CN115499210B - Industrial Internet data dynamic access control method and platform based on identification - Google Patents
Industrial Internet data dynamic access control method and platform based on identification Download PDFInfo
- Publication number
- CN115499210B CN115499210B CN202211124140.0A CN202211124140A CN115499210B CN 115499210 B CN115499210 B CN 115499210B CN 202211124140 A CN202211124140 A CN 202211124140A CN 115499210 B CN115499210 B CN 115499210B
- Authority
- CN
- China
- Prior art keywords
- data
- access
- identification
- industrial internet
- access control
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Abstract
The invention discloses an industrial Internet data dynamic access control method and platform based on identification. The invention firstly designs an identification coding structure of industrial Internet data, endows fine-granularity access control authority of the data to the identifications of the data, dynamically feeds back different identifications of the data according to the condition when a user inquires the data, and accesses specific data resources through the identifications, thereby realizing fine-granularity management and dynamic authorization of the access authority. The data access identifier DAID of the present invention comprises three parts, the first part is a user identifier, the second part is an object identifier, and the third part is authority information. The invention has wider characteristics including dynamic property, fine granularity, universality and expandability, and is a data access control method suitable for industrial Internet scenes.
Description
Technical Field
The invention belongs to the technical field of computer network security, and particularly relates to an industrial Internet data dynamic access control method and platform based on identification.
Background
The industrial Internet is a product of deep fusion of a new generation of information communication technology and industrial economy, and a brand new manufacturing and service system which covers a full industrial chain and a full value chain is constructed through comprehensive connection of people, machines, objects, systems and the like, so that the industrial Internet is an important basic stone of the fourth industrial revolution. Wherein, the data system is a core element of the industrial Internet. Through the circulation sharing of data, the comprehensive connection of all elements, all industrial chains and all value chains of the industrial Internet can be truly realized.
However, current industry internet data open sharing faces a number of challenges. First, industrial data sources are extensive and structurally complex, with each organization having different ways to process and store data, resulting in sharing of data traffic across the organization across the system becoming a challenge. Therefore, it is desirable to provide an access control method to obtain access rights and access paths for heterogeneous, heterogeneous data. Secondly, the mass industrial data sources are different and the security level is different, and management with finer granularity and higher security standard are required in the process of data circulation sharing, so that the industrial Internet data access control needs to meet the management, control and dynamic authorized access with finer granularity.
Existing access control methods can be largely classified into a conventional model-based access control method (including DAC, MAC, RBAC, ABAC, TBAC, etc.) and a blockchain-based access control method. These methods have poor storage scalability, do not meet fine granularity, are authorized to be used for life, have poor security, and the like. Therefore, the patent designs a method for solving the problem of industrial Internet data access control by adopting a form of identification and blockchain.
Identification is an identity management way, and more research is giving identification to the inside of virtual objects, especially at the data level. Thus, it becomes possible to facilitate identification to perform management and access of data. The identification of the industrial internet can be regarded as an "identity card" of the object such as a product, a production line or an acquisition terminal. The resolution of the identifier is used for mapping the object from the identifier to the address across regions, industries and enterprises in the whole industrial internet system, so that the functions of object positioning, information query and the like are realized, and the system is similar to a domain name resolution system (DNS) in the traditional internet field.
The MA mark is a mark system which is commonly accepted by three major international organizations of International organization for standardization (ISO), european standard office (CEN) and International automatic identification and Mobile technology (AIM), and is a component part of the international standard ISO/IEC 15459 information technology automatic identification technology and acquisition technology unique mark.
The MA coding structure accords with the international standard ISO/IEC 15459 information technology automatic identification and data acquisition technology unique identification, is a hierarchical coding structure and is divided into three parts, and is shown in figure 1.
The first part is a user identifier and consists of four nodes. The first node is a root identifier prefix of MA, and is a global code commonly recognized by three organizations ISO, CEN, AIM; the second node is a country/region or domain code, wherein the country region code complies with the ISO 3166-1.2013 code as the name of each country and its branches represents part 1: country code (e.g., ma.156 assigned to china), domain code assigned by MA identification code management committee (e.g., ma.10000 assigned to industrial internet domain); the third node is a region code or an industry code, and the node can be expanded according to application requirements; the fourth node is the user code, which is in principle arranged in sequence according to the application order.
The second part is the identification object category.
The third part is the individual code of the custom identification object, and the user custom defines the number of nodes and the number of bits of each node according to the application requirement.
Each two parts are separated by an "." or "/" symbol from each part by an internal grading. MA coding supports Arabic numerals and English letters combination, and does not distinguish cases.
One specific example is as follows:
MA.156.110101.8/20.36550104.01/20170630.0010
where MA.156.110101.8 denotes user identity, 20.36550104.01 denotes object category, 20170630.0010 denotes custom identity object individual code.
Disclosure of Invention
The invention aims to provide an industrial Internet data dynamic access control method and an industrial Internet data dynamic access control platform based on identification, which are used for solving the access control problem in the industrial Internet data circulation sharing process.
The invention comprises designing an identification coding structure of industrial Internet data, giving fine-granularity access control authority of the data to the identifications of the data, dynamically feeding back different identifications of the data according to the condition when a user inquires the data, and accessing specific data resources through the identifications. Thereby realizing fine granularity management and dynamic authorization of access rights. Further, traceability of the data access process may be achieved through the traceable tamper-resistant nature of the blockchain technique.
The technical scheme of the invention is as follows:
an industrial internet data dynamic access control method based on identification comprises the following steps:
1) Setting a data access identifier DAID for industrial internet data flow sharing; the data access identifier DAID comprises three parts, wherein the first part is a user identifier, the second part is an object identifier, and the third part is authority information;
2) The industrial internet platform registers the user according to the received user registration information, wherein the user is a data owner or a data demand party; the industrial Internet platform sets attributes for corresponding users according to the user registration information;
3) The industrial internet platform forms a data abstract of the data to be uploaded according to the data information of the data to be uploaded by the data owner, and distributes a data identification ID for the data to be uploaded; wherein the data identification ID consists of the user identification and the object identification;
4) The industrial Internet platform issues a data abstract and a data identification ID of the data to be uploaded; adding different authority information to the data identification ID according to the set security level, and generating a plurality of different access authority identifiers; and is combined with
Setting a corresponding access control strategy for each access right identifier; uploading the data identification ID, each access right identifier and the corresponding access control strategy to a strategy management point of the industrial Internet platform;
5) In the data access stage, the data demand party determines an object to be accessed through the data abstract issued on the industrial Internet platform, and then sends an access request and a data identification ID corresponding to the object to the industrial Internet platform; the access control module of the industrial Internet platform judges the access condition met by the access subject by reading the access control authority in the strategy information point and comparing the access control authority with the access control strategy in the strategy management point, if the access condition meets the ith access authority identifier ID i Corresponding access condition, the access right identifier ID i Returning to the access subject;
6) The identification analysis module of the industrial Internet platform analyzes the access right identifier ID of the access subject i Resolving and obtaining the access right identifier ID i And returning the corresponding data resources to the access subject.
Further, the object identification comprises object category and individual codes of the custom identification objects, and the individual codes are used for distinguishing specific objects.
Further, the authority information comprises an authority operation code, a content authority code and an authority validity period.
Further, the data information comprises a data source and a data sample.
Further, adding different authority information to the data identification ID according to the set n security levels to generate n different access authority identifiers<ID 1 -ID n >The method comprises the steps of carrying out a first treatment on the surface of the Wherein the nth access right identifier ID n =ID/id n ,id n And identifying an nth security level identification of the ID for the data.
Further, the higher the security level identifier is, the more data the corresponding access control policy allows access to.
The industrial Internet platform is characterized by comprising an identity authentication module, an identification registration module, an access control module and an identification analysis module; wherein, the liquid crystal display device comprises a liquid crystal display device,
the identity authentication module is used for registering a user according to the received user registration information, setting attributes for the corresponding user according to the user registration information, and authenticating the user logging in the industrial Internet platform; wherein the user is a data owner or a data demander;
the identification registration module is used for forming a data abstract of the data to be uploaded according to the data information of the data to be uploaded by the data owner and distributing a data identification ID for the data to be uploaded; adding different authority information to the data identification ID according to the set security level, and generating a plurality of different access authority identifiers; wherein the data identification ID consists of the user identification and the object identification; each access right identifier is provided with a corresponding access control strategy;
the access control module is used for storing the data identification ID, each access right identifier and the corresponding access control strategy; and judging the access condition met by the access subject by reading the access control authority in the policy information point and comparing the access control authority with the access control policy in the policy management point, if the access condition meets the ith access authority identifier ID i Corresponding access condition, the access right identifier ID i Returning to the access subject;
the identification analysis module is used for analyzing the received access right identifier ID i Resolving and obtaining the access right identifier ID i And returning the corresponding data resources to the access subject.
The invention has the following advantages:
by using the industrial Internet data access control method provided by the invention, the access rights and access paths of data of different hosts and different places can be obtained. Meanwhile, the data owners of the industrial Internet platform and other third party platforms can guarantee the related rights and interests of the data owners through the method. The novel industrial Internet data access identification system designed in the invention can solve the problem of sharing the existing data circulation and break the information island. Wherein, the added ownership verification function in the identification code can realize fine-grained access authorization to the data resource. The method and the device can realize the inquiry of the access path and ensure the authorization according to the requirement. Compared with other methods, the method has the characteristics of more extensive range, including dynamism, fine granularity, universality and expandability, and is a data access control method suitable for industrial Internet scenes.
a) The dynamic property is realized, the time limit is set for the access control, namely, different access rights are set for each time the user accesses different data, so that the access rights are dynamically generated according to the condition during access, and hidden danger that the user is authorized to apply for life is prevented;
b) The method has fine granularity authorization, different access grades are divided for the access main body, and the gap that the traditional method can only carry out fine granularity control based on the access attribute is filled;
c) Traceability is realized, and access records and authorization records can be traced through a blockchain technology;
d) The system has certain security, and the blockchain technology ensures tamper resistance of access records;
e) The data access identification system designed in the method has universality and can be compatible with all data types in the existing industrial field.
Drawings
Fig. 1 is a conventional MA identification hierarchical coding data structure.
Fig. 2 is a DAID encoding structure according to the present invention.
Fig. 3 is a flow chart of the method of the present invention.
Fig. 4 is a flow chart of the data upload phase.
FIG. 5 is a flow chart of a data access phase.
Detailed Description
The invention will now be described in further detail with reference to the accompanying drawings, which are given by way of illustration only and are not intended to limit the scope of the invention.
The method of the patent mainly comprises the following steps: the access to the heterogeneous data resources of different hosts and different places is realized through an identification analysis technology; by combining the identification and the access control, the data resources are divided into fine granularity according to the security level, so that the problems of fine granularity management and control and dynamic authorization are solved; the traceability of the data access control is realized through the traceability tamper-proof characteristic of the blockchain technology.
The MA identification coding structure is based on international standard ISO/IEC 15459 information technology automatic identification and data acquisition technology unique identification, is a tree structure and is coded according to three sections. The nodes of each section are separated from node by a "." symbol and each section is separated from node by a "/" symbol, as shown in figure 1.
The technical content of the invention is as follows:
1. a new data access identifier (Data Access Identifier, DAID) for industrial internet data stream sharing is designed. As shown in fig. 2, the identifier is based on a three-segment MA identification system, and the second and third parts are optimized on the coding structure. The second part integrates the functions of the second part and the third part before realizing the distinction of specific objects. That is, the first portion and the second portion can be completely labeled with one object. The third part is used for carrying the authority information of the access object.
For example, the identity of one Data or Data set Data is ID, shaped as: id=ma.10000.95000.00001/123.456.789123, { ID 1 ,ID 2 ,…,ID n The new identifier, ID, of the data carrying different rights to access the data n =ID/id n The shape is as follows: id (id) 1 =0001,id 2 =0002,id n =n,
ID 1 =ID/id 1 I.e., MA.10000.95000.00001/123.456.789123/0001,
ID 2 =ID/id 2 i.e. MA.10000.95000.00001/123.456.789123/0002
2. A fine-grained access control method (DAID-based Data Access Control, DBDAC) based on a new identifier DAID is designed as shown in fig. 3. The method takes access control based on attributes as a basic idea, corresponding identifiers which are authorized by a user are distributed through calculating access control strategy trees which are met by a user attribute set, and then the access authority is transferred and identified through the identifiers. The data access control model DBDAC is described in detail as:
a user registration stage:
1) The user may be the owner of the data or the party requesting the data, and the user needs to register and log into the platform.
2) The user registers, and the access subject identity is registered by fax-requiring real identity information including, but not limited to, business name, business registry, business license, responsible person name, telephone, and identification card number. When the access subject accesses the platform, the platform single sign-on system can be utilized to authenticate the identity of the user.
3) The platform sets attributes for users according to the user registration information, and when the users serve as data requesters to request data, corresponding access strategies can be set for the requesters based on the user attributes and the data security levels set by the data owners.
As shown in fig. 4, the data upload stage:
1) The data owner performs data preprocessing, fills in data sources and data samples and uploads the data sources and the data samples to the platform to form a data abstract, and meanwhile the platform utilizes the MA identification analysis system to automatically allocate data identification IDs for data or data sets, wherein the IDs consist of user identifications and object identifications of the MA. E.g., id=ma.10000.95000.00001/123.456.789123. The data digest is published into the platform along with the data identification ID.
2) Classifying ID fine granularity of data set into security level<ID 1 -ID n >Wherein, ID 1 =ID/id 1 ,ID 2 =ID/id 2 ,ID n =ID/id n And can set the corresponding access control strategy by itself. For example, there are 8 data tables 1 to 8, id in the dataset 1 For the highest security level, full data tables 1 to 8, id may be accessed 2 For a level 2 security level, partial data tables 1 and 2 may be accessed.
3) Self-identification registration module pair through identification analysis system<ID 1 -ID n >And (5) performing identification registration.
4) Sum ID and<ID 1 -ID n >and uploading the corresponding access control strategy to the strategy management point.
As shown in fig. 5, data access phase:
1) The data demand party, namely the access subject, checks the abstract of the data set published on the industrial Internet platform, discovers the object to be accessed, and uploads the access request and the data identification ID corresponding to the data abstract to the platform party.
2) And after receiving the access request, the industrial Internet platform invokes the access control module.
3) The access control module judges the access condition met by the access subject by reading the access control authority in the policy information point and comparing the access control authority with the access control policy in the policy management point, if the access condition meets the security level as ID i The access condition of (a) will then correspond to the access rights identifier ID i Returning to the access subject, where ID i The same security level as the data set. The storage platform in the policy information point generates a permission set for the access subject, and when each access is performed, whether the permission of the system for the access subject is the same as the access permission required by the owner (judged by attribute comparison) is required to be judged, and if so, the access can be judged. The access control rights may or may not be related to the properties of the access subject,each industrial Internet platform is set according to the platform attribute.
4) The access principal analyzes the access right identifier ID through the DAID identification analysis module i Thereby acquiring the data set identification ID and performing ID matching i Access to the object resource at the security level.
By the method, fine-grained authorization management of data resource access is realized.
Although specific embodiments of the invention have been disclosed for illustrative purposes, it will be appreciated by those skilled in the art that the invention may be implemented with the help of a variety of examples: various alternatives, variations and modifications are possible without departing from the spirit and scope of the invention and the appended claims. Therefore, it is intended that the invention not be limited to the particular embodiment disclosed as the best mode contemplated for carrying out this invention, but that the invention will have the scope indicated by the scope of the appended claims.
Claims (10)
1. An industrial internet data dynamic access control method based on identification comprises the following steps:
1) Setting a data access identifier DAID for industrial internet data flow sharing; the data access identifier DAID comprises three parts, wherein the first part is a user identifier, the second part is an object identifier, and the third part is authority information;
2) The industrial internet platform registers the user according to the received user registration information, wherein the user is a data owner or a data demand party; the data demand party is an access subject, and the industrial Internet platform sets attributes for corresponding users according to the user registration information;
3) The industrial internet platform forms a data abstract of the data to be uploaded according to the data information of the data to be uploaded by the data owner, and distributes a data identification ID for the data to be uploaded; wherein the data identification ID consists of the user identification and the object identification;
4) The industrial Internet platform issues a data abstract and a data identification ID of the data to be uploaded; adding different authority information to the data identification ID according to the set security level, and generating a plurality of different access authority identifiers; and is combined with
Setting a corresponding access control strategy for each access right identifier; uploading the data identification ID, each access right identifier and the corresponding access control strategy to a strategy management point of the industrial Internet platform;
5) In the data access stage, the access subject determines an object to be accessed through the data abstract issued on the industrial Internet platform, and then sends an access request and a data identification ID corresponding to the object to the industrial Internet platform; the access control module of the industrial Internet platform judges the access condition met by the access subject by reading the access control authority in the strategy information point and comparing the access control authority with the access control strategy in the strategy management point, if the access condition meets the ith access authority identifier ID i Corresponding access condition, the access right identifier ID i Returning to the access subject; the storage platform in the policy information point generates a permission set for the access subject;
6) The identification analysis module of the industrial Internet platform analyzes the access right identifier ID of the access subject i Resolving and obtaining the access right identifier ID i And returning the corresponding data resources to the access subject.
2. The method of claim 1, wherein the object identification includes object category and custom identification object individual code for distinguishing between specific objects.
3. A method according to claim 1 or 2, wherein the rights information includes a rights operation code, a content rights code and a rights validity period.
4. The method of claim 1, wherein the data information comprises a data source, a data sample.
5. According to claimThe method of claim 1, wherein n different access rights identifiers are generated by adding different rights information to the data identification ID according to the n security levels set<ID 1 -ID n >The method comprises the steps of carrying out a first treatment on the surface of the Wherein the nth access right identifier ID n =ID/id n ,id n And identifying an nth security level identification of the ID for the data.
6. The method of claim 1 or 5, wherein the higher the security level identification, the greater the amount of data that the corresponding access control policy allows access to.
7. The industrial Internet platform is characterized by comprising an identity authentication module, an identification registration module, an access control module and an identification analysis module; wherein, the liquid crystal display device comprises a liquid crystal display device,
the identity authentication module is used for registering a user according to the received user registration information, setting attributes for the corresponding user according to the user registration information, and authenticating the user logging in the industrial Internet platform; wherein the user is a data owner or a data demander; the data demander is an access subject;
the identification registration module is used for forming a data abstract of the data to be uploaded according to the data information of the data to be uploaded by the data owner and distributing a data identification ID for the data to be uploaded; adding different authority information to the data identification ID according to the set security level, and generating a plurality of different access authority identifiers; wherein, the data identification ID consists of a user identification and an object identification; each access right identifier is provided with a corresponding access control strategy;
the access control module is used for storing the data identification ID, each access right identifier and the corresponding access control strategy; and judging the access condition met by the access subject by reading the access control authority in the policy information point and comparing the access control authority with the access control policy in the policy management point, if the access condition meets the ith access authority identifier ID i Corresponding access conditions, thenThe access right identifier ID i Returning to the access subject; the storage platform in the policy information point generates a permission set for the access subject; the policy management point is used for storing the data identification ID uploaded by the data owner, each access right identifier and the corresponding access control policy thereof;
the identification analysis module is used for analyzing the received access right identifier ID i Resolving and obtaining the access right identifier ID i And returning the corresponding data resources to the access subject.
8. The industrial internet platform of claim 7, wherein the object identification comprises an object category and a custom identified object individual code for distinguishing between specific objects; the authority information comprises an authority operation code, a content authority code and an authority validity period.
9. The industrial internet platform of claim 7, wherein n different access rights identifiers are generated by adding different rights information to the data identification ID according to the set n security levels<ID 1 -ID n >The method comprises the steps of carrying out a first treatment on the surface of the Wherein the nth access right identifier ID n =ID/id n ,id n And identifying an nth security level identification of the ID for the data.
10. The industrial internet platform of claim 9, wherein the higher the security level identification, the greater the amount of data that the corresponding access control policy allows access to.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211124140.0A CN115499210B (en) | 2022-09-15 | 2022-09-15 | Industrial Internet data dynamic access control method and platform based on identification |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211124140.0A CN115499210B (en) | 2022-09-15 | 2022-09-15 | Industrial Internet data dynamic access control method and platform based on identification |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115499210A CN115499210A (en) | 2022-12-20 |
| CN115499210B true CN115499210B (en) | 2023-06-20 |
Family
ID=84468813
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211124140.0A Active CN115499210B (en) | 2022-09-15 | 2022-09-15 | Industrial Internet data dynamic access control method and platform based on identification |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115499210B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117459320B (en) * | 2023-12-20 | 2024-03-26 | 新华三网络信息安全软件有限公司 | Data access control method and device |
| CN117792797A (en) * | 2024-02-26 | 2024-03-29 | 中国信息通信研究院 | Data authority management method and device based on industrial Internet identification analysis |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPWO2019039108A1 (en) * | 2017-08-22 | 2020-10-22 | フェリカネットワークス株式会社 | Information processing equipment, communication equipment, server equipment and information processing methods |
| CN111581292B (en) * | 2020-05-18 | 2023-12-15 | 中国工业互联网研究院 | Industrial Internet data asset right-determining and trading method and platform |
| CN112906029B (en) * | 2021-03-08 | 2021-09-07 | 国家工业信息安全发展研究中心 | Method and system for controlling user authority through identification analysis |
| CN113704792A (en) * | 2021-09-01 | 2021-11-26 | 江苏省未来网络创新研究院 | Identification data access authority control method based on industrial internet identification coding specification |
-
2022
- 2022-09-15 CN CN202211124140.0A patent/CN115499210B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN115499210A (en) | 2022-12-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN115499210B (en) | Industrial Internet data dynamic access control method and platform based on identification | |
| CN112085417A (en) | Industrial Internet identification distribution and data management method based on block chain | |
| US7979895B2 (en) | System and method for partitioning a multi-level security namespace | |
| WO2020154865A1 (en) | Progressive ip removal method and system supporting multi-mode identifier network addressing and storage medium | |
| CN107465692B (en) | Unified user identity authentication method, system and storage medium | |
| CN111209596A (en) | Block chain-based industrial internet identification analysis access control method | |
| US7779248B2 (en) | Moving principals across security boundaries without service interruption | |
| CN105871914B (en) | CRM system access control method | |
| US20020144149A1 (en) | Trust ratings in group credentials | |
| CN105357201A (en) | Access control method and system for object cloud storage | |
| CN1507732A (en) | Method ands system for authorizing access to resources on a server | |
| CN111368230A (en) | Block chain-based industrial internet identification processing method and device | |
| CN103078859A (en) | Service system authority management method, equipment and system | |
| US20050091529A1 (en) | Peer-to-peer identity management managed interfaces and methods | |
| CN101729541B (en) | Method and system for accessing resources of multi-service platform | |
| CN111581292A (en) | Industrial Internet data asset right confirming and trading method and platform | |
| CN105022939B (en) | Information Authentication method and device | |
| CN113691615A (en) | Service request processing method, system and data gateway | |
| US8745387B2 (en) | Security management for an integrated console for applications associated with multiple user registries | |
| CN101084664B (en) | Method and system for providing and utilizing a network trusted context, and data server | |
| CN113704792A (en) | Identification data access authority control method based on industrial internet identification coding specification | |
| CN101325493A (en) | Method and system for authenticating a user | |
| KR20110063025A (en) | System for managing service user information, method for acquiring and managing of service user information | |
| CN112804252A (en) | User management system | |
| CN116318931A (en) | Attribute mapping method and system based on cross-domain access control |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |