KR102139852B1 - Method and system for contrilling access to shared resource using trust index - Google Patents

Abstract

Disclosed is a CPSS-based shared resource access authority control method and system using a confidence index. In a method of controlling access rights to a shared resource based on a trust index implemented by a computer, receiving a request for registration of a new entity to participate in a shared economic network and registering it in a database, which is already registered in the database Computing a confidence index for each entity based on an association between another entity and the new entity, setting an access authority between entities based on the calculated confidence index, and a request for access to a shared resource of a specific entity is received. As it becomes possible, it may include determining whether to allow access to the shared resource based on the set access authority.

Description

CPSS based shared resource access authority control method and system using trust index {METHOD AND SYSTEM FOR CONTRILLING ACCESS TO SHARED RESOURCE USING TRUST INDEX}

Embodiments of the present invention relates to a technique for numerically quantifying the reliability of resource providers, resources, and resource consumers in a shared economic environment, and controlling access to shared resources based on the quantified confidence index.

With the development of the economy, as extra resources were formed, there were people who owned the extra resources and wanted to use the extra resources. For example, the utilization rate of a car is about 4%, and when the seat of a running car is full, about 20%, there is a huge spare in the capacity of automobiles around the world. Sharing economy is provided by providing these extra resources so that they can be shared through a platform. In other words, the shared economy is an economic activity that lends and borrows resources from each other rather than the concept of ownership, and resource providers and resource consumers are connected through a platform to form a shared economic network on a certain scale. Such a shared economy has appeared in various forms in various fields.

As the Internet of Things environment develops, the concept of a Cyber Physical Social System (CPSS) that includes all things, information communication technology (ICT), and people is expanding. With the development of devices that can be connected to the ICT environment, such as sensors, the objects that exist in the real world (Physical Thing) are increasingly recognized and controlled in the virtual world. As this CPSS environment is combined with a shared economic network, various resources are increasingly being monitored in a cyber environment, and a shared economy market based on monitoring is emerging. In other words, ICT interfaces are increasingly used for objects and resources that are commonly used, and objects that can be remotely controlled are increasing as technology advances. For example, a smart door lock combined with a lodging sharing service, a driverless car, a common bicycle tracking device based on LoRA, etc. may correspond to the sharing economy market based on the monitoring.

As such, the shared economic market exists in various fields such as DVD rental, car rental, P2P lodging, equipment rental, and clothing rental, and as the shared economic market grows, the borrowed items are used ruggedly or resources are provided due to indiscriminate waste. There are a number of problems in which resource consumers suffer damage because the quality of the product is lower than that of the original product. For example, after renting a hanbok, there is a problem in that the returned hanbok is torn or damaged by dark stains. In addition, when renting a car, there is a case where the condition of the product before the rental contract is different from the condition of the actual rental product (e.g., when the vehicle maintenance status is poor, such as tire scratches, taillights/wiper failure, etc.) In the case of renting, the photo of the resource provider introduced the house and the condition of the house where the resource consumer actually stayed differed significantly, or the resource consumer must indiscriminately use the water/electricity fee to settle the excessive water/electricity fee by the resource provider. There are cases.

In the case of Airbnb, various authentication procedures such as submitting identification cards are required for authentication of providers and consumers who want to provide their home as a shared resource, and certificate-based device authentication and ID/password-based authentication are performed in real time. There are limitations in application to IoT devices due to server delays and errors. Such inconveniences in authentication are acting as a stumbling block to the spread of the sharing economy.

Korean Patent Publication No. 10-2017-0097497 relates to a curated tire replacement service system and method using a shared economy, and refers to the tire information extracted from the tire information being used by the user and the parameter information entered and selected by the user by referring to the database. When a certain number of corresponding tires are recommended, and if a tire replacement is booked among the recommended tires, the reserved tire is delivered to a service partner closest to the user, and the serviceman located close to the user visits the place where the user's vehicle is located. By sending a message to the disabled, it is disclosed that the tire replacement is possible for people with disabilities, foreigners, etc. who are difficult to replace in the store.

One embodiment of the present invention is to control access to shared resources based on a confidence index that quantifies and quantifies mutual evaluation between resource providers, resource consumers, and resources in a shared economy network formed through a platform.

In a method of controlling access rights to a shared resource based on a trust index implemented by a computer, receiving a request for registration of a new entity to participate in a shared economic network and registering it in a database, which is already registered in the database Computing a confidence index for each entity based on an association between another entity and the new entity, setting an access authority between entities based on the calculated confidence index, and a request for access to a shared resource of a specific entity is received. As it becomes possible, it may include determining whether to allow access to the shared resource based on the set access authority.

According to one aspect, the step of determining whether to allow the access comprises: receiving an access request to the corresponding shared resource as an event related to the use of the shared resource registered by another entity occurs in the new entity, and the access As the request is received, it may include the step of checking whether the new entity is an authorized entity to access the shared resource of another entity based on the access authority set between the entities.

According to another aspect, the step of determining whether the access permission is an authorized entity is input from the new entity and an access key previously registered in association with the shared resource of the corresponding entity from the other entity, and the sharing is performed. Based on the key information received through the resource, it is possible to check whether the new entity is an authorized entity for access.

According to another aspect, the step of determining whether the access permission is an authorized object may include accessing the new object as the new object is identified as an object that is not authorized to access the shared resource of the other object. It may further include the step of rejecting, and providing a warning notification to the other object that the new object attempts to access.

According to another aspect, in response to the request of the new entity, further comprising the step of controlling the new entity to be provided with information of at least one other entity associated with the shared resource, the shared resource that the other entity is allowed to access. can do.

According to another aspect, the method may further include controlling to provide the new entity by associating and providing information of another entity that has allowed access to the shared resource with the information of the permitted shared resource.

According to another aspect, the information of the other entity includes the confidence index of the other entity, and the confidence index of the other entity may be differently displayed in at least one of color and thickness according to a level to which the corresponding confidence index belongs. have.

According to another aspect, the confidence index may be updated based on usage history information in which results are recorded after the use of the shared resource in relation to a specific entity to which access is permitted.

According to another aspect, the step of calculating the confidence index may be calculated based on information representing the reputation of the other entity obtained from at least one online service server registered with the other entity.

In a computer-implemented trust index-based access control system for shared resources, a registration unit that registers a new entity to participate in a shared economic network and registers it in a database, which is already registered in the database Confidence index calculation unit for calculating an individual confidence index based on an association between another entity and the new entity, an authority setting unit for setting access rights between entities based on the calculated confidence index, and a shared resource of a specific entity When an access request of is received, it may include an access determining unit for determining whether to allow access to the shared resource based on the set access authority.

According to one aspect, the access determining unit receives an access request to the corresponding shared resource as an event related to the use of the shared resource registered by another entity occurs in the new entity, and as the access request is received, the Based on the access rights set between the objects, it is possible to check whether the new object is an object that has permission to access other objects' shared resources.

According to another aspect, the access determination unit is based on key information input from the new entity and an access key previously registered in association with the shared resource of the corresponding entity from the other entity and transmitted through the shared resource. It is possible to check whether the new entity is an entity to which access permission is granted.

According to another aspect, the access determining unit rejects the access of the new entity as the new entity is identified as an entity that is not authorized to access the shared resource of the other entity, and the new entity accesses the new entity. Alert notifications may be provided to the other entity attempted.

According to another aspect, in response to the request of the new object, the new object further includes a control unit for controlling to provide information of at least one other object associated with the shared resource, the shared resource that the other object is allowed to access. can do.

According to another aspect, the control unit may control to provide the new entity by associating and providing information of another entity that has allowed access to the shared resource and the information of the permitted shared resource.

According to another aspect, the information of the other entity includes the confidence index of the other entity, and the confidence index of the other entity may be differently displayed in at least one of color and thickness according to a level to which the corresponding confidence index belongs. have.

According to another aspect, the confidence index may be updated based on usage history information in which results are recorded after the use of the shared resource in relation to a specific entity to which access is permitted.

According to another aspect, the confidence index calculation unit may be calculated based on information representing the reputation of the other entity obtained from at least one online service server registered in the other entity.

By controlling access to the shared resource based on the confidence index that quantifies and quantifies the mutual evaluation between the resource provider, the resource consumer, and the resource, users can provide an environment where users can trust each other based on the ICT infrastructure, and various sharing economies It can be provided to use the application service of the network.

1 is a diagram illustrating a shared economic network environment in an embodiment of the present invention.
2 is a flowchart illustrating a method for controlling access authority of shared resources between entities based on a confidence index in an embodiment of the present invention.
3 is a block diagram showing an internal configuration of a shared resource access authority control system in an embodiment of the present invention.
4 is a view showing an association relationship between individuals in one embodiment of the present invention.
5 is a diagram provided for calculating the confidence index in an embodiment of the present invention.
6 is a block diagram illustrating a shared economic network in one embodiment of the present invention.
7 is a view showing visualization of a shared resource from the perspective of a resource provider in one embodiment of the present invention.
8 is a diagram illustrating visualization of a shared resource from the perspective of a resource consumer.
9 is a diagram illustrating an operation of controlling an access right to a smart door lock in one embodiment of the present invention.

The present embodiments relate to a technology for controlling access to a shared resource based on a numerical confidence index by mutually evaluating resource providers, resource consumers, and resources that share resources such as goods and products through a platform in a shared economy network. In particular, resource providers, resource consumers, resources in the real world, and resources in the real world that resource providers want to share based on the trust index between resources in the cyber world, and in the cyber world It is about technology to control the access of resource consumers to resources.

In these embodiments, "entity" may refer to a resource consumer and a resource provider.

In the present embodiments, "resource provider" and "resource consumer" may indicate a user terminal possessed by a resource provider and a resource consumer. For example, it may include a smart phone, a tablet, a notebook, a desktop PC, etc. possessed by a resource provider and a resource consumer.

In these embodiments, "Thing" may be expressed as a shared resource as an object to be shared or rented, and may be a company, organization, or agent on the real world and cyber. , Products, services, data, and the like.

In these embodiments, "trust" refers to the value of the future as well as the future in the past, and indicates the willingness of the other party to act as intended in the future, where "trust index" is a resource It can represent the value obtained by reciprocating mutual evaluation data between providers, resource consumers, and resources. That is, the confidence index may represent a resinized value indicating that the reliability is high and low depending on the situation and time.

The shared economy is a multi-user cooperation that takes advantage of economics, and since trust is possible to cooperate with others who do not know, the confidence index is a transaction with someone who does not know or wants to use their resources. It may be an indispensable element for.

In the present embodiments, a trust index is provided for calculating a trust index, and the trust index can be set in various ways according to the type of resource to be shared/borrowed. For example, the trust index may be set differently depending on whether the resource to be shared/rented is a vehicle, a house, a costume, a door lock, or a wireless communication module such as Wi-Fi.

1 is a diagram illustrating a shared economic network environment in an embodiment of the present invention.

According to FIG. 1, a shared economic network includes resource providers 110 that provide resources, resources such as various services on objects and cyber, and resource consumers (ie, users, who share and rent resources provided by the resource provider 110). 120). As resources are divided into objects 130 and various services 140 on the cyber, and people are divided into users and providers, a trust relationship between entities may be modeled as a four-party relationship. Here, the entity may represent the object 130, the cyber-service 120, the resource provider 110, and the user as a resource consumer 120, and the resource provider 110 and the consumer 120 are resource providers and It may represent an electronic device possessed by a consumer or an application implemented in the electronic device. For example, an electronic device such as a PC, a smartphone, a laptop, or a tablet, or an application installed in the electronic device may be represented. In one example, the resource provider 110 and the resource consumer 120 have memory, basic arithmetic, and logic for loading program code to execute a program (for example, the application described above) installed by a file provided from a server over a network. And a processor that processes instructions of the program by performing input/output operations.

In FIG. 1, an effective trust relationship between the resource provider 110, the resource consumer 120, the object 130, and the service 140 may be predefined, and the object 130 is an electronic device that can be connected to an ICT environment such as a sensor Can represent. For example, a trust relationship between the resource provider 110 and the resource consumer 120, the resource provider 110 and the object 130, the resource consumer 120 and the object 130, the resource provider 110 and the service 140, Eight trust relationships between the resource consumer 120 and the service 140 may be defined.

For example, the trust relationship between the resource provider 110 and the resource consumer 120 may represent a numerical confidence index based on mutual evaluation between the resource consumer 120 using objects, services, etc. provided by the resource provider 110. In addition, the confidence index is determined based on information collected in connection with the resource provider 110 and the resource consumer 130, and may be periodically updated. In addition, there may be a trust relationship generated by the resource provider 110 or the resource consumer 120 after receiving a friend's recommendation, and the trust index at this time may be determined based on the recommended friend's trust index. For example, if the recommended friend's confidence index is high, the confidence index of the object/service provided for sharing by the friend may be determined to be high, and if it is low, the confidence index of the object/service provided for sharing by the friend is low. Can be determined. As described above, the confidence index of the recommended friend may influence the determination of the confidence index of things and services, and not only the recommended friend based on the information of the recommended friend collected on the Internet or social network (SNS), as well as in the real environment , A confidence index of objects and services provided by a recommended friend may be determined.

2 is a flowchart illustrating a method for controlling access authority of shared resources between entities based on a confidence index in one embodiment of the present invention, and FIG. 3 is a system for controlling access authority of shared resources in one embodiment of the present invention. It is a block diagram showing the internal configuration of.

According to FIG. 3, the shared resource access authority control system 300 includes a registration unit 310, a confidence index calculation unit 320, an authority setting unit 330, an access determination unit 340, and a control unit 350 Can. The registration unit 310, the confidence index calculation unit 320, the authority setting unit 330, the access determination unit 340, and the control unit 350 are included in a processor of the shared resource access authority control system 300 It can be implemented in the form. The shared resource access authority control system 300 is implemented in the form of a platform, and may include the processor.

Each of the steps (210 to 260 steps) for performing the access authority control method in FIG. 2 includes a registration unit 310, a confidence index calculation unit 320, an authority setting unit 330, an access determination unit 340, and a control unit ( 350).

In step 210, the registration unit 310 may be requested to register a new entity to participate in the shared economic network and register it in the database.

For example, upon being requested to register a new entity, the registration unit 310 associates the personal information of the new entity received through the new entity with the identifier of the new entity (eg, ID, etc.) and password. You can register in the database. Then, the registration unit 310 may collect information related to the new entity to be used in calculating the confidence index of the new entity. For example, SNS information of a new entity, SNS information of a company group related to the new entity, reputation information of another entity evaluating the new entity on the Internet (eg, blog, cafe activity), and the like can be collected, and the collected information is a confidence index. It can be stored in association with a new entity for calculation. In addition to the new entity, the personal information of other entities and other entities and the collected information may be stored and stored in the database.

In step 220, the confidence index calculator 320 may calculate a confidence index for each individual based on the association between the new entity and another entity already registered in the database.

In one example, the reliability index calculation unit 320, if there is a history of a new entity using an object or a service provided by a new entity by another entity, and a review period exists, the confidence index of the new entity based on the review period Can be calculated. In addition, the confidence index of the new entity may be calculated based on the evaluation information of the new entity evaluated by the object or service. In the case of an IoT device having a sensor function mounted on an object, such as a house, room, or clothing shared by the object, the information collected through sensing may correspond to the evaluation information. For example, information indicating the state of the house before providing the house to other individuals (ie, cleanliness, equipment, water pressure, etc.) may correspond to evaluation information of the new individual evaluated by the object or service.

Similarly, after the use of the object or service provided by the new entity, the confidence index calculator 320 may calculate a confidence index of another entity related to the new entity based on evaluation information of the other entity in association with the new entity. In this case, in the case of an IoT device equipped with a sensor function mounted on an object such as a house, room, or clothes shared by the object, a new object-related other object based on information evaluated by the object (that is, information collected through sensing) The individual's confidence index can be calculated. For example, the reliability index of the other individual based on information indicating the state of the house after the other individual used the house provided by the new entity (electricity usage fee, degree of post-processing such as garbage disposal after use, presence or absence of damaged products, etc.) Can be calculated. As such, the confidence index calculator 320 may calculate the confidence index between entities through information collection based on mutual evaluation.

In step 230, the permission setting unit 330 may set access rights between entities based on the calculated confidence index.

In step 240, the access determining unit 340 determines whether access to the shared resource is permitted based on the access authority set with respect to the specific object for the shared resource as the access request to the shared resource of the specific object is received. Can.

In step 241, the access determination unit 340 may receive an access request from a new entity to a shared resource registered by another entity.

In step 242, the access determining unit 340 may check whether the new object is an object that is granted access permission to the shared resource of another object based on the access rights set between the objects. For example, the access determination unit 340 associates the new object with the shared resource of another object so that the new object can share the shared resource of the other object with an access key previously registered from the other object, from the new object. Based on the key information received and transmitted through the shared resource, it is possible to check whether the new object is an object for which access permission is granted.

In step 250, the controller 350 may control the new object to be provided with information of at least one other object associated with the shared resource and the shared resource that the new object is permitted to access to the other object in response to the request for the access of the new object. have. That is, when the new entity is a resource provider, the controller 350 permits access to other entities among resources (eg, electronic devices corresponding to objects and services such as a home or WiFi) owned by the new entity. It is possible to control the information provided to a new entity by associating information of one device and other objects permitted to access the device. For example, the control unit 350 may control the screen of the new object through the application installed in the new object to display information of a device that is permitted to access the other object and information of other objects that are permitted to access the device. have.

As another example, the control unit 350 may control the new entity to be provided as a new entity by associating the information of the other shared information and the permitted shared resource that has allowed access to its shared resource. That is, when the new entity is a resource consumer, the controller 350 controls the application of the new entity so as to associate and provide information of other entities that are the owners of the resource and resources that other entities are permitted to access to the new entity. Can. For example, object 1 and object 2 that another object A is permitted to access to the new object are displayed on the screen of the new object, and service 1 and object 3 that other object B is permitted to access the new object are associated with the new object. It may be displayed on the screen, the other object C is the service 2 is allowed to access the new object, another object D is allowed to access the new object 4, etc. may be displayed on the screen of the new object. At this time, a confidence index based on a relationship between a new entity and another entity may be displayed on the screen, and a detailed description of the confidence index will be described later with reference to FIG. 7.

4 is a view showing an association relationship between individuals in one embodiment of the present invention.

Referring to 410 of FIG. 4, the trust relationship between entities has a unidirectional relationship between a resource consumer (ie, a user), a resource provider, and a resource, but may have bidirectionality as 420 when a specific condition is established. That is, a trust domain, which is a family having the same confidence index between entities, may be formed as 420.

Referring to 420, even if it is assumed that the resource consumer User A believes the resource provider B and the resource provider B believes the resource C, the relationship that the user A always believes the resource C may not be established. At this time, additional conditions must be set so that the user A can determine whether the resource C is a reliable resource, and additional conditions may be provided as a confidence index. For example, if a specific predetermined condition is satisfied, a relationship in which user A believes resource C in the same situation may be formed.

For example, when the user A, the resource provider B, the resource C of the resource provider B (that is, the resource) exists, the user A can trust the resource C of the resource provider B based on the confidence index of the resource provider B and be rented. have. That is, the reliability index of the resource provider B may be inherited to affect the reliability index of at least one resource provided by the resource provider.

5 is a diagram provided for calculating the confidence index in an embodiment of the present invention.

Referring to Figure 5, the use of the confidence index can be divided into three steps. For example, it may be divided into a step before using the shared resource, a step while using the shared resource, and a step after completing the use of the shared resource. At this time, the reliability index between the resource provider and the resource consumer based on the corresponding shared resource analyzed in the pre-use step may be fed back and updated according to the usage record information that is a result of using the shared resource.

Referring to 510, the registration unit 310 may collect various data information and context information related to new objects and other objects registered in the DB. For example, it is possible to collect various reputation information evaluating the object through the individual's SNS information, company group SNS information, blog, cafe, etc. from the SNS server of the object on the Internet. And, it is possible to distinguish the entities to identify the relations between the entities, and calculate a confidence index based on the mutually evaluated information between the entities. The mutually evaluated information may be included in the collected information.

Referring to 520, when a request for access from a new entity to another entity's resource (eg, home, WiFi, bicycle, etc.) is received, the access determination unit 340 determines the criteria and other criteria of other entities that are resource providers. Based on the individual's confidence index, it is possible to determine whether or not to allow sharing of resources (ie, whether to grant access).

Referring to 530, the control unit 350 may notify other entities that are resource providers of the determination result. In addition, the usage history information in which usage reviews according to resources are used may be fed back, and the confidence index of the other entity may be updated based on the fed back information, and the controller 350 may update the confidence. The index can be provided to other entities that are resource providers. At this time, information indicating the state of the resource after use of the resource may also be fed back, and a confidence index of a new entity may be calculated in association with the resource based on the fed back state information. Then, the confidence index of the resource provided by the new entity may be calculated based on the calculated confidence index.

6 is a block diagram illustrating a shared economic network in one embodiment of the present invention.

Referring to FIG. 6, the shared economic network may include a shared resource access authority control system 600, a client terminal 601, resources 602, 603, 604, and 3rd party service providers 605. Although FIG. 6 shows one client terminal 601, a plurality of client terminals 601 may exist, and the client terminal 601 may be a resource provider, a resource consumer, or both. That is, it may be a resource provider and a resource consumer. The shared resource access authority control system 600 of FIG. 6 may represent the shared resource access authority control system 300 of FIG. 3. The block diagram of FIG. 3 shows a configuration included in the processors of the shared resource access authority control systems 300 and 600, and in FIG. 6, other configurations other than the processor may also be shown.

In FIG. 6, a visualization module controls visualization and may be included in the control unit 350 of FIG. 3. The entity management module determines whether access is permitted based on the access authority, and may be included in the access determination unit 340 of FIG. 3. The trust index manager module calculates the trust index and sets the access authority of the entity based on the trust index, and may include a trust index calculation unit 320 and a permission setting unit 330. . The trust data collection module (Trust Data Aggregator) is a module that collects information for calculating a confidence index, and may be included in the registration unit 310 of FIG. 3.

Referring to FIG. 6, a visualization module is a module for expressing an information visualization method, for example, in providing a confidence index calculated according to an association relationship between entities on a screen of an entity, a level to which the confidence index belongs Depending on the color and thickness, at least one of the colors can be visualized and controlled to be displayed. For example, if the confidence index is divided into three levels: high, medium, and low, if the confidence index of the object corresponds to high, the information of the object is separated from other objects by the color and the thickness specified in the corresponding level. It can be visualized and controlled to be displayed.

The entity management module may indicate a module that manages entities (ie, resource consumers, resource providers, services, resources) registered in the system. For example, the entity information manager can manage information of each entity registered in the DB, and the entity relationship manager is an association relationship between registered entities (eg, ownership relationship, friend Relationship, etc.). A resource access manager module may manage access control of shared resources.

The trust index manager module can calculate a confidence index between entities through associations of individual entities. For example, the entity relationship analyzer can analyze association relationships (ie, trust relationships) between registered entities, and the confidence relationship calculator calculates each entity based on the analyzed association relationships. The confidence index can be calculated.

The Trust Data Aggregator can collect various data to calculate the confidence index of individuals registered in the system. For example, the Trust Data Collector can collect and manage data related to the calculation of the confidence index. The Trust Data Verifier can be a data verification module that maintains the quality of the collected data by checking and verifying the suitability and abnormality of the data collected from the Trust Data Collector. The Open API connector may correspond to an API connection point connecting with an external data provider.

The 3rd party service providers 605 represent external services, platforms, and systems that provide various object related data outside the system, and can provide related information through the Open API. For example, the trust data collection module (Trust Data Aggregator) may collect information for calculating the trust index for each individual registered in the DB from the 3rd party service providers 605.

7 is a view showing visualization of a shared resource from the perspective of a resource provider in one embodiment of the present invention.

According to FIG. 7, when the new entity 701 is a resource provider, information of another entity authorized to access devices (ie, shared resources) owned by the resource provider from the perspective of the resource provider is displayed on the screen of the new entity. Can. At this time, information of different entities may be displayed by being divided for each shared resource.

For example, information of other entities permitted to access the WiFi 702 possessed by the new entity 701 may be displayed in association with the WiFi 702. Information of other entities may include photos, IDs, nicknames, etc. for identifying other entities, and may further include a confidence index. At this time, the confidence index may be displayed by classifying color and thickness/size according to the level to which the confidence index belongs. For example, as the confidence index belongs to a higher level, a color assigned to the corresponding level may be displayed in bolder than a lower level. At this time, the color corresponding to the level to which the corresponding confidence index belongs to the edge of another entity, that is, the border may be displayed with a designated thickness. The confidence index may decrease in the order of green, yellow, and red. That is, green may have the highest confidence index, yellow may be the middle, and red may be the lowest. In addition to the 3 levels of color, the level of the confidence index can be subdivided into 4 levels, 5 levels or more, and the colors may be variously designated in advance for each level.

In the case of the bike 703, information of other objects that the new object is permitted to share their bike 703 may be displayed on the screen of the new object in association with the bike 703. In addition, when the resource to be shared by the new object includes the door lock 704, the TV 705, etc., the door lock 704 and the TV 750 may also be displayed on the screen, and there are still objects that are permitted to be shared. If not, only representative images representing the door lock 704 and the TV 750 may be displayed independently. At this time, if there is another object to which the door lock 704 or the TV 750 is shared, that is, the access is permitted, the object may be displayed in association with the representative image of the door lock 704 or the TV 750. have. In addition, although access is permitted, there may be other entities to exclude access.

For example, the confidence index of another entity may be periodically updated, and in the previous period, the confidence index is high, so access is allowed, but after a certain period of time, the confidence index of the corresponding entity may be lowered. Then, access was allowed previously, but access can be denied by releasing access permission thereafter. To this end, when information (eg, an image) of another entity displayed in association with a representative image of a resource is selected from a new entity, a function for releasing access (eg, a checkbox, a message, a pop-up window, etc.) may be provided. At this time, after the function for releasing the access is selected, if the access release confirmation is selected again by the new object, the object may be excluded from the displayed area in association with the representative image of the resource.

8 is a diagram illustrating visualization of a shared resource from the perspective of a resource consumer.

Referring to FIG. 8, when the new entity 801 is a resource consumer (ie, a user of a shared resource), it may be displayed on a screen as to what a shared resource other entities are providing to them from the perspective of the resource consumer. That is, information of a shared resource that is permitted to access to himself (a new entity) and a resource provider who owns the resource may be displayed on the screen. It can be divided into different objects that are allowed access to the shared resource, and the shared resource of the object and the object can be displayed on the screen.

For example, when another entity A 802 is a family of a new entity, a new entity may be granted access to a wireless communication module such as a door lock or WiFi, or a TV. Then, the control unit 350 may control the display to be displayed on the screen of the new object by associating door lock, WiFi, and TV, which are shared resources granted to the new object, based on the other object A 802. If there are more different objects that allow access to the shared resource to the new object in addition to the other object A 802, the shared resource granted by the other object B 803 and the other object B 803 is associated with the screen. And the shared resource authorized by the other object C 804 and the other object C 804 may be displayed on the screen. The confidence index of another entity may be displayed together with a representative image of another entity, and the confidence index may be displayed in different thicknesses and colors according to the level to which the confidence index belongs.

9 is a diagram illustrating an operation of controlling an access right to a smart door lock in one embodiment of the present invention.

FIG. 9 illustrates a case in which access rights of a smart door lock are controlled to use a lodging as a shared resource, such as Airbnb, unmanned hotel, etc., but this is applicable to the embodiment, and in addition to the lodging, the company door, courier service, etc. In order to access the access rights of the smart door lock may be controlled.

Referring to FIG. 9, the resource provider 901 may access the shared resource access authority control system 900. For example, a website/mobile website for use of a service provided by the shared resource access authority control system 900 may be accessed, or may be accessed through an application. At this time, when the resource provider 901 is authenticated through the input of the registered ID and password, a service for controlling access authority may be provided.

For example, the resource provider 901 may set access rights to the resource consumer A 902 and the resource consumer B 903 to enable access to the smart door lock. At this time, when access rights are set, an access key previously registered in association with the shared resource smart door lock may be provided to resource consumer A 902 and resource consumer B 903. The access key may be set and registered by the resource provider 901, or may correspond to a security code randomly generated by the system.

Thereafter, when access to the smart door lock is requested from a specific resource provider, the access determination unit 340 may check the access right to the smart door lock in association with the resource provider that requested access. For example, when access is granted, it is possible to check whether a specific resource provider is an authorized user for access based on the access key provided to the resource provider and the key information input by the specific resource provider requesting access to the smart door lock. When the resource consumer requested to access through the validation of the access key is an authorized user (that is, a user who has successfully validated the key), the access determining unit 340 allows the resource consumer A 902 to access the smart door lock. The resource provider 901 may be informed that the request has been made. At this time, information (eg, name, phone number) of the resource consumer A 902 requesting access so that the resource provider 901 can identify who the resource consumer A 902 is to be provided together with the resource provider 901. Can. When the validity of the access key is confirmed, the controller 350 can provide the password of the smart door lock to the resource consumer A 902, and then, the resource consumer A 902 inputs the password of the smart door lock, thereby The shared resource of the provider 901 may be shared.

On the other hand, the resource consumer B 903 may transfer the access key for access to the shared resource of the resource provider 901 to other users (eg, resource consumer C, 904). In this case, when the resource consumer C 904 requests access to the smart door lock of the hostel, which is a shared resource of the resource provider 901, based on the access key provided from the resource consumer B 903 to the smart door lock, the key is valid for key validation It may be determined as a user who has not. For example, a token method used in Oauth or the like may be used for validating an access key. That is, it may be determined whether the user is a valid user or an invalid user through the access key and token inspection. In addition, in the case of an application (application), when passed to other users, the access key may be processed to be invalidated internally. When validating, the access key is the same, but the user information using the key is checked together with the key. It may be determined whether the user is valid.

As described above, when the key validation fails, that is, when the resource consumer C 904 is identified as an object that is not authorized to access the shared resource of the resource provider 901, the access determination unit 340 determines the resource consumer C ( 904) may be denied access, and a resource notification 901 may be provided to the resource provider 901 indicating that the resource consumer C 904 attempts to access the smart door lock.

Smart door lock-related access of the common entrance of the resource provider's accommodation may be set to be permitted to the courier. For example, when going out, or when it is difficult to go home due to driving, meetings, etc., the courier may set the access rights of the resource provider to the shared resource (ie, to the apartment common entrance).

At this time, it may be necessary to check the confidence index for the corresponding courier before setting the access authority of the courier. Then, based on the company group SNS information of the courier article, the reliability index of the courier article may be calculated by collecting information representing the reputation of the courier article in the corresponding group. For example, a confidence index may be calculated based on evaluation information of other users of the corresponding courier article, information of other courier articles evaluating the courier article, and the confidence index along with the phone number and name of the courier article is a resource. It can be displayed on the provider's screen. If the confidence index is high, access rights to the apartment common entrance can be established. The telephone number, name, and the like of the courier article may be obtained based on information previously notified to the resource provider before the courier article visit. For example, it may be obtained based on information related to a courier service provided through instant messaging such as text, Kakao Talk, Line, etc., including information such as the visit time, telephone number, name, courier item information, and courier company name, which are notified in advance. Based on the obtained information, the reliability index of the courier driver may be calculated by collecting SNS information related to the corresponding courier driver and SNS information in the company group. At this time, the access authority of the courier driver may be temporarily set one-time, and may be automatically released after access is permitted once. For safety reasons, it may be possible for the access provider to set the access permission again in order to allow access again. Accordingly, the access key may be changed to a different value each time an access right is set, and different values may be provided for each user.

The risk analysis method and system using the reliability index described above may be implemented as a hardware component, a software component, and/or a combination of a hardware component and a software component. For example, the systems and components of the systems described in the embodiments are, for example, processors, controllers, arithmetic logic units (ALUs), digital signal processors (micro signal processors), microcomputers, field programmable arrays (FPAs) ), a programmable logic unit (PLU), a microprocessor, or any other device capable of executing and responding to instructions, may be implemented using one or more general purpose computers or special purpose computers. The processing device may run an operating system (OS) and one or more software applications running on the operating system. In addition, the processing device may access, store, manipulate, process, and generate data in response to the execution of the software. For convenience of understanding, a processing device may be described as one being used, but a person having ordinary skill in the art, the processing device may include a plurality of processing elements and/or a plurality of types of processing elements. It can be seen that may include. For example, the processing device may include a plurality of processors or a processor and a controller. In addition, other processing configurations, such as parallel processors, are possible.

The software may include a computer program, code, instruction, or a combination of one or more of these, and configure the processing device to operate as desired, or process independently or collectively You can command the device. The software may be distributed on networked computer systems, and stored or executed in a distributed manner. Software and data may be stored in one or more computer-readable recording media.

The method according to the embodiment may be implemented in the form of program instructions that can be executed through various computer means and recorded on a computer-readable medium. The computer-readable medium may include program instructions, data files, data structures, or the like alone or in combination. The program instructions recorded on the medium may be specially designed and configured for the embodiment or may be known and usable by those skilled in computer software. Examples of computer-readable recording media include magnetic media such as hard disks, floppy disks, and magnetic tapes, optical media such as CD-ROMs, DVDs, and magnetic media such as floptical disks. -Hardware devices specially configured to store and execute program instructions such as magneto-optical media, and ROM, RAM, flash memory, and the like. Examples of program instructions include high-level language code that can be executed by a computer using an interpreter, etc., as well as machine language codes produced by a compiler.

As described above, although the embodiments have been described by a limited embodiment and drawings, those skilled in the art can make various modifications and variations from the above description. For example, the described techniques are performed in a different order than the described method, and/or the components of the described system, structure, device, circuit, etc. are combined or combined in a different form from the described method, or other components Alternatively, even if replaced or substituted by equivalents, appropriate results can be achieved.

Therefore, other implementations, other embodiments, and equivalents to the claims are also within the scope of the following claims.

Claims (18)

In the computer-implemented trust index-based shared resource access authority control method,
Requesting registration of a new entity to participate in a shared economic network and registering in a database;
Calculating a confidence index for each of the entities based on an association relationship between the new entity and an entity already registered in the database;
Setting access rights between the entities based on the confidence index; And
And determining whether to allow access to the shared resource based on the access authority, when a request for access to one of the shared resources is received from a specific entity,
The step of setting the access right,
Based on the access authority, providing an access key for a shared resource of any one of the entities to the other of the entities,
Determining whether to allow the access,
Receiving an access key from the specific entity;
Determining whether the received access key and the provided access key are the same and validating the received access key;
When the validity of the received access key is confirmed, determining whether the specific entity is another one of the entities and checking the validity of the specific entity;
If the validity of the specific entity is confirmed, allowing access to the shared resource to the specific entity; And
And if the validity of the specific entity is not confirmed, invalidating the provided access key. delete According to claim 1,
The step of determining the validity of the specific individual,
Providing key information to another one of the entities; And
And determining whether the key information input through the shared resource is the same as the provided key information, and determining the validity of the specific entity. According to claim 1,
If the validity of the specific entity is not confirmed, denying access to the shared resource to the specific entity; And
And providing a warning notification to any one of the entities that the specific entity attempts to access the shared resource. delete delete delete According to claim 1,
And if access to the shared resource is allowed to the specific entity, updating the confidence index based on usage history information in which results after the shared resource is used by the specific entity are recorded. How to control access rights. According to claim 1,
The step of calculating the confidence index,
A method of controlling a shared resource access right based on information representing the reputation of the entities obtained from at least one online service server, and calculating the confidence index. In a computer-implemented trust index based shared resource access authority control system,
A registration unit for registering a new entity to participate in a shared economic network and registering it in a database;
A confidence index calculator configured to calculate a confidence index for each of the entities based on an association relationship between the new entity and an entity already registered in the database;
A permission setting unit for setting access rights between the entities based on the trust index; And
And an access determination unit determining whether to allow access to the shared resource based on the access authority, when an access request to a shared resource of any one of the entities is received from a specific entity,
When the access right is set, based on the access right, an access key for a shared resource of any one of the objects is provided to the other of the objects,
The access determining unit,
Receiving an access key from the specific entity,
It is determined whether the received access key and the provided access key are the same to check the validity of the received access key,
When the validity of the received access key is confirmed, it is determined whether the specific object is another one of the objects, and the validity of the specific object is checked,
When the validity of the specific entity is confirmed, access to the shared resource is allowed to the specific entity,
If the validity of the specific entity is not confirmed, the shared resource access authority control system invalidates the provided access key. delete The method of claim 10,
The access determining unit,
Provide key information to the other of the entities,
A shared resource access authority control system for determining whether the key information input through the shared resource is the same as the provided key information and determining the validity of the specific entity. The method of claim 10,
The access determining unit,
If the validity of the specific object is not confirmed, the specific object is denied access to the shared resource,
A shared resource access permission control system that provides a warning notification to any one of the entities that the specific entity attempts to access the shared resource. delete delete delete The method of claim 10,
The confidence index,
If access to the shared resource is allowed to the specific object, the shared resource access authority control system is updated based on usage record information in which results after the shared resource is used by the specific object are recorded. The method of claim 10,
The confidence index calculation unit,
A shared resource access authority control system that calculates the confidence index based on information representing the reputation of the entities obtained from at least one online service server.

Images