic access control method comprises the following steps:
1) Setting a Data Access Identifier (DAID) for industrial Internet data circulation sharing; the DAID comprises three parts, wherein the first part is a user identifier, the second part is an object identifier, and the third part is authority information;
2) The industrial Internet platform registers a user according to the received user registration information, wherein the user is a data owner or a data demand party; the industrial internet platform sets attributes for corresponding users according to the user registration information;
3) The industrial Internet platform forms a data abstract of the data to be uploaded according to the data information of the data to be uploaded by the data owner, and allocates a data Identification (ID) to the data to be uploaded; wherein the data identification ID is composed of the user identification and the object identification;
4) The industrial internet platform issues a data abstract and a data identification ID of the data to be uploaded; adding different authority information to the data identification ID according to a set security level to generate a plurality of different access authority identifiers; and are
Setting a corresponding access control strategy for each access authority identifier; uploading the data identification ID, each access authority identifier and the corresponding access control strategy to a strategy management point of the industrial Internet platform;
5) In the data access stage, the data demander determines an object to be accessed through the data abstract issued on the industrial internet platform, and then sends an access request and a data identification ID corresponding to the object to the industrial internet platform; the access control module of the industrial internet platform judges the access condition met by the access subject by reading the access control authority in the strategy information point and comparing the access control authority with the access control strategy in the strategy management point,
if the access right identifier ID is matched with the ith access right identifier ID i Corresponding access condition, then the access authority identifier ID i Returning to the accessing agent;
6) The ID of the access authority of the identification resolution module of the industrial Internet platform to the access subject i Analyzing to obtain the access authority identifier ID i And returning the corresponding data resource to the access subject.
2. The method of claim 1, wherein the object id includes an object category and a custom id object individual code for distinguishing specific objects.
3. The method according to claim 1 or 2, wherein the rights information includes a rights operation code, a content rights code, and a rights validity period.
4. The method of claim 1, wherein the data information comprises data source, data sample.
5. The method of claim 1, wherein different permission information is added to the data identification ID according to n security levels, and n different access permission identifiers are generated<ID 1 -ID n >(ii) a Wherein the nth access right identifier ID n =ID/id n ,id n An nth security level identification of an ID for the data identification.
6. The method of claim 1 or 5, wherein the higher the security level identification, the greater the amount of data that the corresponding access control policy allows access to.
7. An industrial Internet platform is characterized by comprising an identity authentication module, an identification registration module, an access control module and an identification analysis module; wherein, the first and the second end of the pipe are connected with each other,
the identity authentication module is used for registering the user according to the received user registration information, setting attributes for the corresponding user according to the user registration information, and authenticating the user logging in the industrial Internet platform; the user is a data owner or a data demand party;
the identification registration module is used for forming a data abstract of the data to be uploaded according to the data information of the data to be uploaded by the data owner and distributing a data identification ID to the data to be uploaded; adding different authority information to the data identification ID according to a set security level to generate a plurality of different access authority identifiers; wherein the data identification ID is composed of the user identification and the object identification; each access authority identifier is provided with a corresponding access control strategy;
the access control module is used for storing the data identification ID, each access authority identifier and the corresponding access control strategy; and judging the access condition met by the access subject by reading the access control authority in the policy information point and comparing the access control authority with the access control policy in the policy management point, and if the access condition meets the ith access authority identifier ID i Corresponding access condition, then the access authority identifier ID i Returning to the accessing agent;
the identification resolving module is used for resolving the received access authority identifier ID i Analyzing to obtain the access authority identifier ID i And returning the corresponding data resource to the access subject.
8. The industrial internet platform of claim 7, wherein the object identifiers comprise object categories and custom identifier object individual codes for distinguishing specific objects; the authority information comprises an authority operation code, a content authority code and an authority validity period.
9. The industrial internet platform of claim 7, wherein different permission information is added to the data Identification (ID) according to n set security levels to generate n different access permission identifiers<ID 1 -ID n >(ii) a Wherein the nth access right identifier ID n =ID/id n ,id n An nth security level identification of an ID for the data identification.
10. The industrial internet platform of claim 9, wherein the higher the security level identification, the greater the amount of data that the corresponding access control policy allows access to.
CN202211124140.0A 2022-09-15 2022-09-15 Industrial Internet data dynamic access control method and platform based on identification Active CN115499210B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211124140.0A CN115499210B (en) 2022-09-15 2022-09-15 Industrial Internet data dynamic access control method and platform based on identification

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211124140.0A CN115499210B (en) 2022-09-15 2022-09-15 Industrial Internet data dynamic access control method and platform based on identification

Publications (2)

Publication Number Publication Date
CN115499210A true CN115499210A (en) 2022-12-20
CN115499210B CN115499210B (en) 2023-06-20

Family

ID=84468813

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211124140.0A Active CN115499210B (en) 2022-09-15 2022-09-15 Industrial Internet data dynamic access control method and platform based on identification

Country Status (1)

Country Link
CN (1) CN115499210B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117459320A (en) * 2023-12-20 2024-01-26 新华三网络信息安全软件有限公司 Data access control method and device
CN117792797A (en) * 2024-02-26 2024-03-29 中国信息通信研究院 Data authority management method and device based on industrial Internet identification analysis

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200204992A1 (en) * 2017-08-22 2020-06-25 Felica Networks, Inc. Information processing apparatus, communication device, server apparatus, and information processing method
CN111581292A (en) * 2020-05-18 2020-08-25 中国工业互联网研究院 Industrial Internet data asset right confirming and trading method and platform
CN112906029A (en) * 2021-03-08 2021-06-04 国家工业信息安全发展研究中心 Method and system for controlling user authority through identification analysis
CN113704792A (en) * 2021-09-01 2021-11-26 江苏省未来网络创新研究院 Identification data access authority control method based on industrial internet identification coding specification

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200204992A1 (en) * 2017-08-22 2020-06-25 Felica Networks, Inc. Information processing apparatus, communication device, server apparatus, and information processing method
CN111581292A (en) * 2020-05-18 2020-08-25 中国工业互联网研究院 Industrial Internet data asset right confirming and trading method and platform
CN112906029A (en) * 2021-03-08 2021-06-04 国家工业信息安全发展研究中心 Method and system for controlling user authority through identification analysis
CN113704792A (en) * 2021-09-01 2021-11-26 江苏省未来网络创新研究院 Identification data access authority control method based on industrial internet identification coding specification

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117459320A (en) * 2023-12-20 2024-01-26 新华三网络信息安全软件有限公司 Data access control method and device
CN117459320B (en) * 2023-12-20 2024-03-26 新华三网络信息安全软件有限公司 Data access control method and device
CN117792797A (en) * 2024-02-26 2024-03-29 中国信息通信研究院 Data authority management method and device based on industrial Internet identification analysis
CN117792797B (en) * 2024-02-26 2024-05-14 中国信息通信研究院 Data authority management method and device based on industrial Internet identification analysis

Also Published As

Publication number Publication date
CN115499210B (en) 2023-06-20

Similar Documents

Publication Publication Date Title
CN109714174B (en) Internet of things equipment digital identity management system and method based on block chain
CN115499210A (en) Identification-based industrial internet data dynamic access control method and platform
CN107465692B (en) Unified user identity authentication method, system and storage medium
KR102024694B1 (en) Decentralized service platform using multiple service nodes based on block chain
CN103607416B (en) A kind of method and application system of the certification of network terminal machine identity
CN105357201A (en) Access control method and system for object cloud storage
JP7072574B2 (en) Systems and methods for user authorization
CN111581292A (en) Industrial Internet data asset right confirming and trading method and platform
CN105022939B (en) Information Authentication method and device
CN105975272A (en) Method and system for generating unique device number of device
CN110866222A (en) Digital content asset right confirming system and method
AU2004203412A1 (en) Moving principals across security boundaries without service interruption
US8745387B2 (en) Security management for an integrated console for applications associated with multiple user registries
CN101807185B (en) Method for providing user-defined access control mode in file system
CN115018519A (en) Analytic management and control platform of industry internet sign
CN113704792A (en) Identification data access authority control method based on industrial internet identification coding specification
CN113329060A (en) System and method for practice experience certification based on Fabric alliance chain
CN114721582A (en) Information sharing method and device and related equipment
CN113010865A (en) Big data basic component safety management method and system of intelligent education platform
KR100693370B1 (en) Duplicated database merge purge arrangement apparatus and the Method Thereof
CN115587233B (en) Data identification and catalog management method and system
CN113938692B (en) Video live broadcast risk control method and device
CN114706725B (en) Equipment data processing method and system based on cloud platform
CN113269561A (en) Block chain technology-based group enterprise research and development design resource sharing tracing system and method
CN116980166A (en) Internet-based data transmission management system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant