CN115879086A - Authority control method of intelligent device, intelligent device and readable storage medium - Google Patents
Authority control method of intelligent device, intelligent device and readable storage medium Download PDFInfo
- Publication number
- CN115879086A CN115879086A CN202111132530.8A CN202111132530A CN115879086A CN 115879086 A CN115879086 A CN 115879086A CN 202111132530 A CN202111132530 A CN 202111132530A CN 115879086 A CN115879086 A CN 115879086A
- Authority
- CN
- China
- Prior art keywords
- authority
- user
- organization
- control method
- equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Landscapes
- Storage Device Security (AREA)
Abstract
The invention provides an authority control method of an intelligent device, the intelligent device and a readable storage medium, which comprises receiving an operation signal and user information; reading a permission file, wherein the permission file stores an equipment organization path and a use permission rule of the intelligent equipment, and the use permission rule comprises the operation permission of nodes in the equipment organization path; obtaining user operation authority according to the node of the user information in the equipment organization path; and if the operation signal accords with the user operation authority, executing the operation signal. The user information is acquired from the authority background, the intelligent device stores the authority files which are all set in the form of organizing node authority, then the user information passes the authority authentication of the authority files and then obtains corresponding use authority and subsequent control operation, the off-line intelligent device can acquire the corresponding authority files from the authority background through the client, then the latest version of the authority files are completed, and the updating of the off-line device is facilitated.
Description
Technical Field
The present invention relates to the field of device information security, and in particular, to an authority control method for an intelligent device, and a readable storage medium.
Background
In the scenes of smart homes, smart offices, smart campuses and the like, due to consideration of various factors, a plurality of devices are often in an unconnected state, but people with different roles in an organization also have different operation authorities to the devices, for example, only a property manager can open an office door, a printing device has different use authorities according to people in different departments, and the like, so that the requirements that the devices authenticate and control operators in an offline state are generated.
In the current offline authentication scheme, the device usually needs to store the authority information of each operator, and when there are many people in the organization, the authority information stored by the device needs to occupy a large amount of storage space. When new personnel join or the authority changes due to the adjustment of the organization structure, the changed authority configuration is required to be completely synchronized to the equipment to be effective, and when the equipment is more and the organization structure and the personnel authority are complex, the authority control of the off-line equipment is inconvenient.
Disclosure of Invention
The first purpose of the invention is to provide an authority control method for intelligent equipment, which has small storage space of an authority file and flexible authority management.
The second purpose of the invention is to provide an intelligent device for implementing the authority control method.
A third object of the present invention is to provide a computer-readable storage medium storing the above-mentioned right control method.
A fourth object of the present invention is to provide a rights control method with flexible rights management.
In order to achieve the first object of the present invention, the present invention provides an authority control method for an intelligent device, including: receiving an operation signal and user information; reading a permission file, wherein the permission file stores an equipment organization path and a use permission rule of the intelligent equipment, and the use permission rule comprises the operation permission of nodes in the equipment organization path; obtaining user operation authority according to the node of the user information in the equipment organization path; and if the operation signal accords with the user operation authority, executing the operation signal.
The scheme can be seen that by designing the authority file stored by the intelligent device, the authority file comprises a device organization path of the current intelligent device and a use authority rule of a node where the current intelligent device is located, and a user can represent that the authority file has corresponding use authority as long as the user is located at a certain node in the organization path.
In a further aspect, the nodes of the device organization path include nodes from a root node of the organization to a location of the smart device.
The user information comprises a user ID, a user organization path and a user organization identifier, wherein the user organization identifier is a node where the user ID is located in the user organization path.
In a further aspect, the nodes of the user organization path include nodes from a root node of the organization to a location of the user.
Therefore, the number of the nodes can be set to be multiple, and the multiple nodes can be sequentially arranged from the root node to the node where the equipment/user is located, so that the application setting of the permission is more flexible.
In order to achieve the second object of the present invention, the present invention provides an intelligent device, which is characterized by comprising a processor and a memory, wherein the processor is used for implementing the steps of the authority control method according to the scheme when executing the computer program stored in the memory.
In order to achieve the third object of the present invention, the present invention provides a computer-readable storage medium on which a computer program is stored, the computer program, when executed by a processor, implementing the steps of the entitlement control method as in the above-described scheme.
In order to achieve the fourth object of the present invention, the present invention provides a method for controlling authority, comprising an authority authentication step; the authority authentication step comprises the following steps: a client acquires user information of a current user; the intelligent equipment receives an operation signal and user information sent by a client; the method comprises the steps that the intelligent equipment reads an authority file, the authority file stores an equipment organization path and a use authority rule of the intelligent equipment, and the use authority rule comprises operation authority of nodes in the equipment organization path; the intelligent equipment obtains user operation authority according to the node where the user information is located in the equipment organization path; and if the operation signal accords with the user operation authority, the intelligent device executes the operation signal.
In a further scheme, the client acquires the user information from the rights background.
The user information comprises a user ID, a user organization path and a user organization identifier, wherein the user organization identifier is a node where the user ID is located in the user organization path.
The authority control method comprises the steps of updating an authority file; the step of updating the authority file comprises the following steps: the client receives the version number of the authority file sent by the intelligent equipment; the client sends the version number of the authority file and the intelligent equipment ID to the authority background; the client receives the latest version of the authority file sent by the authority background; and the intelligent device receives and stores the latest version of the authority file sent by the client.
Therefore, the user information is acquired from the authority background through the client, the intelligent device stores the authority files which are all set in a mode of organizing node authority, the user information is authenticated through the authority of the authority files, then the corresponding use authority is acquired, and then the subsequent control operation is carried out.
Drawings
Fig. 1 is a flowchart of updating a rights file in an embodiment of the rights control method of the present invention.
Fig. 2 is a flowchart of user authentication in the embodiment of the right control method of the present invention.
Fig. 3 is a flowchart of the authority operation in the authority control method embodiment of the present invention.
FIG. 4 is a schematic diagram of an organization structure in an embodiment of the method for controlling authority according to the present invention.
The invention is further described with reference to the following figures and examples.
Detailed Description
The embodiment of the authority control method comprises the following steps:
referring to fig. 1, the authority control method includes an authority file updating step and an authority authentication step, where the authority control method includes an authority control method for an intelligent device and an authority control method for a client, the intelligent device may be a printer, an intelligent door lock, etc., the client may adopt a mobile phone, a tablet, etc., and the device has a communication function, and a corresponding control program is installed in the device.
When the intelligent device executes the step of updating the authority file, firstly, the intelligent device is in communication connection with the client, then, the step S11 is executed, the intelligent device sends the version number of the authority file to the client, then, the client executes the step S21, the client receives the version number of the authority file sent by the intelligent device, then, the step S22 is executed, the client sends the version number of the authority file and the ID of the intelligent device to the authority background, when the intelligent device communicates with the authority background, the authority background acquires the authority file signed by a platform private key at a signature center, then, the step S23 is executed, the client receives the latest version of the authority file sent by the authority background, the authority file is related to a node of an organization path where the intelligent device is located, then, the step S24 and the step S12 are executed, and the intelligent device receives and stores the latest version of the authority file sent by the client.
Referring to fig. 2, when the user authentication step is executed, the client communicates with the rights repository, the client registers a user ID and related information, and then executes step S41, the client obtains user information of a current user from the rights repository, the user information includes the user ID, a user organization path and a user organization identifier, nodes of the user organization path include nodes from a root node of an organization to a location of the user, and the user organization identifier is a node where the user ID is located in the user organization path, referring to fig. 3, taking an organization architecture of company a as an example, the user may be an employee of company a-supply center-purchasing part, and then the user organization path of the user is company a-supply center-purchasing part, and the user organization identifier of the user is a purchasing part, and when the user information is obtained, the rights repository signs a user public key (user Pub-RSA) and the organization identifier together by using a platform private key (platform Pri-RSA), and returns the user public key and the organization identifier to the client.
And then executing a step S42, wherein the user public Key and the user information with a platform private Key signature are sent by the client, the organization identifier is used for proving organization structure node information of the client, then executing a step S31, the intelligent device receives the user information sent by the client, then executing a step S32, the organization identifier in the user information is matched and verified with an organization path where the intelligent device is located, after verification is passed, the intelligent device end randomly generates an AES-Key, the AES-Key is signed by the user public Key, the AES-Key and the authority file version number are returned to the client, the client obtains the user private Key from the cloud, the user private Key is generally stored in the client or can be stored in the cloud, the client uses the user private Key to sign the AES-Key, and the AES-Key is obtained and used for subsequent communication with the intelligent device end.
Referring to fig. 3, when performing the permission operation, first step S51 and step S61 are executed, the smart device receives the operation signal and the user information sent by the client, and step S62 is executed, the smart device reads the permission file, the permission file stores a device organization path and a usage permission rule of the smart device, a node of the device organization path includes a node from a root node of an organization to a location of the smart device, the usage permission rule includes an operation permission of the node in the device organization path, which is also exemplified in fig. 4, the device organization path of the smart device is "company a-supply center-procurement department", and the device organization identifier of the smart device is "procurement department", in terms of specific operation permission setting, a plurality of different permissions can be set, for example, the permission file is formatted in JSON format, for example:
{
"path": [ "company a", "supply center", "procurement department" ],
“rule”:[
{
"name": "the procurement department can print",
“code”:“xxx”,
“ability”:”print”
},
{
"name": the 'IT department can be maintained',
“code”:“yyy”,
“ability”:“ops”
}
]
}
from the above, except that the specified purchasing part can perform printing operation, IT can also be set up that IT department can perform maintenance or change consumables.
Then, step S63 is executed, the smart device obtains the user operation authority according to the node where the user information is located in the device organization path, as in the above example, the user is in the purchasing department, and the smart device is also in the purchasing department, so the user passes the authority authentication of the smart device and obtains the printing operation authority of the smart device.
Then step S64 is executed, and if the operation signal meets the user operation authority, the smart device executes the operation signal and can implement the printing action. If the operation authority does not pass, the related inhibition information is returned. When the user of the IT department communicates with the intelligent equipment and carries out authority authentication, the user of the IT department can acquire the maintenance authority and then carry out the authorities such as consumable part replacement or maintenance.
The embodiment of the intelligent equipment comprises:
the intelligent device can be a printer, an intelligent door lock, a commercial cooker and the like, and comprises a processor and a memory, wherein the processor is used for realizing the steps of the authority control method operated by the intelligent device when executing the computer program stored in the memory.
Computer-readable storage medium embodiments:
the computer readable storage medium has stored thereon a computer program which, when executed by a processor, implements the steps of the entitlement control method according to the above-described scheme.
Therefore, the user information is acquired from the authority background through the client, the intelligent device stores the authority files which are all set in a mode of organizing node authority, the user information is authenticated through the authority of the authority files, then the corresponding use authority is acquired, and then the subsequent control operation is carried out.
Claims (10)
1. An authority control method for an intelligent device, comprising:
receiving an operation signal and user information;
reading a permission file, wherein the permission file stores an equipment organization path and a use permission rule of intelligent equipment, and the use permission rule comprises the operation permission of nodes in the equipment organization path;
obtaining user operation authority according to the node of the user information in the equipment organization path;
and if the operation signal conforms to the user operation authority, executing the operation signal.
2. The entitlement control method of claim 1, characterized in that:
the nodes of the device organization path include nodes from a root node of the organization to a location of the smart device.
3. The entitlement control method of claim 1, characterized in that:
the user information comprises a user ID, a user organization path and a user organization identifier, wherein the user organization identifier is a node where the user ID is located in the user organization path.
4. The entitlement control method of claim 3 wherein:
the nodes of the user organization path include nodes from a root node of the organization to a location of the user.
5. Intelligent device, characterized in that it comprises a processor and a memory, said processor being adapted to implement the steps of the entitlement control method according to any one of claims 1 to 4 when executing a computer program stored in said memory.
6. A computer-readable storage medium having stored thereon a computer program, characterized in that: the computer program when executed by a processor implementing the steps of the rights control method of any one of claims 1 to 4.
7. A method for controlling authority includes the steps of authority authentication;
the right authentication step includes:
the client acquires user information of a current user;
the intelligent equipment receives the operation signal and the user information sent by the client;
the intelligent equipment reads a permission file, the permission file stores an equipment organization path and a use permission rule of the intelligent equipment, and the use permission rule comprises the operation permission of nodes in the equipment organization path;
the intelligent equipment obtains user operation authority according to the node where the user information is located in the equipment organization path;
and if the operation signal conforms to the user operation authority, the intelligent device executes the operation signal.
8. The entitlement control method of claim 7, characterized in that:
and the client acquires the user information from the authority background.
9. The entitlement control method of claim 7, characterized in that:
the user information comprises a user ID, a user organization path and a user organization identifier, wherein the user organization identifier is a node where the user ID is located in the user organization path.
10. The entitlement control method in accordance with any of claims 7 to 9, characterized in that:
the authority control method comprises an authority file updating step;
the step of updating the authority file comprises the following steps:
the client receives the version number of the authority file sent by the intelligent equipment;
the client sends the version number of the authority file and the ID of the intelligent equipment to an authority background;
the client receives the latest version of the authority file sent by the authority background;
and the intelligent equipment receives and stores the latest version of the authority file sent by the client.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111132530.8A CN115879086A (en) | 2021-09-26 | 2021-09-26 | Authority control method of intelligent device, intelligent device and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111132530.8A CN115879086A (en) | 2021-09-26 | 2021-09-26 | Authority control method of intelligent device, intelligent device and readable storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115879086A true CN115879086A (en) | 2023-03-31 |
Family
ID=85762746
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111132530.8A Pending CN115879086A (en) | 2021-09-26 | 2021-09-26 | Authority control method of intelligent device, intelligent device and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115879086A (en) |
-
2021
- 2021-09-26 CN CN202111132530.8A patent/CN115879086A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108701145B (en) | System and method for digital identity management and admissions control in distributed network node | |
| US20120117608A1 (en) | Certificate policy management tool | |
| US20080141350A1 (en) | Authentication for computer system management | |
| CN106023360A (en) | Intelligent system management method of Bluetooth intelligent lock | |
| US20100186075A1 (en) | Method and system for accessing devices in a secure manner | |
| US20150169860A1 (en) | Security key using multi-otp, security service apparatus, security system | |
| CN113271211A (en) | Digital identity verification system, method, electronic device and storage medium | |
| CN113360862A (en) | Unified identity authentication system, method, electronic device and storage medium | |
| CN101729551A (en) | Method and system for controlling access privilege for trusted network node | |
| IL278465B1 (en) | Medical image transfer system | |
| CN112910904B (en) | Login method and device of multi-service system | |
| CN108733997B (en) | Mobile power data monitoring system and method based on fingerprint identification | |
| CN105915338A (en) | Key generation method and key generation system | |
| CN104036163A (en) | Right Management In Distributed Scan System | |
| JP2018530283A (en) | Discovery of encryption deployment | |
| CN109242404A (en) | History information management method, device, computer equipment and readable storage medium storing program for executing | |
| CN109241762A (en) | Assets information acquisition methods, device and computer equipment based on block chain technology | |
| CN104038663A (en) | Device management in a distributed scan system | |
| CN104036162A (en) | Delegate access in distributed scan system | |
| CN108629188A (en) | Management equipment and document file management system | |
| CN109977644A (en) | Right management method is classified under a kind of Android platform | |
| CN111510428B (en) | Security resource operation and maintenance platform system and control method | |
| CN115879086A (en) | Authority control method of intelligent device, intelligent device and readable storage medium | |
| CN109388922A (en) | A kind of user management based on RBAC model and a key log in realizing method | |
| CN107396361A (en) | A kind of method and apparatus for being used to carry out user equipment wireless connection pre-authorization |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |