CN115694908A - Method and device for accessing control list, storage medium and electronic device - Google Patents

Method and device for accessing control list, storage medium and electronic device Download PDF

Info

Publication number
CN115694908A
CN115694908A CN202211202745.7A CN202211202745A CN115694908A CN 115694908 A CN115694908 A CN 115694908A CN 202211202745 A CN202211202745 A CN 202211202745A CN 115694908 A CN115694908 A CN 115694908A
Authority
CN
China
Prior art keywords
access control
authority
service
field
controller
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211202745.7A
Other languages
Chinese (zh)
Inventor
马龙飞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qingdao Haier Technology Co Ltd
Haier Smart Home Co Ltd
Haier Uplus Intelligent Technology Beijing Co Ltd
Original Assignee
Qingdao Haier Technology Co Ltd
Haier Smart Home Co Ltd
Haier Uplus Intelligent Technology Beijing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qingdao Haier Technology Co Ltd, Haier Smart Home Co Ltd, Haier Uplus Intelligent Technology Beijing Co Ltd filed Critical Qingdao Haier Technology Co Ltd
Priority to CN202211202745.7A priority Critical patent/CN115694908A/en
Publication of CN115694908A publication Critical patent/CN115694908A/en
Pending legal-status Critical Current

Links

Images

Abstract

The invention discloses a method and a device for determining an access control list, a storage medium and an electronic device, which relate to the technical field of intelligent families, wherein the method comprises the following steps: configuring corresponding access control service for the application terminal; the access control service includes: an access control list; the access control list includes: one or more access control units; determining the contents of a plurality of fields in the access control unit through an access management center or a controller with the highest authority; the plurality of fields include: a priority field for indicating the highest right or other rights, an identification information field determined according to the user identification and the device identification of the controller, and a service rights field for indicating all service rights except the access control service.

Description

Method and apparatus for accessing control list, storage medium, and electronic apparatus
Technical Field
The invention relates to the technical field of smart homes, in particular to a method and a device for accessing a control list, a storage medium and an electronic device.
Background
The OLA standard in the related art cannot be effectively applied to the local control authority rule, flexible adjustment of access control of the local control authority rule is realized, and the device authority control operation is complicated after cross-platform access.
In order to solve the problems that the access control service corresponding to the device cannot be effectively managed in the related art, an effective solution is not provided.
Disclosure of Invention
The embodiment of the invention provides a method and a device for determining an access control list, a storage medium and an electronic device, which are used for at least solving the problems that the access control service corresponding to equipment cannot be effectively managed and the like.
According to an embodiment of the present invention, there is provided a method for determining an access control list, including: configuring corresponding access control service for the application terminal; wherein the access control service comprises: an access control list; the access control list includes: one or more access control units; determining the contents of a plurality of fields in the access control unit through an access management center or a controller with the highest authority; wherein the plurality of fields comprise: the access control system comprises a priority field, an identification information field and a service authority field, wherein the priority field is used for indicating the highest authority or other authorities, the highest authority is used for indicating a controller or the access management center with the highest authority to process all contents of the access control list, the other authorities are used for indicating a second user with other authorities except the highest authority to acquire service authority of the second user through a designated controller or the access management center, the identification information field is determined according to user identification and equipment identification of the controller, and the service authority field is used for indicating all service authorities except the access control service.
In one exemplary embodiment, the service right field includes: a service identification, wherein the service identification is used to uniquely identify a service.
In an exemplary embodiment, the service right field further comprises at least one of: the system comprises an attribute authority field, an operation authority field and an event authority field, wherein the attribute authority field is used for indicating the authority of each attribute, the operation authority field is used for indicating the authority of each operation, and the event authority field is used for indicating the authority of each event.
In an exemplary embodiment, the attribute permission field, the operation permission field and the event permission field are all represented in a bitmap manner, wherein a first bit of the bitmap represents whether the permission can be read or not, a second bit of the bitmap represents whether the permission can be written or not, and a third bit of the bitmap represents whether the permission can be subscribed or not.
In an exemplary embodiment, the method further includes: and after the application terminal is accessed into a binding access cloud, the access cloud allocates an access control unit with the highest authority for the application terminal.
In an exemplary embodiment, the method further includes: and in the case that the number of the application terminals is one, only a unique access control unit is allowed to be allocated to the same controller.
In an exemplary embodiment, the method further includes: receiving a request message sent by the controller, and indicating the application terminal to respond to the request message of the controller; under the condition that the controller has the right of accessing the application terminal, normally returning the content requested by the request message; and under the condition that the controller does not have the authority of accessing the application terminal, returning an unauthorized notification message to the controller.
According to another aspect of the embodiments of the present invention, there is also provided an apparatus for determining an access control list, including: the configuration module is used for configuring corresponding access control service for the application terminal; wherein the access control service comprises: an access control list; the access control list includes: one or more access control units; the determining module is used for determining the contents of a plurality of fields in the access control unit through an access management center or a controller with the highest authority; wherein the plurality of fields include: the access control system comprises a priority field, an identification information field and a service authority field, wherein the priority field is used for indicating the highest authority or other authorities, the highest authority is used for indicating a controller or the access management center with the highest authority to process the whole content of the access control list, the other authorities are used for indicating a second user with other authorities except the highest authority to acquire the service authority of the second user through a designated controller or the access management center, the identification information field is determined according to a user identification and a device identification of the controller, and the service authority field is used for indicating all service authorities except the access control service.
According to still another aspect of the embodiments of the present invention, there is also provided a computer-readable storage medium having a computer program stored therein, wherein the computer program is configured to execute the above method for determining an access control list when running.
According to another aspect of the embodiments of the present invention, there is also provided an electronic apparatus, including a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor executes the method for determining the access control list through the computer program.
In the embodiment of the invention, the corresponding access control service is configured for the application terminal; wherein the access control service comprises: an access control list; the access control list includes: one or more access control units; determining the contents of a plurality of fields in the access control unit through an access management center or a controller with the highest authority; wherein the plurality of fields include: the device comprises a priority field, an identification information field and a service authority field, wherein the priority field is used for indicating the highest authority or other authorities, the highest authority is used for indicating a controller or an access management center with the highest authority to process the whole content of an access control list, the other authorities are used for indicating a second user with the authority except the highest authority to acquire the service authority of the second user through a designated controller or the access management center, the identification information field is determined according to the user identification and the device identification of the controller, and the service authority field is used for indicating all the service authorities except the access control service. By adopting the technical scheme, the problems that the access control service corresponding to the equipment cannot be effectively managed and the like are solved, the cross-platform control authority management is realized by configuring the access control service and determining the content of a plurality of fields in the access control unit and distributing the controllable management center or the corresponding authority of the controller with the highest authority to different application terminals, the expandability of the access control service is improved, and the confirmation of the control authority is more flexible.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention without limiting the invention. In the drawings:
fig. 1 is a block diagram of a hardware configuration of an application terminal of a method for determining an access control list according to an embodiment of the present invention;
FIG. 2 is a flow diagram of a method of access control list determination according to an embodiment of the present invention;
FIG. 3 is an interaction timing diagram for access control according to an embodiment of the present invention;
FIG. 4 is an interaction sequence diagram of access control rights sharing according to an embodiment of the present invention;
FIG. 5 is an interaction diagram of access control rights sharing according to an embodiment of the present invention;
fig. 6 is a block diagram of an apparatus for determining an access control list according to an embodiment of the present invention.
Detailed Description
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
According to an aspect of an embodiment of the present application, a method for determining an access control list is provided. The method for determining the access control list is widely applied to full-house intelligent digital control application scenes such as Smart Home (Smart Home), smart Home equipment ecology, smart Home (Intelligent House) ecology and the like. Alternatively, in the present embodiment, the determination method of the access control list may be applied to a hardware environment formed by the terminal device 102 and the server 104 as shown in fig. 1. As shown in fig. 1, the server 104 is connected to the terminal device 102 through a network, and may be configured to provide a service (e.g., an application service) for the terminal or a client installed on the terminal, set a database on the server or independent of the server, and provide a data storage service for the server 104, and configure a cloud computing and/or edge computing service on the server or independent of the server, and provide a data operation service for the server 104.
The network may include, but is not limited to, at least one of: wired networks, wireless networks. The wired network may include, but is not limited to, at least one of: wide area networks, metropolitan area networks, local area networks, which may include, but are not limited to, at least one of the following: WIFI (Wireless Fidelity ), bluetooth. Terminal equipment 102 can be but not limited to be PC, the cell-phone, the panel computer, intelligent air conditioner, intelligent cigarette machine, intelligent refrigerator, intelligent oven, intelligent kitchen range, intelligent washing machine, intelligent water heater, intelligent washing equipment, intelligent dish washer, intelligent projection equipment, intelligent TV, intelligent clothes hanger, intelligent (window) curtain, intelligence audio-visual, smart jack, intelligent stereo set, intelligent audio amplifier, intelligent new trend equipment, intelligent kitchen guarding equipment, intelligent bathroom equipment, intelligence robot of sweeping the floor, intelligence robot of wiping the window, intelligence robot of mopping the ground, intelligent air purification equipment, intelligent steam ager, intelligent microwave oven, intelligent kitchen is precious, intelligent clarifier, intelligent water dispenser, intelligent lock etc..
In this embodiment, a method for determining an access control list is provided, where the method is applied to an application terminal of the terminal device, and fig. 2 is a flowchart of the method for determining an access control list according to an embodiment of the present invention, where the flowchart includes the following steps:
step S202: configuring corresponding access control service for the application terminal; wherein the access control service comprises: an access control list; the access control list includes: one or more access control units;
step S204: determining the contents of a plurality of fields in the access control unit through an access management center or a controller with the highest authority; wherein the plurality of fields include: the access control system comprises a priority field, an identification information field and a service authority field, wherein the priority field is used for indicating the highest authority or other authorities, the highest authority is used for indicating a controller or the access management center with the highest authority to process all contents of the access control list, the other authorities are used for indicating a second user with other authorities except the highest authority to acquire service authority of the second user through a designated controller or the access management center, the identification information field is determined according to user identification and equipment identification of the controller, and the service authority field is used for indicating all service authorities except the access control service.
By the method, the corresponding access control service is configured for the application terminal; wherein the access control service comprises: an access control list; the access control list includes: one or more access control units; determining the contents of a plurality of fields in the access control unit through an access management center or a controller with the highest authority; wherein the plurality of fields include: the access control system comprises a priority field, an identification information field and a service authority field, wherein the priority field is used for indicating the highest authority or other authorities, the highest authority is used for indicating a controller or an access management center with the highest authority to process the whole content of an access control list, the other authorities are used for indicating a second user with other authorities except the highest authority to acquire the service authority of the second user through a designated controller or the access management center, the identification information field is determined according to user identification and equipment identification of the controller, and the service authority field is used for indicating all service authorities except access control service. By adopting the technical scheme, the problems that the access control service corresponding to the equipment cannot be effectively managed and the like are solved, the cross-platform control authority management is realized by configuring the access control service and determining the contents of a plurality of fields in the access control unit and distributing the corresponding authority of the controllable management center or the controller with the highest authority to different application terminals, the expandability of the access control service is improved, and the confirmation of the control authority is more flexible.
It should be noted that the method for determining the access control list can be applied to not only the application terminal, but also application terminals corresponding to other household appliances, and may be an air conditioner or a refrigerator in actual use.
In an exemplary embodiment, the service right field includes: a service identification, wherein the service identification is used to uniquely identify a service.
In an exemplary embodiment, the service right field further comprises at least one of: the system comprises an attribute authority field, an operation authority field and an event authority field, wherein the attribute authority field is used for indicating the authority of each attribute, the operation authority field is used for indicating the authority of each operation, and the event authority field is used for indicating the authority of each event.
In an exemplary embodiment, the attribute authority field, the operation authority field and the event authority field are all represented in a bitmap manner, wherein a first bit of the bitmap represents the authority whether to be read, a second bit represents the authority whether to be writable, and a third bit represents the authority whether to be subscribed.
For example, the application terminal has services S1, S2, AMS (application management system, AMS for short), where S1 has two readable, writable, and subscribeable attributes, two writable operations and two subscribeable events, and S2 has three readable, writable, and subscribeable attributes; the access management center configures AMS in the access process of the application terminal, and defines the controller ID1 as having the highest authority. The controller ID1 queries the attribute 1 in the S1 through the attribute query interface, the application terminal searches for an Access Control List (ACL), finds that the token ID in the ACE1 matches the attribute ID and has the readable right of the attribute 1, and the application terminal returns the value of the attribute 1.
In an exemplary embodiment, the method further includes: and after the application terminal is accessed into a binding access cloud, the access cloud allocates an access control unit with the highest authority for the application terminal.
In an exemplary embodiment, the method further includes: and in the case that the number of the application terminals is one, only a unique access control unit is allowed to be allocated to the same controller.
In an exemplary embodiment, the method further includes: receiving a request message sent by the controller, and indicating the application terminal to respond to the request message of the controller; under the condition that the controller has the right of accessing the application terminal, normally returning the content requested by the request message; and under the condition that the controller does not have the authority of accessing the application terminal, returning an unauthorized notification message to the controller.
It is to be understood that the above-described embodiments are only a few, but not all, embodiments of the present invention. For better understanding of the above method, the following describes the above process with reference to an embodiment, but the method is not limited to the technical solution of the embodiment of the present invention, and specifically:
as an optional implementation manner, an apparatus permission service is provided, based on OLA modeling, the permission of the controllable service is allocated to different users according to different users, and the highest permission can also be set, so that an object having the highest permission (administrator permission) can conveniently perform permission management on other objects, and it should be noted that, when the apparatus stores multiple permission sets, a unique permission set is allocated to the controller of the user.
Optionally, fig. 3 is an interaction timing diagram for access control according to an embodiment of the invention; as shown, the method comprises the following steps:
step 302, mutual binding of equipment authorization and a cloud end is carried out;
step 304, the equipment creates the highest authority ACL;
step 306, synchronizing Access Control List (ACL) information in the equipment to a cloud under the condition of successful binding;
step 308, the cloud synchronizes the ACL information of the access control list to corresponding app applications, and the apps and the cloud have a preset association relationship;
step 310, establishing a secure channel by the app application through Access Control List (ACL) information synchronized at the cloud and equipment with the same ACL information;
after the establishment is completed, the device may be controlled by the app application, step 312.
Optionally, fig. 4 is an interaction sequence diagram of access control permission sharing according to an embodiment of the present invention; as shown, the method comprises the following steps:
step 402, the device sends request information for creating a new ACL to the master app application;
step 404, the device updates the locally stored ACL;
step 406, synchronizing the access control list ACL information updated in the device to the cloud and to the main app application when the request information is successfully authorized by the use object of the main app application;
step 408, synchronizing the access control list ACL information in the master app application to the slave app application;
step 410, the slave app establishes a secure channel with the device having the same access control list ACL information through the access control list ACL information synchronized from the master app;
in step 412, after the establishment is completed, the device control may be performed on the device through the slave app application, and thus, authorized sharing of the device control from the master app application to the slave app application is completed.
Optionally, fig. 5 is an interaction diagram of access control permission sharing according to an embodiment of the present invention; as shown in the figure, the application terminal has services S1, S2, AMS (application management system, AMS for short), where S1 has two readable, writable, and subscribeable attributes, two writable operations and two subscribeable events, and S2 has three readable, writable, and subscribeable attributes; the access management center configures AMS in the access process of the application terminal, and defines the controller ID1 as having the highest authority. The controller ID1 queries the attribute 1 in the S1 through the attribute query interface, the application terminal searches for an Access Control List (ACL), finds that the token ID in the partition Control error ACE1 matches the controller ID1 thereof and has the readable authority of the attribute 1, and the application terminal returns the value of the attribute 1.
As an alternative embodiment, the above construction of the Access control authority is implemented by a structured data model, and each application terminal has a system Service named AMS (Access Management Service) for implementing the Access control authority. The AMS is started after the application terminal is initialized, and manages the access control rule of the application terminal and the token used for establishing the secure connection.
Optionally, the AMS includes an ACL (Access Control List) and a tokenList attribute, and the specific model is defined as follows according to the DMDL modeling method: "
Figure BDA0003873091800000101
Figure BDA0003873091800000111
Figure BDA0003873091800000121
Figure BDA0003873091800000131
Figure BDA0003873091800000141
The configuration of the AMS can be smoothly realized by the above codes.
Optionally, the ACL access control list is determined in the following manner: the application terminal checks the content of the ACE in the ACL when processing the request of the controller and responds according to the matched authority. An ACL contains one or more ACEs. In the OLA standard framework, an application terminal is provided with a plurality of services, each service comprises attributes, operations, events and ACEs, and the ACEs are expressed as a group of readable, writable and subscribeable rights allocated to the attributes, the operations and the events in each service. The set of rights may match multiple token ids, i.e., multiple controllers have the same control access rights.
Optionally, the specific format of ACE is shown in table 1:
table 1:
Figure BDA0003873091800000142
it should be noted that, the description of the property, operation and event rights in the service rights is consistent with the rights description method in the model, and a bitmap method is adopted, the first bit represents readable, the second bit represents writable, and the third bit represents subscribeable. And the order of the array corresponds to its pid. Service is defined as table 2.
Table 2:
Figure BDA0003873091800000151
furthermore, to ensure efficient execution of an ACL, the ACL needs to satisfy the following specifications:
1) And after the application terminal is subjected to factory setting, the ACL is null, and after the access binding, the access cloud allocates the highest authority ACL for the application terminal.
2) The highest authority can inquire and modify all the contents of the ACL, and other authorities can inquire the service attribute contents in the ACL of the authority.
3) A user may only assign a unique ACE for the same controller. I.e., ACE represents a unique set of rights in the ACL. Each user's controller has a unique ACE.
4) And the application terminal responds to the request message of the controller according to the ACL, the right is possessed to be returned normally, and no right is returned when no right is possessed.
It should be noted that in the ACL model, the object identifier userID + the device identifier devID still needs to be added, otherwise, an additional interface needs to be defined to transmit these two pieces of information to the device.
In summary, the above embodiments are provided. And performing authority management on the equipment by using the ACL, wherein AMS is realized by a DMDL modeling method and comprises ACL attributes. By the method, a plurality of permission levels are provided for equipment control, only the highest level can modify the ACL, and other permissions can only inquire specific content in the service permission of the authority. In addition, the authority is related to the service, and provides the read-write subscription authority. And then the service-based authority is matched with an OLA standard model, so that the expandability is increased, and the flexibility is improved, so that the control authority management of the equipment can be used in a cross-platform multi-manufacturer multi-user scene.
Through the above description of the embodiments, those skilled in the art can clearly understand that the method according to the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but the former is a better implementation mode in many cases. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal device (such as a mobile phone, a computer, a server, or a network device) to execute the method according to the embodiments of the present invention.
FIG. 6 is a block diagram of an apparatus for access control list determination, according to an embodiment of the present invention; as shown in fig. 6, includes:
a configuration module 62, configured to configure a corresponding access control service for the application terminal; wherein the access control service comprises: an access control list; the access control list includes: one or more access control units;
a determining module 64, configured to determine contents of a plurality of fields in the access control unit through an access management center or a controller having the highest authority; wherein the plurality of fields include: the access control system comprises a priority field, an identification information field and a service authority field, wherein the priority field is used for indicating the highest authority or other authorities, the highest authority is used for indicating a controller or the access management center with the highest authority to process all contents of the access control list, the other authorities are used for indicating a second user with other authorities except the highest authority to acquire service authority of the second user through a designated controller or the access management center, the identification information field is determined according to user identification and equipment identification of the controller, and the service authority field is used for indicating all service authorities except the access control service.
Through the steps, corresponding access control service is configured for the application terminal; wherein the access control service comprises: an access control list; the access control list includes: one or more access control units; determining the contents of a plurality of fields in the access control unit through an access management center or a controller with the highest authority; wherein the plurality of fields include: the device comprises a priority field, an identification information field and a service authority field, wherein the priority field is used for indicating the highest authority or other authorities, the highest authority is used for indicating a controller or an access management center with the highest authority to process the whole content of an access control list, the other authorities are used for indicating a second user with the authority except the highest authority to acquire the service authority of the second user through a designated controller or the access management center, the identification information field is determined according to the user identification and the device identification of the controller, and the service authority field is used for indicating all the service authorities except the access control service. By adopting the technical scheme, the problems that the access control service corresponding to the equipment cannot be effectively managed and the like are solved, the cross-platform control authority management is realized by configuring the access control service and determining the content of a plurality of fields in the access control unit and distributing the controllable management center or the corresponding authority of the controller with the highest authority to different application terminals, the expandability of the access control service is improved, and the confirmation of the control authority is more flexible.
It should be noted that the method for determining the access control list may be applied to not only the application terminal but also application terminals corresponding to other home appliances.
Optionally, the service right field includes: a service identification, wherein the service identification is used to uniquely identify a service.
Optionally, the service authority field further includes at least one of: the system comprises an attribute authority field, an operation authority field and an event authority field, wherein the attribute authority field is used for indicating the authority of each attribute, the operation authority field is used for indicating the authority of each operation, and the event authority field is used for indicating the authority of each event.
Optionally, the attribute permission field, the operation permission field, and the event permission field are all represented in a bitmap manner, where a first bit of the bitmap represents a permission whether to be read, a second bit of the bitmap represents a permission whether to be written, and a third bit of the bitmap represents a permission whether to be subscribed.
For example, the application terminal has services S1, S2, AMS (application management system, AMS for short), where S1 has two readable, writable, and subscribeable attributes, two writable operations and two subscribeable events, and S2 has three readable, writable, and subscribeable attributes; the access management center configures AMS in the access process of the application terminal, and defines the controller ID1 as having the highest authority. The controller ID1 queries the attribute 1 in the S1 through the attribute query interface, the application terminal searches for an Access Control List (ACL), finds that the token ID in the ACE1 matches the attribute ID and has the readable right of the attribute 1, and the application terminal returns the value of the attribute 1.
In an exemplary embodiment, the apparatus further includes: and the allocation module is used for allocating the access control unit with the highest authority to the application terminal by the access cloud after the application terminal is accessed into the binding access cloud.
In an exemplary embodiment, the apparatus further includes: and the control module is used for only allowing the same controller to be allocated with a unique access control unit under the condition that one application terminal is used.
In an exemplary embodiment, the apparatus further includes: the response module is used for receiving the request message sent by the controller and indicating the application terminal to respond to the request message of the controller; under the condition that the controller has the right of accessing the application terminal, normally returning the content requested by the request message; and under the condition that the controller does not have the authority of accessing the application terminal, returning an unauthorized notification message to the controller.
An embodiment of the present invention further provides a storage medium including a stored program, wherein the program executes any one of the methods described above.
Alternatively, in the present embodiment, the storage medium may be configured to store program codes for performing the following steps:
s1, configuring corresponding access control service for an application terminal; wherein the access control service comprises: an access control list; the access control list includes: one or more access control units;
s2, determining the contents of a plurality of fields in the access control unit through an access management center or a controller with the highest authority; wherein the plurality of fields include: the access control system comprises a priority field, an identification information field and a service authority field, wherein the priority field is used for indicating the highest authority or other authorities, the highest authority is used for indicating a controller or the access management center with the highest authority to process all contents of the access control list, the other authorities are used for indicating a second user with other authorities except the highest authority to acquire service authority of the second user through a designated controller or the access management center, the identification information field is determined according to user identification and equipment identification of the controller, and the service authority field is used for indicating all service authorities except the access control service.
Embodiments of the present invention also provide an electronic device comprising a memory having a computer program stored therein and a processor arranged to run the computer program to perform the steps of any of the above method embodiments.
Optionally, the electronic apparatus may further include a transmission device and an input/output device, wherein the transmission device is connected to the processor, and the input/output device is connected to the processor.
Optionally, in this embodiment, the processor may be configured to execute the following steps by a computer program:
s1, configuring corresponding access control service for an application terminal; wherein the access control service comprises: an access control list; the access control list includes: one or more access control units;
s2, determining the contents of a plurality of fields in the access control unit through an access management center or a controller with the highest authority; wherein the plurality of fields comprise: the access control system comprises a priority field, an identification information field and a service authority field, wherein the priority field is used for indicating the highest authority or other authorities, the highest authority is used for indicating a controller or the access management center with the highest authority to process all contents of the access control list, the other authorities are used for indicating a second user with other authorities except the highest authority to acquire service authority of the second user through a designated controller or the access management center, the identification information field is determined according to user identification and equipment identification of the controller, and the service authority field is used for indicating all service authorities except the access control service.
Optionally, in this embodiment, the storage medium may include, but is not limited to: various media capable of storing program codes, such as a usb disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic disk, or an optical disk.
Optionally, the specific examples in this embodiment may refer to the examples described in the above embodiments and optional implementation manners, and this embodiment is not described herein again.
It will be apparent to those skilled in the art that the modules or steps of the present invention described above may be implemented by a general purpose computing device, they may be centralized on a single computing device or distributed across a network of multiple computing devices, and alternatively, they may be implemented by program code executable by a computing device, such that they may be stored in a storage device and executed by a computing device, and in some cases, the steps shown or described may be performed in an order different than that described herein, or they may be separately fabricated into individual integrated circuit modules, or multiple ones of them may be fabricated into a single integrated circuit module. Thus, the present invention is not limited to any specific combination of hardware and software.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the principle of the present invention should be included in the protection scope of the present invention.

Claims (10)

1. A method for determining an access control list, comprising:
configuring corresponding access control service for the application terminal; wherein the access control service comprises: an access control list; the access control list includes: one or more access control units;
determining the contents of a plurality of fields in the access control unit through an access management center or a controller with the highest authority; wherein the plurality of fields include: the access control system comprises a priority field, an identification information field and a service authority field, wherein the priority field is used for indicating the highest authority or other authorities, the highest authority is used for indicating a controller or the access management center with the highest authority to process the whole content of the access control list, the other authorities are used for indicating a second user with other authorities except the highest authority to acquire the service authority of the second user through a designated controller or the access management center, the identification information field is determined according to a user identification and a device identification of the controller, and the service authority field is used for indicating all service authorities except the access control service.
2. The method of determining an access control list of claim 1, wherein said service rights field comprises: a service identification, wherein the service identification is used to uniquely identify a service.
3. The method of determining an access control list of claim 2, wherein said service rights field further comprises at least one of: the system comprises an attribute authority field, an operation authority field and an event authority field, wherein the attribute authority field is used for indicating the authority of each attribute, the operation authority field is used for indicating the authority of each operation, and the event authority field is used for indicating the authority of each event.
4. The method for determining the access control list according to claim 3, wherein the attribute authority field, the operation authority field and the event authority field are represented by a bitmap, wherein a first bit of the bitmap represents the readable authority, a second bit of the bitmap represents the writable authority, and a third bit of the bitmap represents the subscribed authority.
5. The method of determining an access control list of claim 1, further comprising:
and after the application terminal is accessed into a binding access cloud, the access cloud allocates an access control unit with the highest authority for the application terminal.
6. The method of determining an access control list of claim 1, further comprising:
and in the case that the number of the application terminals is one, only a unique access control unit is allowed to be allocated to the same controller.
7. The method of determining an access control list of claim 1, further comprising:
receiving a request message sent by the controller, and indicating the application terminal to respond to the request message of the controller;
under the condition that the controller has the right of accessing the application terminal, normally returning the content requested by the request message;
and under the condition that the controller does not have the authority of accessing the application terminal, returning an unauthorized notification message to the controller.
8. An apparatus for determining an access control list, comprising:
the configuration module is used for configuring corresponding access control service for the application terminal; wherein the access control service comprises: an access control list; the access control list includes: one or more access control units;
the determining module is used for determining the contents of a plurality of fields in the access control unit through an access management center or a controller with the highest authority; wherein the plurality of fields include: the access control system comprises a priority field, an identification information field and a service authority field, wherein the priority field is used for indicating the highest authority or other authorities, the highest authority is used for indicating a controller or the access management center with the highest authority to process all contents of the access control list, the other authorities are used for indicating a second user with other authorities except the highest authority to acquire service authority of the second user through a designated controller or the access management center, the identification information field is determined according to user identification and equipment identification of the controller, and the service authority field is used for indicating all service authorities except the access control service.
9. A computer-readable storage medium, comprising a stored program, wherein the program is operable to perform the method of any one of claims 1 to 7.
10. An electronic device comprising a memory and a processor, characterized in that the memory has stored therein a computer program, the processor being arranged to execute the method of any of claims 1 to 7 by means of the computer program.
CN202211202745.7A 2022-09-29 2022-09-29 Method and device for accessing control list, storage medium and electronic device Pending CN115694908A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211202745.7A CN115694908A (en) 2022-09-29 2022-09-29 Method and device for accessing control list, storage medium and electronic device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211202745.7A CN115694908A (en) 2022-09-29 2022-09-29 Method and device for accessing control list, storage medium and electronic device

Publications (1)

Publication Number Publication Date
CN115694908A true CN115694908A (en) 2023-02-03

Family

ID=85065539

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211202745.7A Pending CN115694908A (en) 2022-09-29 2022-09-29 Method and device for accessing control list, storage medium and electronic device

Country Status (1)

Country Link
CN (1) CN115694908A (en)

Similar Documents

Publication Publication Date Title
CN110463164B (en) System and method for resolving credentials for a device
JP2021525923A (en) How to control intelligent devices and devices
CN106878084B (en) Authority control method and device
CN104838618A (en) Method and apparatus for authenticating access authorization in wireless communication system
CN104937895A (en) Method and apparatus for controlling access in wireless communication system
CN108718343B (en) Household appliance user group resetting method, device and system, household appliance and server
CN115167164A (en) Method and device for determining equipment scene, storage medium and electronic device
CN113434766B (en) Subscription information pushing method and device, storage medium and electronic device
CN114697150A (en) Command issuing method and device, storage medium and electronic device
CN113114782B (en) Internet of things equipment comprehensive control method and device and intelligent terminal
CN115694908A (en) Method and device for accessing control list, storage medium and electronic device
CN116107975A (en) Control method and device of equipment, storage medium and electronic device
CN115987585A (en) Multi-application management system and application program access method
CN113452763B (en) Smart home business registration method and device and smart home system
CN115622723A (en) Device access control method and device, electronic device and storage medium
WO2007069207A2 (en) Access control in a network
CN112600744A (en) Authority control method and device, storage medium and electronic device
CN113726617A (en) Method for controlling equipment, related device and computer readable medium
CN114500617B (en) Internet equipment control method and device, storage medium and electronic equipment
CN111208743A (en) Intelligent household equipment, control method thereof and intelligent household system
CN111935832A (en) Network resource allocation method and device and computer equipment
CN115600185B (en) Resource operation method and system of cloud native platform
CN115694913A (en) Method and apparatus for transmitting device information, storage medium, and electronic apparatus
CN115314245B (en) Authority management method, system, storage medium and electronic device
CN115296946A (en) Control request decomposition method and device, storage medium and electronic device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination