WO2016131277A1 - Notification resource processing method, device and system - Google Patents

Notification resource processing method, device and system Download PDF

Info

Publication number
WO2016131277A1
WO2016131277A1 PCT/CN2015/091123 CN2015091123W WO2016131277A1 WO 2016131277 A1 WO2016131277 A1 WO 2016131277A1 CN 2015091123 W CN2015091123 W CN 2015091123W WO 2016131277 A1 WO2016131277 A1 WO 2016131277A1
Authority
WO
WIPO (PCT)
Prior art keywords
cse
request message
access permission
resource
attribute
Prior art date
Application number
PCT/CN2015/091123
Other languages
French (fr)
Chinese (zh)
Inventor
吴昊
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2016131277A1 publication Critical patent/WO2016131277A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W24/00Supervisory, monitoring or testing arrangements

Definitions

  • the present invention relates to the field of communications, and in particular to a method, device, and system for processing an advertisement resource.
  • an Application Entity is a logical unit for executing an M2M application.
  • a Common Service Entity is a management AE. Logic unit. CSEs include multiple types depending on where they are located, for example:
  • An application service node which is an ASN-CSE, is a CSE on an application terminal, and can be used to manage an AE on the application terminal and perform data interaction between the AE and the network server.
  • the intermediate node CSE (Middle Node-CSE, referred to as MN-CSE) is a CSE on the gateway, which can be used to manage the AE connected to the gateway, implement data interaction between the AEs connected to the gateway, and represent The AE connected to the gateway performs data interaction with the web server;
  • the infrastructure node CSE (Infrastructure Node-CSE, referred to as IN-CSE) is the CSE on the network server.
  • the AE manages the AE by registering on the CSE.
  • the CSE registered by the AE is called the registration CSE of the AE.
  • the registration CSE creates resources locally for the AE to manage and store application-related data.
  • the AE can only directly send and receive request and response messages with the registered CSE.
  • AE can only be registered on one CSE.
  • the manner in which the original resources are advertised is also defined in the related art.
  • the AE can advertise itself to other target CSEs (non-registered CSEs), ie the AE advertises itself to the target CSE by registering the CSE.
  • the process of advertising is to create an advertising resource on the target CSE corresponding to the resource of the AE on the registered CSE, for conveniently retrieving the AE according to the information of the advertised resource, and the advertising resource may be a subset of the original resource.
  • the resource created by the AE on the registration CSE is called the original resource of the AE
  • the resource corresponding to the original resource created on the notified target CSE is called the advertisement resource of the AE.
  • AE1 uses the application AE1 on the mobile phone as the controller of the home smart home to remotely control the home appliances.
  • AE1 needs to register on the IN-CSE to send control requests to the home through the IN-CSE.
  • On the appliance but when user A returns home, in order to save data traffic, he does not want to continue to access the Internet to control the home appliances, but wants to control through the smart home gateway at home, however, according to the existing M2M architecture, AE1 can only be registered on one CSE, and can only send requests to the registered CSE, so the application AE1 on the user A's mobile phone cannot control the home appliance through the home gateway, and must use the data network to connect to the network for control.
  • the invention provides a method, a device and a system for processing an advertisement resource, so as to at least solve the technical problem that an application entity can only access a registered public service entity for home device control.
  • a method for processing an advertisement resource including: a target CSE receives a request message sent by a registration CSE of an AE, where the request message carries an access permission indication, and the access The permission indication is used to indicate whether the AE is allowed to access the target CSE; the target CSE creates or updates an advertisement resource of the AE according to the request message, where the created or updated advertisement resource includes access permission Indicates the attribute.
  • the creating, by the target CSE, the advertisement resource of the AE according to the request message includes: the target CSE creating the AE And an advertised resource, where the attribute of the advertised resource includes: an access permission indication attribute created according to the access permission indication.
  • the target CSE updating the advertisement resource of the AE according to the request message includes: the target CSE checks the created AE Whether the attribute of the advertisement resource includes: an access permission indication attribute; in a case where the attribute of the advertisement resource of the AE is determined to include an access permission indication attribute, the target CSE allows the access permission The value indicating the attribute is set to the value of the access permission indication.
  • the target CSE updating the advertised resource of the AE according to the request message further includes: And the target CSE creates an access permission indication attribute in the advertisement resource, and sets a value of the access permission indication attribute to a value of the access permission indication.
  • the method further includes: the target CSE receiving another request message of the AE; the target The CSE queries an access permission indication attribute in the advertisement resource of the AE; and in a case that the value of the access permission indication attribute is indicated as allowing access, the target CSE sends an acceptance of the another request message.
  • the requested response message to the AE is not limited to the request message.
  • the target CSE sends a response message rejecting the request of the another request message to the AE: the advertised resource of the AE does not exist on the target CSE; the access permission indication attribute does not exist in the advertised resource of the AE that has been created on the target CSE; The value of the access permission indication attribute in the advertisement resource of the AE is indicated as not allowing access; the target CSE root authority policy is to verify that the AE does not have access to the target CSE.
  • the request message sent by the target CSE to receive the registration CSE of the AE includes: the note The CSE receives the request message for requesting to create or update the advertisement resource on the target CSE; the registration CSE sends a request message carrying the access permission indication to the target CSE.
  • the method further includes: the registration CSE, according to the permission policy, verifying whether the AE meets creation or Updating the authority of the advertisement resource of the AE on the target CSE; wherein, in the case of verifying that the AE satisfies the authority to create or update the advertisement resource of the AE on the target CSE, The registration CSE sends a request message carrying the access permission indication to the target CSE.
  • the request message sent by the registration CSE further carries a security certificate for verifying the legality of the registered CSE identity.
  • a notification resource processing apparatus which is applied to a target CSE, and includes: a receiving module, configured to receive a request message sent by a registration CSE of an AE, where the request message carries An access permission indication, the access permission indication is used to indicate whether the AE is allowed to access the target CSE; and the processing module is configured to create or update an advertisement resource of the AE according to the request message, where The updated notification resource includes an access permission indication attribute.
  • the processing module is configured to: when the request message is an advertisement resource creation request message, create the advertisement resource of the AE, where the attribute of the advertisement resource includes: according to the The access permission indication attribute created by the admission indication.
  • the processing module is configured to: if the request message is an advertisement resource update request message, check whether an attribute of the advertisement resource of the created AE includes: an access permission indication attribute; If the result of the judgment is that the attribute of the advertisement resource of the AE includes an access permission indication attribute, the value of the access permission indication attribute is set to a value of the access permission indication.
  • the processing module is further configured to: create an access permission indication attribute in the advertisement resource, if the attribute of the advertisement resource of the AE does not include an access permission indication attribute, And setting the value of the access permission indication attribute to the value of the access permission indication.
  • the device further includes: another request message receiving module, configured to receive another request message of the AE; and a query module, configured to query an access permission indication attribute in the advertisement resource of the AE And a response module configured to, in a case where the value of the access permission indication attribute is indicated as allowing access, the target CSE transmitting a response message requesting the request of the another request message to the AE.
  • another request message receiving module configured to receive another request message of the AE
  • a query module configured to query an access permission indication attribute in the advertisement resource of the AE
  • a response module configured to, in a case where the value of the access permission indication attribute is indicated as allowing access, the target CSE transmitting a response message requesting the request of the another request message to the AE.
  • the response module is further configured to send a response message rejecting the request of the another request message to the AE in a case where the notification resource of the AE does not exist on the target CSE;
  • the access permission indication attribute does not exist in the advertisement resource of the AE that has been created on the target CSE; the value of the access permission indication attribute in the advertisement resource of the AE that has been created on the target CSE is represented by To prevent access; the target CSE verifies that the AE does not have access to the target CSE according to the rights policy.
  • an advertisement resource processing system including: an AE, a registration CSE, The target CSE, wherein the target CSE includes the above-mentioned announcement resource processing device.
  • the registering CSE includes: a registration CSE receiving module, configured to receive a request message that the AE is used to request to create or update the advertisement resource on the target CSE; and register a CSE sending module, and set to send and carry There is a request message for the access permission indication to the target CSE.
  • the registration CSE further includes: a verification module, configured to verify, according to the permission policy, whether the AE meets the authority to create or update the advertisement resource of the AE on the target CSE; wherein, the verification The registration CSE sending module sends a request message carrying the access permission indication to the target, if the AE satisfies the right to create or update the advertisement resource of the AE on the target CSE.
  • a verification module configured to verify, according to the permission policy, whether the AE meets the authority to create or update the advertisement resource of the AE on the target CSE; wherein, the verification The registration CSE sending module sends a request message carrying the access permission indication to the target, if the AE satisfies the right to create or update the advertisement resource of the AE on the target CSE.
  • the request message sent by the registration CSE sending module further carries a security certificate for verifying the legality of the registered CSE identity.
  • the request message sent by the CSE of the AE is received by the target CSE, where the request message carries an access permission indication, the access permission indication is used to indicate whether the AE is allowed to access the target CSE, and the target CSE is requested according to the request.
  • the message creates or updates the AE's advertised resource, where the created or updated advertised resource includes the access permission indication attribute, which solves the technical problem that the application entity can only access the registered public service entity for home device control, so that the application The entity can control the home device by accessing the target public service entity.
  • FIG. 1 is a flowchart of a method for processing an advertisement resource according to an embodiment of the present invention
  • FIG. 2 is a schematic structural diagram of an advertisement resource processing apparatus according to an embodiment of the present invention.
  • FIG. 3 is a schematic diagram of an optional structure of an advertisement resource processing apparatus according to an embodiment of the present invention.
  • FIG. 4 is a schematic structural diagram of an announcement resource processing system according to an embodiment of the present invention.
  • FIG. 5 is a flow diagram of a method of accessing a CSE by an advertising resource in accordance with an alternate embodiment of the present invention.
  • FIG. 1 is a flowchart of a method for processing an advertisement resource according to an embodiment of the present invention. As shown in FIG. 1, the process includes the following steps:
  • step S102 the target CSE receives the request message sent by the registration CSE of the AE, where the request message carries an access permission indication, and the access permission indication is used to indicate whether the AE is allowed to access the target CSE;
  • Step S104 The target CSE creates or updates an advertisement resource of the AE according to the request message, where the created or updated advertisement resource includes an access permission indication attribute.
  • the access permission indication attribute is created on the advertising resource of the target CSE, so that the target CSE can access the AE according to the access permission indication attribute, and the application entity can only access the registered public service entity for home device control.
  • the technical problem enables the application entity to perform home device control by accessing the target public service entity.
  • the AE can create an access permission indication attribute on one or more target CSEs, thereby enabling the AE to access on one or more target CSEs to implement home device control. In this way, the inconvenience caused by the AE being able to access the registered CSE to achieve home device control is avoided, and the user experience is improved.
  • the target CSE creates an advertisement resource of the AE, where the attribute of the advertisement resource includes: an access permission indication attribute created according to the access permission indication. .
  • the creation of an advertisement resource including an access permission indication attribute is implemented.
  • the target CSE checks whether the attribute of the advertised resource of the created AE includes: an access permission indication attribute; and the notification that the result is AE In the case where the attribute of the resource includes the access permission indication attribute, the target CSE sets the value of the access permission indication attribute to the value of the access permission indication. In this way, an update of the advertisement resource including the access permission indication attribute is implemented.
  • the step S104 further includes: the target CSE creates an access permission indication attribute in the advertisement resource, and the access permission is performed.
  • the value of the indication attribute is set to the value of the access permission indication. In this way, an update of the advertisement resource that does not include the access permission indication attribute is implemented.
  • the AE may send another request message to the target CSE by registering the CSE; thereafter, the target CSE Receiving another request message of the AE; the target CSE queries the access permission indication attribute in the advertisement resource of the AE; and in the case that the value of the access permission indication attribute is indicated as allowing access, the target CSE sends a request to accept another request message Response message to AE.
  • the target CSE can access the AE, so that the AE can control the home device through the target CSE. In this way, the AE access target CSE is implemented.
  • the target CSE sends a response message rejecting the request of the other request message to the AE in one of the following: the advertising resource of the AE does not exist on the target CSE; The access permission indication attribute does not exist in the advertisement resource of the AE that has been created on the target CSE; the value of the access permission indication attribute in the advertisement resource of the AE that has been created on the target CSE is not allowed to be accessed; the target CSE root authority policy, Verify that the AE does not have access to the target CSE.
  • the request message received by the target CSE is sent via the registration CSE, for example, the registration CSE receives the AE request to request to create or update the advertisement resource on the target CSE; the registration CSE sends the request carrying the access permission indication. Message to the target CSE.
  • the access permission indication is also carried in the request message sent by the AE to the registration CSE.
  • the registration CSE verifies whether the AE satisfies the authority to create or update the AE resource of the AE on the target CSE according to the privilege policy; wherein, after verifying that the AE meets the notification of creating or updating the AE on the target CSE In the case of the authority of the resource, the registration CSE sends a request message carrying the access permission indication to the target CSE.
  • the request message sent by the registration CSE further carries a security certificate for verifying the legality of the registered CSE identity.
  • the security certificate can be used for the identity CSE to authenticate the registered CSE, thereby improving the security of the AE access target CSE.
  • the method according to the above embodiment can be implemented by means of software plus a necessary general hardware platform, and of course, by hardware, but in many cases, the former is A better implementation.
  • the technical solution of the present invention which is essential or contributes to the prior art, may be embodied in the form of a software product stored in a storage medium (such as ROM/RAM, disk,
  • the optical disc includes a number of instructions for causing a terminal device (which may be a cell phone, a computer, a server, or a network device, etc.) to perform the methods described in various embodiments of the present invention.
  • an advertised resource processing device is also provided, and the device is applied to the target CSE, and is used to implement the foregoing embodiments and optional embodiments.
  • the term “module” may implement a combination of software and/or hardware of a predetermined function.
  • the apparatus includes: a receiving module 22 and a processing module 24, wherein the receiving module 22 is configured to receive an AE. Registering a request message sent by the CSE, where the request message carries an access permission indication, where the access permission indication is used to indicate whether the AE is allowed to access the target CSE; the processing module 24 is coupled to the receiving module 22, and is configured to create according to the request message. Or updating the AE's advertised resource, where the created or updated advertised resource includes an access permission indication attribute.
  • the processing module 24 is configured to: when the request message is an advertisement resource creation request message, create an advertisement resource of the AE, where the attribute of the advertisement resource includes: an access permission indication attribute created according to the access permission indication.
  • the processing module 24 is configured to: if the request message is the advertisement resource update request message, check whether the attribute of the advertised resource of the created AE includes: an access permission indication attribute; and the notification resource whose judgment result is AE In the case where the attribute includes the access permission indication attribute, the value of the access permission indication attribute is set to the value of the access permission indication.
  • the processing module 24 is further configured to: when the attribute of the advertisement resource whose judgment result is AE does not include the access permission indication attribute, create an access permission indication attribute in the advertisement resource, and set the access permission indication attribute The value is set to the value of the access permission indication.
  • FIG. 3 is a schematic diagram of an optional structure of an advertisement resource processing apparatus according to an embodiment of the present invention.
  • the apparatus may further include: another request message receiving module 32, configured to receive another request of the AE. a message; the query module 34 is coupled to another request message receiving module 32, configured to query an access permission indication attribute in the advertisement resource of the AE; Module 36, coupled to query module 34, is arranged to send a response message requesting another request message to the AE if the value of the access grant indication attribute is indicated as allowing access.
  • the response module 36 is further configured to send a response message rejecting the request of another request message to the AE in the case of one of: the announcement resource of the AE not present on the target CSE; the announcement of the created AE on the target CSE
  • the access permission indication attribute does not exist in the resource; the value of the access permission indication attribute in the advertisement resource of the AE that has been created on the target CSE is indicated as not allowing access; the target CSE verifies that the AE does not access the target CSE according to the rights policy. Permissions.
  • each of the above modules may be implemented by software or hardware.
  • the foregoing may be implemented by, but not limited to, the foregoing modules are all located in the same processor; or, the modules are located in multiple In the processor.
  • Embodiments of the present invention also provide a software for performing the technical solutions described in the foregoing embodiments and optional embodiments.
  • Embodiments of the present invention also provide a storage medium.
  • the above storage medium may be configured to store program code for performing the following steps:
  • step S1 the target CSE receives the request message sent by the registration CSE of the AE, where the request message carries an access permission indication, and the access permission indication is used to indicate whether the AE is allowed to access the target CSE;
  • step S2 the target CSE creates or updates an advertised resource of the AE according to the request message, where the created or updated advertised resource includes an access permission indication attribute.
  • the foregoing storage medium may include, but is not limited to, a USB flash drive, a Read-Only Memory (ROM), and a Random Access Memory (RAM).
  • ROM Read-Only Memory
  • RAM Random Access Memory
  • This embodiment also provides an advertisement resource processing system.
  • 4 is a schematic structural diagram of an advertisement resource processing system according to an embodiment of the present invention. As shown in FIG. 4, the system includes: an AE 42, a registration CSE 44, and a target CSE 46, wherein the target CSE 46 includes the foregoing notification resource processing apparatus. .
  • AE 42 and one target CSE 46 are schematically shown in the figure. In actual situations, the number of AE 42 or target CSE 46 may be multiple.
  • the registration CSE 44 includes: a registration CSE receiving module, configured to receive a request message for the AE 42 to request to create or update an advertisement resource on the target CSE 46; and a registration CSE sending module, configured to send the indication with the access permission indication Request a message to the target CSE 46.
  • the registration CSE 44 further includes: a verification module configured to verify, according to the rights policy, whether the AE 42 satisfies the authority to create or update the AE 42 of the target CSE 46; wherein, after verifying that the AE 42 meets the creation or In the case of updating the authority of the AE 42 on the target CSE 46, the registration CSE sending module sends the bearer The request message indicating the permission is entered to the target CSE 46.
  • a verification module configured to verify, according to the rights policy, whether the AE 42 satisfies the authority to create or update the AE 42 of the target CSE 46; wherein, after verifying that the AE 42 meets the creation or In the case of updating the authority of the AE 42 on the target CSE 46, the registration CSE sending module sends the bearer The request message indicating the permission is entered to the target CSE 46.
  • the request message sent by the registration CSE sending module further carries a security certificate for verifying the validity of the registered CSE 44 identity.
  • An optional embodiment of the present invention provides a method for accessing a CSE by advertising a resource, wherein the AE and the non-registration are implemented by enhancing the process of advertising the resource in the related art, and modifying the limitation of the AE sending and receiving message in the related art.
  • FIG. 5 is a flowchart of a method for accessing a CSE by advertising a resource according to an alternative embodiment of the present invention. As shown in FIG. 5, the process includes the following steps:
  • step S501 the application (ie, AE) sends a first request message to the registration CSE, where the request message includes:
  • Access permission indication When set to true (true), it means that the application is allowed to access on the target CSE; when set to false (false), it means that the application is not allowed to access on the target CSE.
  • Step S502 After receiving the first request message, the registration CSE sends a second request message (corresponding to the request message in step S102) to the target CSE, where the request message includes:
  • An access permission indication the value being a value of an access permission indication in the first request message.
  • Step S503 after the target CSE receives the second request message
  • the request message requests to create an advertisement resource
  • the advertisement resource of the application is created locally, and the attribute "access permission indication" is created for the resource, and the value is set to the value of the access permission indication in the second request message;
  • the request message requests to update the advertisement resource, check whether the attribute "access permission indication" is included in the advertisement resource of the existing initiator of the locality, and if so, set its value to the access permission indication in the second request message.
  • Step S504 the application sends a third request message (corresponding to another request message described above) to the target CSE, where the request message includes:
  • Step S505 After receiving the third request message of the initiator, the target CSE checks whether the advertised resource of the application exists according to the identifier of the application included in the request message, and if yes, checks whether the advertised resource includes the attribute “access permission indication”. If included and the value of the attribute is true, a response message is sent to the application, and the response message indicates acceptance of the request;
  • the target CSE when one of the following conditions is met, sends a response message to the AE, and the response message indicates rejection:
  • step 1 the AE sends a create resource request message to the registration CSE, and the resource request message includes the following parameters:
  • Access permission indication true means that the AE is allowed to access on the advertised target CSE, and false means that the AE is not allowed to access on the advertised target CSE.
  • the access indication can send and receive messages on the CSE. For example, a request message is sent and a response message is received.
  • Step 2 After receiving the resource creation request message, the CSE authenticates the AE. After the verification is passed, the AE is assigned the identifier AE1-ID, the resource ⁇ AE1> is created, and the attribute AE identity (AE- is created for the resource ⁇ AE1>. ID)", attribute "announce to”, and attribute "access permission indication”.
  • the above verification process can be:
  • Step 3 The registration CSE sends a create resource response message to the AE, where the response message includes an identifier AE1-ID assigned to the AE, and an address of the resource ⁇ AE1>.
  • Step 4 According to the parameter “advertised to” included in the resource creation request, the registration CSE sends a request for creating a resource to the target CSE, where the request message includes the following parameters:
  • the original resource link the address of the resource that needs to be advertised, for example, the address set as the resource ⁇ AE1> in this embodiment;
  • AE-ID set to the value of the attribute "AE-ID" of the resource ⁇ AE1>;
  • Step 5 After receiving the resource request message, the target CSE verifies the authority to register the CSE. After the verification is passed, the resource ⁇ AE1Annc> is created, and the attribute “access permission indication” is created for the resource ⁇ AE1Annc>, and the attribute “original resource connection” is created. , attribute "AE-ID", the value of the attribute is set to the value of the corresponding parameter in the creation resource request message.
  • Step 6 the AE sends a read resource request message to the target CSE, and the read resource request message includes the following parameters:
  • Step 7 After receiving the request message of the AE, the target CSE reads the identifier of the AE, and locally finds whether there is a resource including the AE identifier, and if so, checks whether the attribute “access permission indication” is included, and if so, checks Whether the value of the attribute "access permission indication” is true, if yes, the target CSE sends a response message to the AE, the response message indicates that the request is accepted, or after checking that the attribute "access permission indication” is true, the AE is also verified. Whether there is permission to perform this operation, after the verification is passed, the target CSE sends a response message to the AE, and the response message indicates acceptance of the request.
  • the target CSE when one of the following conditions is met, sends a response message to the AE, and the response message indicates the rejection request:
  • verifying whether the AE has the authority to perform this operation can be performed in the following manner:
  • the local database stores a set of information, which records which operation can be performed or which operation cannot be performed. Where "who" is recorded by the identifier of the object, which operation is described as creating, updating, reading, and deleting. From this it can be known whether the originator of the proposed operation request has the right to perform the operation it requested.
  • Step 1 The AE sends an update resource request message to the registration CSE, where the update resource request message includes the following parameters:
  • Access permission indication true means that the AE is allowed to access on the advertised target CSE, and false means that the AE is not allowed to access on the advertised target CSE.
  • Step 2 After receiving the update resource request message, the registration CSE checks whether the resource ⁇ AE1> includes the attribute “advertised to”, and if not, creates the attribute “advertised to” and the attribute “access permission indication” for the resource ⁇ AE1>. .
  • Step 3 According to the parameter “advertised to” included in the update resource request, the registration CSE sends a request for creating a resource to the target CSE, where the request message includes the following parameters:
  • the original resource link the address of the resource that needs to be advertised, for example, the address set as the resource ⁇ AE1> in this embodiment;
  • AE-ID set to the value of the attribute "AE-ID" of the resource ⁇ AE1>;
  • Step 4 After receiving the resource request message, the target CSE verifies the authority to register the CSE. After the verification is passed, the resource ⁇ AE1Annc> is created, and the attribute "access permission indication” is created for the resource ⁇ AE1Annc>, and the attribute "original resource connection” is created. , attribute "AE-ID", the value of the attribute is set to the value of the corresponding parameter in the creation resource request message.
  • Step 5 The AE sends a read resource request message to the target CSE, where the read resource request message includes the following parameters:
  • Step 6 After receiving the request message of the AE, the target CSE reads the identifier of the AE, and locally finds whether there is a resource including the AE identifier, and if so, checks whether the attribute “access permission indication” is included, and if so, checks Whether the value of the attribute "access permission indication” is true, if yes, the target CSE sends a response message to the AE, the response message indicates that the request is accepted, or after checking that the attribute "access permission indication” is true, the AE is also verified. Whether there is permission to perform this operation, after the verification is passed, the target CSE sends a response message to the AE, and the response message indicates acceptance of the request.
  • the target CSE when one of the following conditions is met, sends a response message to the AE, and the response message indicates the rejection request:
  • Step 1 The AE sends an update resource request message to the registration CSE, where the update resource request message includes the following parameters:
  • Access permission indication true means that the AE is allowed to access on the advertised target CSE, and false means that the AE is not allowed to access on the advertised target CSE.
  • Step 2 After receiving the update resource request message, the registration CSE verifies the AE, and verifies whether the AE has the resource that needs to be updated indicated in the permission update request message. After the verification is passed, check whether the resource ⁇ AE1> includes the attribute “access permission”. Indicates, if not included, the attribute "access permission indication" is created.
  • Step 3 The registration CSE sends an update resource request to the target CSE.
  • the address of the target CSE is included in the attribute “advertised to” of the resource ⁇ AE1>, and the request message includes the following parameters:
  • This embodiment is the address of the AE resource on the target CSE, that is, the address of the resource ⁇ AE1Annc>
  • Step 4 After receiving the update resource request message, the target CSE verifies the authority to register the CSE. After the verification is passed, if the AE's advertisement resource ⁇ AE1Annc> on the target CSE includes the attribute “access permission indication”, the value is set to be Update the value of the corresponding parameter in the resource request; if the attribute "access permission indication” is not included, create the attribute "access permission indication” whose value is set to the value of the corresponding parameter in the update resource request message.
  • Step 5 The AE sends a read resource request message to the target CSE, where the read resource request message includes the following parameters:
  • Step 6 After receiving the request message of the AE, the target CSE reads the identifier of the AE, and locally finds whether there is a resource including the AE identifier, and if so, checks whether the attribute “access permission indication” is included, and if so, checks Whether the value of the attribute "access permission indication” is true, if yes, the target CSE sends a response message to the AE, the response message indicates that the request is accepted, or after checking that the attribute "access permission indication” is true, the AE is also verified. Whether there is permission to perform this operation, after the verification is passed, the target CSE sends a response message to the AE, and the response message indicates acceptance of the request.
  • the target CSE when one of the following conditions is met, sends a response message to the AE, and the response message indicates the rejection request:
  • step 1 the AE sends a create resource request message to the registration CSE, and the resource request message includes the following parameters:
  • Access permission indication true means that the AE is allowed to access on the advertised target CSE, and false means that the AE is not allowed to access on the advertised target CSE.
  • a security certificate can be a set of pre-configured strings on the application.
  • the CSE acts as a manager and is pre-configured with policies to verify which security certificates are legitimate.
  • the access indication can send and receive messages on the CSE. For example, a request message is sent and a response message is received.
  • Step 2 After the registration CSE receives the resource creation request message, the AE is verified, and after the verification is passed, the AE is given.
  • the identifier AE1-ID is created, the resource ⁇ AE1> is created, the attribute "AE-ID" is created for the resource ⁇ AE1>, the attribute "advertised to”, and the attribute "access permission indication”.
  • the above verification process can be:
  • Step 3 The registration CSE sends a create resource response message to the AE, where the response message includes an identifier AE1-ID assigned to the AE, and an address of the resource ⁇ AE1>.
  • Step 4 According to the parameter “advertised to” included in the resource creation request, the registration CSE sends a request for creating a resource to the target CSE, where the request message includes the following parameters:
  • the original resource link the address of the resource that needs to be advertised, for example, the address set as the resource ⁇ AE1> in this embodiment;
  • AE-ID set to the value of the attribute "AE-ID" of the resource ⁇ AE1>;
  • Step 5 After receiving the resource creation request message, the target CSE verifies the authority to register the CSE, verifies the AE-ID and the security certificate, and after the verification is passed, creates the resource ⁇ AE1Annc>, and creates the attribute “access permission indication” for the resource ⁇ AE1Annc>. ", attribute "original resource connection”, attribute "AE-ID”, the value of the attribute is set to the value of the corresponding parameter in the creation resource request message.
  • Step 6 the AE sends a read resource request message to the target CSE, and the read resource request message includes the following parameters:
  • Step 7 After receiving the request message of the AE, the target CSE reads the identifier of the AE and the security certificate, and verifies the identity of the AE and the validity of the security certificate. After the verification is passed, the local search for the resource including the AE identifier, if any, Then check whether the attribute "access permission indication" is included, and if so, check whether the value of the attribute "access permission indication” is true, and if so, the target CSE sends a response message to the AE, the response message indicates acceptance of the request, or After checking that the value of the attribute "access permission indication" is true, it also verifies whether the AE has the authority to perform this operation. After the verification is passed, the target CSE sends a response message to the AE, and the response message indicates acceptance of the request.
  • the target CSE when one of the following conditions is met, sends a response message to the AE, and the response message indicates the rejection request:
  • verifying whether AE or CSE has the right to perform this operation can be done in the following way:
  • the local database stores a set of information, which records who can perform which operation or who can not. Where "who" is recorded by the identifier of the object, which operation is described as creating, updating, reading, and deleting. From this it can be known whether the originator of the proposed operation request has the right to perform the operation it requested.
  • the authentication of the AE and the security certificate may be: the local database stores a set of information, and records which identifiers of the security certificates are legal, such as the security certificate s001, the corresponding legal identifier is c001, and the security certificate s002.
  • the corresponding legal ID is the beginning of r001. If the identifier of an application is r001001 and the security certificate is s001, the registered CSE considers this to be illegal.
  • the same AE can send and receive messages on different CSEs, and the application scenario of the M2M is extended.
  • the above description shows that the present invention creates an access permission indication attribute on the advertisement resource of the target CSE, so that the target CSE can access the AE according to the access permission indication attribute, and the application entity can only access the registration.
  • the technical problem of the public service entity performing home equipment control enables the application entity to perform home equipment control by accessing the target public service entity.
  • modules or steps of the present invention described above can be implemented by a general-purpose computing device that can be centralized on a single computing device or distributed across a network of multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device such that they may be stored in the storage device by the computing device and, in some cases, may be different from the order herein.
  • the steps shown or described are performed, or they are separately fabricated into individual integrated circuit modules, or a plurality of modules or steps thereof are fabricated as a single integrated circuit module.
  • the invention is not limited to any specific combination of hardware and software.

Abstract

Provided are a notification resource processing method, device and system. The method comprises: receiving, by a target common service entity (CSE), a request message transmitted by a registered CSE of an application entity (AE), wherein the request message carries an access permission indication indicating whether the AE is permitted to access the target CSE; creating or updating, by the target CSE and according to the request message, an AE notification resource, wherein the created or updated notification resource comprises an access permission indication attribute. The present invention addresses the technical problem in which an AE can only obtain control over a household device by accessing a registered CSE, allowing the AE to obtain control over a household device by accessing a target CSE.

Description

通告资源处理方法、装置及系统Notification resource processing method, device and system 技术领域Technical field
本发明涉及通信领域,具体而言,涉及一种通告资源处理方法、装置及系统。The present invention relates to the field of communications, and in particular to a method, device, and system for processing an advertisement resource.
背景技术Background technique
根据现有的物联网(Machine to Machine,简称为M2M)架构,应用实体(Application Entity,简称为AE)是执行M2M应用的逻辑单元,公共业务实体(Common Service Entity,简称为CSE)是管理AE的逻辑单元。CSE根据其所处的位置不同包括多种类型,例如:According to the existing Machine to Machine (M2M) architecture, an Application Entity (AE) is a logical unit for executing an M2M application. A Common Service Entity (CSE) is a management AE. Logic unit. CSEs include multiple types depending on where they are located, for example:
1、应用服务节点CSE(Application Service Node-CSE,简称为ASN-CSE),是应用终端上的CSE,可用于管理该应用终端上的AE,以及代表该AE与网络服务器进行数据交互;An application service node (CSE), which is an ASN-CSE, is a CSE on an application terminal, and can be used to manage an AE on the application terminal and perform data interaction between the AE and the network server.
2、中间节点CSE(Middle Node-CSE,简称为MN-CSE),是网关上的CSE,可用于管理连接到该网关的AE,实现连接到该网关上的AE之间的数据交互,以及代表连接到该网关上的AE与网络服务器进行数据交互;2. The intermediate node CSE (Middle Node-CSE, referred to as MN-CSE) is a CSE on the gateway, which can be used to manage the AE connected to the gateway, implement data interaction between the AEs connected to the gateway, and represent The AE connected to the gateway performs data interaction with the web server;
3、基础节点CSE(Infrastructure Node-CSE,简称为IN-CSE),是网络服务器上的CSE。3. The infrastructure node CSE (Infrastructure Node-CSE, referred to as IN-CSE) is the CSE on the network server.
AE通过在CSE上注册来实现CSE对AE的管理,AE所注册的CSE称为该AE的注册CSE,注册成功后,注册CSE为AE在本地创建资源,用于管理和存储应用相关的数据。AE只能直接发送和接收与注册CSE之间的请求消息和响应消息。AE也只能在一个CSE上进行注册。The AE manages the AE by registering on the CSE. The CSE registered by the AE is called the registration CSE of the AE. After the registration is successful, the registration CSE creates resources locally for the AE to manage and store application-related data. The AE can only directly send and receive request and response messages with the registered CSE. AE can only be registered on one CSE.
为了其他AE或CSE能更便利的检索到某一个AE,在相关技术中还定义了通告原始资源的方式。通过通告原始资源,AE可以将自己通告到其他目标CSE(非注册CSE)上,即AE通过注册CSE将自己通告到目标CSE上。通告的过程是在目标CSE上创建与注册CSE上AE的资源相对应的通告资源,用于能方便根据这些通告的资源的信息检索到该AE,通告资源可以是原始资源的子集。在通告过程中,AE在注册CSE上创建的资源称为AE的原始资源,在通告的目标CSE上创建的对应于原始资源的资源称为AE的通告资源。In order to facilitate retrieval of an AE by other AEs or CSEs, the manner in which the original resources are advertised is also defined in the related art. By announcing the original resource, the AE can advertise itself to other target CSEs (non-registered CSEs), ie the AE advertises itself to the target CSE by registering the CSE. The process of advertising is to create an advertising resource on the target CSE corresponding to the resource of the AE on the registered CSE, for conveniently retrieving the AE according to the information of the advertised resource, and the advertising resource may be a subset of the original resource. In the advertisement process, the resource created by the AE on the registration CSE is called the original resource of the AE, and the resource corresponding to the original resource created on the notified target CSE is called the advertisement resource of the AE.
在研究过程中发现,用户A使用手机上的应用AE1作为家里智能家居的控制器,从远程控制家里的电器,这时AE1需要在IN-CSE上注册,才能通过IN-CSE发送控制请求到家里的电器上,但是当用户A回到家里后,为了节省数据流量,不希望继续访问互联网来控制家里的电器,而是希望通过家里的智能家居网关来控制,然而,根据现有的M2M架构,AE1只能在一个CSE上注册,而且只能发送请求到注册CSE上,这样用户A的手机上的应用AE1就无法通过家里的网关控制家电,必须使用数据网络连接到网络进行控制。During the research, it was found that User A uses the application AE1 on the mobile phone as the controller of the home smart home to remotely control the home appliances. At this time, AE1 needs to register on the IN-CSE to send control requests to the home through the IN-CSE. On the appliance, but when user A returns home, in order to save data traffic, he does not want to continue to access the Internet to control the home appliances, but wants to control through the smart home gateway at home, however, according to the existing M2M architecture, AE1 can only be registered on one CSE, and can only send requests to the registered CSE, so the application AE1 on the user A's mobile phone cannot control the home appliance through the home gateway, and must use the data network to connect to the network for control.
同样的,如果手机应用AE1首先在家里的网关上注册以后,离家以后,由于不能在远程服务器上注册,想要通过远程访问家里的电器也无法实现。如此使得智能家居的应用场景受 到了极大的限制。Similarly, if the mobile application AE1 is first registered on the home gateway, after leaving home, it is impossible to remotely access the home appliance because it cannot be registered on the remote server. This makes the application scenario of smart home subject to A huge limit has been reached.
针对相关技术中应用实体只能接入注册公共业务实体进行家居设备控制的技术问题,目前尚未提出有效的解决方案。For the technical problem that the application entity in the related art can only access the registered public service entity for home device control, an effective solution has not been proposed yet.
发明内容Summary of the invention
本发明提供了一种通告资源处理方法、装置及系统,以至少解决应用实体只能接入注册公共业务实体进行家居设备控制的技术问题。The invention provides a method, a device and a system for processing an advertisement resource, so as to at least solve the technical problem that an application entity can only access a registered public service entity for home device control.
根据本发明实施例的一个方面,提供了一种通告资源处理方法,包括:目标CSE接收AE的注册CSE发送的请求消息,其中,所述请求消息中携带有接入允许指示,所述接入允许指示用于指示是否允许所述AE接入所述目标CSE;所述目标CSE根据所述请求消息创建或者更新所述AE的通告资源,其中,创建或者更新后的通告资源中包括接入允许指示属性。According to an aspect of the present invention, a method for processing an advertisement resource is provided, including: a target CSE receives a request message sent by a registration CSE of an AE, where the request message carries an access permission indication, and the access The permission indication is used to indicate whether the AE is allowed to access the target CSE; the target CSE creates or updates an advertisement resource of the AE according to the request message, where the created or updated advertisement resource includes access permission Indicates the attribute.
可选地,在所述请求消息为通告资源创建请求消息的情况下,所述目标CSE根据所述请求消息创建所述AE的所述通告资源包括:所述目标CSE创建所述AE的所述通告资源,其中,所述通告资源的属性包括:根据所述接入允许指示创建的接入允许指示属性。Optionally, in the case that the request message is an advertisement resource creation request message, the creating, by the target CSE, the advertisement resource of the AE according to the request message includes: the target CSE creating the AE And an advertised resource, where the attribute of the advertised resource includes: an access permission indication attribute created according to the access permission indication.
可选地,在所述请求消息为通告资源更新请求消息的情况下,所述目标CSE根据所述请求消息更新所述AE的所述通告资源包括:所述目标CSE检查已创建的所述AE的所述通告资源的属性是否包括:接入允许指示属性;在判断结果为所述AE的所述通告资源的属性包括接入允许指示属性的情况下,所述目标CSE将所述接入允许指示属性的值置为所述接入允许指示的值。Optionally, if the request message is an advertisement resource update request message, the target CSE updating the advertisement resource of the AE according to the request message includes: the target CSE checks the created AE Whether the attribute of the advertisement resource includes: an access permission indication attribute; in a case where the attribute of the advertisement resource of the AE is determined to include an access permission indication attribute, the target CSE allows the access permission The value indicating the attribute is set to the value of the access permission indication.
可选地,在判断结果为所述AE的所述通告资源的属性不包括接入允许指示属性的情况下,所述目标CSE根据所述请求消息更新所述AE的所述通告资源还包括:所述目标CSE在所述通告资源中创建接入允许指示属性,并将所述接入允许指示属性的值置为所述接入允许指示的值。Optionally, if the attribute of the advertised resource of the AE does not include the access permission indication attribute, the target CSE updating the advertised resource of the AE according to the request message further includes: And the target CSE creates an access permission indication attribute in the advertisement resource, and sets a value of the access permission indication attribute to a value of the access permission indication.
可选地,在所述目标CSE根据所述请求消息创建或者更新所述AE的所述通告资源之后,所述方法还包括:所述目标CSE接收所述AE的另一请求消息;所述目标CSE查询所述AE的所述通告资源中的接入允许指示属性;在所述接入允许指示属性的值表示为允许接入的情况下,所述目标CSE发送接受所述另一请求消息的请求的响应消息至所述AE。Optionally, after the target CSE creates or updates the advertisement resource of the AE according to the request message, the method further includes: the target CSE receiving another request message of the AE; the target The CSE queries an access permission indication attribute in the advertisement resource of the AE; and in a case that the value of the access permission indication attribute is indicated as allowing access, the target CSE sends an acceptance of the another request message. The requested response message to the AE.
可选地,在所述目标CSE接收到所述AE的所述另一请求消息之后,所述目标CSE在以下之一的情况下发送拒绝所述另一请求消息的请求的响应消息至所述AE:所述目标CSE上不存在所述AE的通告资源;所述目标CSE上已创建的所述AE的所述通告资源中不存在接入允许指示属性;所述目标CSE上已创建的所述AE的所述通告资源中接入允许指示属性的值表示为不允许接入;所述目标CSE根权限策略,验证到所述AE没有接入所述目标CSE的权限。Optionally, after the target CSE receives the another request message of the AE, the target CSE sends a response message rejecting the request of the another request message to the AE: the advertised resource of the AE does not exist on the target CSE; the access permission indication attribute does not exist in the advertised resource of the AE that has been created on the target CSE; The value of the access permission indication attribute in the advertisement resource of the AE is indicated as not allowing access; the target CSE root authority policy is to verify that the AE does not have access to the target CSE.
可选地,所述目标CSE接收所述AE的所述注册CSE发送的所述请求消息包括:所述注 册CSE接收所述AE用于请求在所述目标CSE上创建或者更新所述通告资源的请求消息;所述注册CSE发送携带有所述接入允许指示的请求消息至所述目标CSE。Optionally, the request message sent by the target CSE to receive the registration CSE of the AE includes: the note The CSE receives the request message for requesting to create or update the advertisement resource on the target CSE; the registration CSE sends a request message carrying the access permission indication to the target CSE.
可选地,在所述注册CSE发送携带有所述接入允许指示的请求消息至所述目标CSE之前,所述方法还包括:所述注册CSE根据权限策略,验证所述AE是否满足创建或者更新所述目标CSE上的所述AE的所述通告资源的权限;其中,在验证到所述AE满足创建或者更新所述目标CSE上的所述AE的所述通告资源的权限的情况下,所述注册CSE发送携带有所述接入允许指示的请求消息至所述目标CSE。Optionally, before the registration CSE sends the request message carrying the access permission indication to the target CSE, the method further includes: the registration CSE, according to the permission policy, verifying whether the AE meets creation or Updating the authority of the advertisement resource of the AE on the target CSE; wherein, in the case of verifying that the AE satisfies the authority to create or update the advertisement resource of the AE on the target CSE, The registration CSE sends a request message carrying the access permission indication to the target CSE.
可选地,所述注册CSE发送的请求消息中还携带有用于验证所述注册CSE身份合法性的安全证书。Optionally, the request message sent by the registration CSE further carries a security certificate for verifying the legality of the registered CSE identity.
根据本发明实施例的另一个方面,还提供一种通告资源处理装置,应用于目标CSE,包括:接收模块,设置为接收AE的注册CSE发送的请求消息,其中,所述请求消息中携带有接入允许指示,所述接入允许指示用于指示是否允许所述AE接入所述目标CSE;处理模块,设置为根据所述请求消息创建或者更新所述AE的通告资源,其中,创建或者更新后的通告资源中包括接入允许指示属性。According to another aspect of the present invention, a notification resource processing apparatus is further provided, which is applied to a target CSE, and includes: a receiving module, configured to receive a request message sent by a registration CSE of an AE, where the request message carries An access permission indication, the access permission indication is used to indicate whether the AE is allowed to access the target CSE; and the processing module is configured to create or update an advertisement resource of the AE according to the request message, where The updated notification resource includes an access permission indication attribute.
可选地,所述处理模块设置为:在所述请求消息为通告资源创建请求消息的情况下,创建所述AE的所述通告资源,其中,所述通告资源的属性包括:根据所述接入允许指示创建的接入允许指示属性。Optionally, the processing module is configured to: when the request message is an advertisement resource creation request message, create the advertisement resource of the AE, where the attribute of the advertisement resource includes: according to the The access permission indication attribute created by the admission indication.
可选地,所述处理模块设置为:在所述请求消息为通告资源更新请求消息的情况下,检查已创建的所述AE的所述通告资源的属性是否包括:接入允许指示属性;在判断结果为所述AE的所述通告资源的属性包括接入允许指示属性的情况下,将所述接入允许指示属性的值置为所述接入允许指示的值。Optionally, the processing module is configured to: if the request message is an advertisement resource update request message, check whether an attribute of the advertisement resource of the created AE includes: an access permission indication attribute; If the result of the judgment is that the attribute of the advertisement resource of the AE includes an access permission indication attribute, the value of the access permission indication attribute is set to a value of the access permission indication.
可选地,所述处理模块还设置为:在判断结果为所述AE的所述通告资源的属性不包括接入允许指示属性的情况下,在所述通告资源中创建接入允许指示属性,并将所述接入允许指示属性的值置为所述接入允许指示的值。Optionally, the processing module is further configured to: create an access permission indication attribute in the advertisement resource, if the attribute of the advertisement resource of the AE does not include an access permission indication attribute, And setting the value of the access permission indication attribute to the value of the access permission indication.
可选地,所述装置还包括:另一请求消息接收模块,设置为接收所述AE的另一请求消息;查询模块,设置为查询所述AE的所述通告资源中的接入允许指示属性;响应模块,设置为在所述接入允许指示属性的值表示为允许接入的情况下,所述目标CSE发送接受所述另一请求消息的请求的响应消息至所述AE。Optionally, the device further includes: another request message receiving module, configured to receive another request message of the AE; and a query module, configured to query an access permission indication attribute in the advertisement resource of the AE And a response module configured to, in a case where the value of the access permission indication attribute is indicated as allowing access, the target CSE transmitting a response message requesting the request of the another request message to the AE.
可选地,所述响应模块还设置为在以下之一的情况下发送拒绝所述另一请求消息的请求的响应消息至所述AE:所述目标CSE上不存在所述AE的通告资源;所述目标CSE上已创建的所述AE的所述通告资源中不存在接入允许指示属性;所述目标CSE上已创建的所述AE的所述通告资源中接入允许指示属性的值表示为不允许接入;所述目标CSE根据权限策略,验证到所述AE没有接入所述目标CSE的权限。Optionally, the response module is further configured to send a response message rejecting the request of the another request message to the AE in a case where the notification resource of the AE does not exist on the target CSE; The access permission indication attribute does not exist in the advertisement resource of the AE that has been created on the target CSE; the value of the access permission indication attribute in the advertisement resource of the AE that has been created on the target CSE is represented by To prevent access; the target CSE verifies that the AE does not have access to the target CSE according to the rights policy.
根据本发明实施例的另一个方面,还提供了一种通告资源处理系统,包括:AE、注册CSE、 目标CSE,其中,所述目标CSE包括上述的通告资源处理装置。According to another aspect of the embodiments of the present invention, an advertisement resource processing system is further provided, including: an AE, a registration CSE, The target CSE, wherein the target CSE includes the above-mentioned announcement resource processing device.
可选地,所述注册CSE包括:注册CSE接收模块,设置为接收所述AE用于请求在所述目标CSE上创建或者更新所述通告资源的请求消息;注册CSE发送模块,设置为发送携带有所述接入允许指示的请求消息至所述目标CSE。Optionally, the registering CSE includes: a registration CSE receiving module, configured to receive a request message that the AE is used to request to create or update the advertisement resource on the target CSE; and register a CSE sending module, and set to send and carry There is a request message for the access permission indication to the target CSE.
可选地,所述注册CSE还包括:验证模块,设置为根据权限策略,验证所述AE是否满足创建或者更新所述目标CSE上的所述AE的所述通告资源的权限;其中,在验证到所述AE满足创建或者更新所述目标CSE上的所述AE的所述通告资源的权限的情况下,所述注册CSE发送模块发送携带有所述接入允许指示的请求消息至所述目标CSE。Optionally, the registration CSE further includes: a verification module, configured to verify, according to the permission policy, whether the AE meets the authority to create or update the advertisement resource of the AE on the target CSE; wherein, the verification The registration CSE sending module sends a request message carrying the access permission indication to the target, if the AE satisfies the right to create or update the advertisement resource of the AE on the target CSE. CSE.
可选地,所述注册CSE发送模块发送的请求消息中还携带有用于验证所述注册CSE身份合法性的安全证书。Optionally, the request message sent by the registration CSE sending module further carries a security certificate for verifying the legality of the registered CSE identity.
通过本发明实施例,采用目标CSE接收AE的注册CSE发送的请求消息,其中,请求消息中携带有接入允许指示,接入允许指示用于指示是否允许AE接入目标CSE;目标CSE根据请求消息创建或者更新AE的通告资源,其中,创建或者更新后的通告资源中包括接入允许指示属性的方式,解决了应用实体只能接入注册公共业务实体进行家居设备控制的技术问题,使得应用实体可以通过接入目标公共业务实体进行家居设备控制。The request message sent by the CSE of the AE is received by the target CSE, where the request message carries an access permission indication, the access permission indication is used to indicate whether the AE is allowed to access the target CSE, and the target CSE is requested according to the request. The message creates or updates the AE's advertised resource, where the created or updated advertised resource includes the access permission indication attribute, which solves the technical problem that the application entity can only access the registered public service entity for home device control, so that the application The entity can control the home device by accessing the target public service entity.
附图说明DRAWINGS
此处所说明的附图用来提供对本发明的进一步理解,构成本申请的一部分,本发明的示意性实施例及其说明用于解释本发明,并不构成对本发明的不当限定。在附图中:The drawings described herein are intended to provide a further understanding of the invention, and are intended to be a part of the invention. In the drawing:
图1是根据本发明实施例的通告资源处理方法的流程图;1 is a flowchart of a method for processing an advertisement resource according to an embodiment of the present invention;
图2是根据本发明实施例的通告资源处理装置的结构示意图;2 is a schematic structural diagram of an advertisement resource processing apparatus according to an embodiment of the present invention;
图3是根据本发明实施例的通告资源处理装置的可选结构示意图;FIG. 3 is a schematic diagram of an optional structure of an advertisement resource processing apparatus according to an embodiment of the present invention; FIG.
图4是根据本发明实施例的通告资源处理系统的结构示意图;4 is a schematic structural diagram of an announcement resource processing system according to an embodiment of the present invention;
图5是根据本发明可选实施例的通过通告资源接入CSE的方法的流程图。5 is a flow diagram of a method of accessing a CSE by an advertising resource in accordance with an alternate embodiment of the present invention.
具体实施方式detailed description
下文中将参考附图并结合实施例来详细说明本发明。需要说明的是,在不冲突的情况下,本申请中的实施例及实施例中的特征可以相互组合。The invention will be described in detail below with reference to the drawings in conjunction with the embodiments. It should be noted that the embodiments in the present application and the features in the embodiments may be combined with each other without conflict.
需要说明的是,本发明的说明书和权利要求书及上述附图中的术语“第一”、“第二”等是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。It is to be understood that the terms "first", "second" and the like in the specification and claims of the present invention are used to distinguish similar objects, and are not necessarily used to describe a particular order or order.
在本实施例中提供了一种通告资源处理方法,图1是根据本发明实施例的通告资源处理方法的流程图,如图1所示,该流程包括如下步骤: In this embodiment, a method for processing an advertisement resource is provided. FIG. 1 is a flowchart of a method for processing an advertisement resource according to an embodiment of the present invention. As shown in FIG. 1, the process includes the following steps:
步骤S102,目标CSE接收AE的注册CSE发送的请求消息,其中,请求消息中携带有接入允许指示,接入允许指示用于指示是否允许AE接入目标CSE;In step S102, the target CSE receives the request message sent by the registration CSE of the AE, where the request message carries an access permission indication, and the access permission indication is used to indicate whether the AE is allowed to access the target CSE;
步骤S104,目标CSE根据请求消息创建或者更新AE的通告资源,其中,创建或者更新后的通告资源中包括接入允许指示属性。Step S104: The target CSE creates or updates an advertisement resource of the AE according to the request message, where the created or updated advertisement resource includes an access permission indication attribute.
通过上述步骤,通过在目标CSE的通告资源上创建接入允许指示属性,使得目标CSE可以根据接入允许指示属性将AE接入,解决了应用实体只能接入注册公共业务实体进行家居设备控制的技术问题,使得应用实体可以通过接入目标公共业务实体进行家居设备控制。Through the above steps, the access permission indication attribute is created on the advertising resource of the target CSE, so that the target CSE can access the AE according to the access permission indication attribute, and the application entity can only access the registered public service entity for home device control. The technical problem enables the application entity to perform home device control by accessing the target public service entity.
应用上述方法,AE可以在一个或者多个目标CSE上创建接入允许指示属性,从而使得AE能够在一个或者多个目标CSE上接入以实现家居设备控制。通过这样的方式,避免了AE只能够接入注册CSE实现家居设备控制所带来的不便,提升了用户体验。Applying the above method, the AE can create an access permission indication attribute on one or more target CSEs, thereby enabling the AE to access on one or more target CSEs to implement home device control. In this way, the inconvenience caused by the AE being able to access the registered CSE to achieve home device control is avoided, and the user experience is improved.
可选地,在请求消息为通告资源创建请求消息的情况下,在步骤S104中,目标CSE创建AE的通告资源,其中,通告资源的属性包括:根据接入允许指示创建的接入允许指示属性。通过该方式实现了包括接入允许指示属性的通告资源的创建。Optionally, in a case that the request message is an advertisement resource creation request message, in step S104, the target CSE creates an advertisement resource of the AE, where the attribute of the advertisement resource includes: an access permission indication attribute created according to the access permission indication. . In this way, the creation of an advertisement resource including an access permission indication attribute is implemented.
可选地,在请求消息为通告资源更新请求消息的情况下,在步骤S104中,目标CSE检查已创建的AE的通告资源的属性是否包括:接入允许指示属性;在判断结果为AE的通告资源的属性包括接入允许指示属性的情况下,目标CSE将接入允许指示属性的值置为接入允许指示的值。通过该方式实现了包括接入允许指示属性的通告资源的更新。Optionally, in the case that the request message is the advertisement resource update request message, in step S104, the target CSE checks whether the attribute of the advertised resource of the created AE includes: an access permission indication attribute; and the notification that the result is AE In the case where the attribute of the resource includes the access permission indication attribute, the target CSE sets the value of the access permission indication attribute to the value of the access permission indication. In this way, an update of the advertisement resource including the access permission indication attribute is implemented.
可选地,在判断结果为AE的通告资源的属性不包括接入允许指示属性的情况下,在步骤S104中还包括:目标CSE在通告资源中创建接入允许指示属性,并将接入允许指示属性的值置为接入允许指示的值。通过该方式实现了不包括接入允许指示属性的通告资源的更新。Optionally, in a case that the attribute of the advertisement resource that is determined to be the result of the AE does not include the access permission indication attribute, the step S104 further includes: the target CSE creates an access permission indication attribute in the advertisement resource, and the access permission is performed. The value of the indication attribute is set to the value of the access permission indication. In this way, an update of the advertisement resource that does not include the access permission indication attribute is implemented.
可选地,在目标CSE根据请求消息创建或者更新AE的通告资源之后,当AE需要通过目标CSE实现家居设备的控制时,AE可以通过注册CSE发送另一请求消息至目标CSE;此后,目标CSE接收AE的另一请求消息;目标CSE查询AE的通告资源中的接入允许指示属性;在接入允许指示属性的值表示为允许接入的情况下,目标CSE发送接受另一请求消息的请求的响应消息至AE。同时,目标CSE可以将AE接入,从而使得AE可以通过该目标CSE实现家居设备的控制。通过该方式,实现了AE接入目标CSE。Optionally, after the target CSE creates or updates the advertised resource of the AE according to the request message, when the AE needs to implement the control of the home device through the target CSE, the AE may send another request message to the target CSE by registering the CSE; thereafter, the target CSE Receiving another request message of the AE; the target CSE queries the access permission indication attribute in the advertisement resource of the AE; and in the case that the value of the access permission indication attribute is indicated as allowing access, the target CSE sends a request to accept another request message Response message to AE. At the same time, the target CSE can access the AE, so that the AE can control the home device through the target CSE. In this way, the AE access target CSE is implemented.
可选地,在目标CSE接收到AE的另一请求消息之后,目标CSE在以下之一的情况下发送拒绝另一请求消息的请求的响应消息至AE:目标CSE上不存在AE的通告资源;目标CSE上已创建的AE的通告资源中不存在接入允许指示属性;目标CSE上已创建的AE的通告资源中接入允许指示属性的值表示为不允许接入;目标CSE根权限策略,验证到AE没有接入目标CSE的权限。Optionally, after the target CSE receives another request message of the AE, the target CSE sends a response message rejecting the request of the other request message to the AE in one of the following: the advertising resource of the AE does not exist on the target CSE; The access permission indication attribute does not exist in the advertisement resource of the AE that has been created on the target CSE; the value of the access permission indication attribute in the advertisement resource of the AE that has been created on the target CSE is not allowed to be accessed; the target CSE root authority policy, Verify that the AE does not have access to the target CSE.
可选地,目标CSE接收的请求消息是经由注册CSE发送的,例如,注册CSE接收AE用于请求在目标CSE上创建或者更新通告资源的请求消息;注册CSE发送携带有接入允许指示的请求消息至目标CSE。其中,在AE发送至注册CSE的请求消息中也携带有接入允许指示。 Optionally, the request message received by the target CSE is sent via the registration CSE, for example, the registration CSE receives the AE request to request to create or update the advertisement resource on the target CSE; the registration CSE sends the request carrying the access permission indication. Message to the target CSE. The access permission indication is also carried in the request message sent by the AE to the registration CSE.
可选地,为了提升安全性,注册CSE根据权限策略,验证AE是否满足创建或者更新目标CSE上的AE的通告资源的权限;其中,在验证到AE满足创建或者更新目标CSE上的AE的通告资源的权限的情况下,注册CSE发送携带有接入允许指示的请求消息至目标CSE。Optionally, in order to improve security, the registration CSE verifies whether the AE satisfies the authority to create or update the AE resource of the AE on the target CSE according to the privilege policy; wherein, after verifying that the AE meets the notification of creating or updating the AE on the target CSE In the case of the authority of the resource, the registration CSE sends a request message carrying the access permission indication to the target CSE.
可选地,注册CSE发送的请求消息中还携带有用于验证注册CSE身份合法性的安全证书。该安全证书可以用于目标CSE对注册CSE的身份验证,从而提升了AE接入目标CSE的安全性。Optionally, the request message sent by the registration CSE further carries a security certificate for verifying the legality of the registered CSE identity. The security certificate can be used for the identity CSE to authenticate the registered CSE, thereby improving the security of the AE access target CSE.
通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到根据上述实施例的方法可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质(如ROM/RAM、磁碟、光盘)中,包括若干指令用以使得一台终端设备(可以是手机,计算机,服务器,或者网络设备等)执行本发明各个实施例所述的方法。Through the description of the above embodiments, those skilled in the art can clearly understand that the method according to the above embodiment can be implemented by means of software plus a necessary general hardware platform, and of course, by hardware, but in many cases, the former is A better implementation. Based on such understanding, the technical solution of the present invention, which is essential or contributes to the prior art, may be embodied in the form of a software product stored in a storage medium (such as ROM/RAM, disk, The optical disc includes a number of instructions for causing a terminal device (which may be a cell phone, a computer, a server, or a network device, etc.) to perform the methods described in various embodiments of the present invention.
在本实施例中还提供了一种通告资源处理装置,该装置应用于目标CSE,用于实现上述实施例及可选实施方式,已经进行过说明的不再赘述。如以下所使用的,术语“模块”可以实现预定功能的软件和/或硬件的组合。尽管以下实施例所描述的装置较佳地以软件来实现,但是硬件,或者软件和硬件的组合的实现也是可能并被构想的。In this embodiment, an advertised resource processing device is also provided, and the device is applied to the target CSE, and is used to implement the foregoing embodiments and optional embodiments. As used below, the term "module" may implement a combination of software and/or hardware of a predetermined function. Although the apparatus described in the following embodiments is preferably implemented in software, hardware, or a combination of software and hardware, is also possible and contemplated.
图2是根据本发明实施例的通告资源处理装置的结构示意图,如图2所示,可选地,该装置包括:接收模块22和处理模块24,其中,接收模块22,设置为接收AE的注册CSE发送的请求消息,其中,请求消息中携带有接入允许指示,接入允许指示用于指示是否允许AE接入目标CSE;处理模块24,耦合至接收模块22,设置为根据请求消息创建或者更新AE的通告资源,其中,创建或者更新后的通告资源中包括接入允许指示属性。2 is a schematic structural diagram of an advertisement resource processing apparatus according to an embodiment of the present invention. As shown in FIG. 2, the apparatus includes: a receiving module 22 and a processing module 24, wherein the receiving module 22 is configured to receive an AE. Registering a request message sent by the CSE, where the request message carries an access permission indication, where the access permission indication is used to indicate whether the AE is allowed to access the target CSE; the processing module 24 is coupled to the receiving module 22, and is configured to create according to the request message. Or updating the AE's advertised resource, where the created or updated advertised resource includes an access permission indication attribute.
通过上述模块的综合作用,解决了应用实体只能接入注册公共业务实体进行家居设备控制的技术问题,使得应用实体可以通过接入目标公共业务实体进行家居设备控制。Through the comprehensive function of the above modules, the technical problem that the application entity can only access the registered public service entity for home device control is solved, so that the application entity can perform home device control by accessing the target public service entity.
可选地,处理模块24设置为:在请求消息为通告资源创建请求消息的情况下,创建AE的通告资源,其中,通告资源的属性包括:根据接入允许指示创建的接入允许指示属性。Optionally, the processing module 24 is configured to: when the request message is an advertisement resource creation request message, create an advertisement resource of the AE, where the attribute of the advertisement resource includes: an access permission indication attribute created according to the access permission indication.
可选地,处理模块24设置为:在请求消息为通告资源更新请求消息的情况下,检查已创建的AE的通告资源的属性是否包括:接入允许指示属性;在判断结果为AE的通告资源的属性包括接入允许指示属性的情况下,将接入允许指示属性的值置为接入允许指示的值。Optionally, the processing module 24 is configured to: if the request message is the advertisement resource update request message, check whether the attribute of the advertised resource of the created AE includes: an access permission indication attribute; and the notification resource whose judgment result is AE In the case where the attribute includes the access permission indication attribute, the value of the access permission indication attribute is set to the value of the access permission indication.
可选地,处理模块24还设置为:在判断结果为AE的通告资源的属性不包括接入允许指示属性的情况下,在通告资源中创建接入允许指示属性,并将接入允许指示属性的值置为接入允许指示的值。Optionally, the processing module 24 is further configured to: when the attribute of the advertisement resource whose judgment result is AE does not include the access permission indication attribute, create an access permission indication attribute in the advertisement resource, and set the access permission indication attribute The value is set to the value of the access permission indication.
图3是根据本发明实施例的通告资源处理装置的可选结构示意图,如图3所示,可选地,装置还可以包括:另一请求消息接收模块32,设置为接收AE的另一请求消息;查询模块34,耦合至另一请求消息接收模块32,设置为查询AE的通告资源中的接入允许指示属性;响应 模块36,耦合至查询模块34,设置为在接入允许指示属性的值表示为允许接入的情况下,目标CSE发送接受另一请求消息的请求的响应消息至AE。FIG. 3 is a schematic diagram of an optional structure of an advertisement resource processing apparatus according to an embodiment of the present invention. As shown in FIG. 3, the apparatus may further include: another request message receiving module 32, configured to receive another request of the AE. a message; the query module 34 is coupled to another request message receiving module 32, configured to query an access permission indication attribute in the advertisement resource of the AE; Module 36, coupled to query module 34, is arranged to send a response message requesting another request message to the AE if the value of the access grant indication attribute is indicated as allowing access.
可选地,响应模块36还设置为在以下之一的情况下发送拒绝另一请求消息的请求的响应消息至AE:目标CSE上不存在AE的通告资源;目标CSE上已创建的AE的通告资源中不存在接入允许指示属性;目标CSE上已创建的AE的通告资源中接入允许指示属性的值表示为不允许接入;目标CSE根据权限策略,验证到AE没有接入目标CSE的权限。Optionally, the response module 36 is further configured to send a response message rejecting the request of another request message to the AE in the case of one of: the announcement resource of the AE not present on the target CSE; the announcement of the created AE on the target CSE The access permission indication attribute does not exist in the resource; the value of the access permission indication attribute in the advertisement resource of the AE that has been created on the target CSE is indicated as not allowing access; the target CSE verifies that the AE does not access the target CSE according to the rights policy. Permissions.
需要说明的是,上述各个模块是可以通过软件或硬件来实现的,对于后者,可以通过以下方式实现,但不限于此:上述模块均位于同一处理器中;或者,上述模块分别位于多个处理器中。It should be noted that each of the above modules may be implemented by software or hardware. For the latter, the foregoing may be implemented by, but not limited to, the foregoing modules are all located in the same processor; or, the modules are located in multiple In the processor.
本发明的实施例还提供了一种软件,该软件用于执行上述实施例及可选实施方式中描述的技术方案。Embodiments of the present invention also provide a software for performing the technical solutions described in the foregoing embodiments and optional embodiments.
本发明的实施例还提供了一种存储介质。在本实施例中,上述存储介质可以被设置为存储用于执行以下步骤的程序代码:Embodiments of the present invention also provide a storage medium. In this embodiment, the above storage medium may be configured to store program code for performing the following steps:
步骤S1,目标CSE接收AE的注册CSE发送的请求消息,其中,请求消息中携带有接入允许指示,接入允许指示用于指示是否允许AE接入目标CSE;In step S1, the target CSE receives the request message sent by the registration CSE of the AE, where the request message carries an access permission indication, and the access permission indication is used to indicate whether the AE is allowed to access the target CSE;
步骤S2,目标CSE根据请求消息创建或者更新AE的通告资源,其中,创建或者更新后的通告资源中包括接入允许指示属性。In step S2, the target CSE creates or updates an advertised resource of the AE according to the request message, where the created or updated advertised resource includes an access permission indication attribute.
可选地,在本实施例中,上述存储介质可以包括但不限于:U盘、只读存储器(Read-Only Memory,简称为ROM)、随机存取存储器(Random Access Memory,简称为RAM)、移动硬盘、磁碟或者光盘等各种可以存储程序代码的介质。Optionally, in the embodiment, the foregoing storage medium may include, but is not limited to, a USB flash drive, a Read-Only Memory (ROM), and a Random Access Memory (RAM). A variety of media that can store program code, such as a hard disk, a disk, or an optical disk.
可选地,本实施例中的具体示例可以参考上述实施例及可选实施方式中所描述的示例,本实施例在此不再赘述。For example, the specific examples in this embodiment may refer to the examples described in the foregoing embodiments and the optional embodiments, and details are not described herein again.
本实施例还提供了一种通告资源处理系统。图4是根据本发明实施例的通告资源处理系统的结构示意图,如图4所示,该系统包括:AE 42、注册CSE 44、目标CSE 46,其中,目标CSE 46包括上述的通告资源处理装置。This embodiment also provides an advertisement resource processing system. 4 is a schematic structural diagram of an advertisement resource processing system according to an embodiment of the present invention. As shown in FIG. 4, the system includes: an AE 42, a registration CSE 44, and a target CSE 46, wherein the target CSE 46 includes the foregoing notification resource processing apparatus. .
需要说明的是,在图中仅示意性示出了一个AE 42和一个目标CSE 46,在实际情况中,AE 42或者目标CSE 46的个数可以是多个。It should be noted that only one AE 42 and one target CSE 46 are schematically shown in the figure. In actual situations, the number of AE 42 or target CSE 46 may be multiple.
可选地,注册CSE 44包括:注册CSE接收模块,设置为接收AE 42用于请求在目标CSE46上创建或者更新通告资源的请求消息;注册CSE发送模块,设置为发送携带有接入允许指示的请求消息至目标CSE 46。Optionally, the registration CSE 44 includes: a registration CSE receiving module, configured to receive a request message for the AE 42 to request to create or update an advertisement resource on the target CSE 46; and a registration CSE sending module, configured to send the indication with the access permission indication Request a message to the target CSE 46.
可选地,注册CSE 44还包括:验证模块,设置为根据权限策略,验证AE 42是否满足创建或者更新目标CSE 46上的AE 42的通告资源的权限;其中,在验证到AE 42满足创建或者更新目标CSE 46上的AE 42的通告资源的权限的情况下,注册CSE发送模块发送携带有接 入允许指示的请求消息至目标CSE 46。Optionally, the registration CSE 44 further includes: a verification module configured to verify, according to the rights policy, whether the AE 42 satisfies the authority to create or update the AE 42 of the target CSE 46; wherein, after verifying that the AE 42 meets the creation or In the case of updating the authority of the AE 42 on the target CSE 46, the registration CSE sending module sends the bearer The request message indicating the permission is entered to the target CSE 46.
可选地,注册CSE发送模块发送的请求消息中还携带有用于验证注册CSE 44身份合法性的安全证书。Optionally, the request message sent by the registration CSE sending module further carries a security certificate for verifying the validity of the registered CSE 44 identity.
为了使本发明实施例的描述更加清楚,下面结合可选实施例进行描述和说明。In order to make the description of the embodiments of the present invention more clear, the following description and description are made in conjunction with the exemplary embodiments.
本发明可选实施例提供了一种通过通告资源接入CSE的方法,其中,通过对相关技术中通告资源的过程进行增强,以及修改相关技术中对AE收发消息的限制来实现AE与非注册CSE之间的信息交互。An optional embodiment of the present invention provides a method for accessing a CSE by advertising a resource, wherein the AE and the non-registration are implemented by enhancing the process of advertising the resource in the related art, and modifying the limitation of the AE sending and receiving message in the related art. Information interaction between CSEs.
图5是根据本发明可选实施例的通过通告资源接入CSE的方法的流程图,如图5所示,该流程包括如下步骤:FIG. 5 is a flowchart of a method for accessing a CSE by advertising a resource according to an alternative embodiment of the present invention. As shown in FIG. 5, the process includes the following steps:
步骤S501,应用(即AE)发送第一请求消息给注册CSE,请求消息中包括:In step S501, the application (ie, AE) sends a first request message to the registration CSE, where the request message includes:
1)接入允许指示:设置为真(true)时,表示允许应用在目标CSE上接入;设置为假(false)时,表示不允许应用在目标CSE上接入。1) Access permission indication: When set to true (true), it means that the application is allowed to access on the target CSE; when set to false (false), it means that the application is not allowed to access on the target CSE.
步骤S502,注册CSE接收到第一请求消息后,发送第二请求消息(相当于步骤S102中的请求消息)给目标CSE,请求消息中包括:Step S502: After receiving the first request message, the registration CSE sends a second request message (corresponding to the request message in step S102) to the target CSE, where the request message includes:
1)接入允许指示,其值为第一请求消息中接入允许指示的值。1) An access permission indication, the value being a value of an access permission indication in the first request message.
步骤S503,目标CSE接收到第二请求消息后,Step S503, after the target CSE receives the second request message,
1)如果请求消息请求创建通告资源,则在本地创建应用的通告资源,并为资源创建属性“接入允许指示”,其值设置为第二请求消息中接入允许指示的值;或者;1) If the request message requests to create an advertisement resource, the advertisement resource of the application is created locally, and the attribute "access permission indication" is created for the resource, and the value is set to the value of the access permission indication in the second request message; or
2)如果请求消息请求更新通告资源,则检查本地已有的发起者的通告资源中是否包括属性“接入允许指示”,如果包括,则将其值设置为第二请求消息中接入允许指示的值;如果不包括,则为通告资源创建属性“接入允许指示”,其值设置为第二请求消息中接入允许指示的值。2) If the request message requests to update the advertisement resource, check whether the attribute "access permission indication" is included in the advertisement resource of the existing initiator of the locality, and if so, set its value to the access permission indication in the second request message. The value of the value; if not included, the attribute "access permission indication" is created for the advertisement resource, and its value is set to the value of the access permission indication in the second request message.
步骤S504,应用发送第三请求消息(相当于上述的另一请求消息)给目标CSE,请求消息中包括:Step S504, the application sends a third request message (corresponding to another request message described above) to the target CSE, where the request message includes:
1)应用的标识。1) Identification of the application.
步骤S505,目标CSE接收到发起者的第三请求消息后,根据请求消息中包括的应用的标识检查应用的通告资源是否存在,如果存在,则检查通告资源是否包括属性“接入允许指示”,如果包括并且该属性的值为true,则发送响应消息给应用,响应消息中指示接受请求;Step S505: After receiving the third request message of the initiator, the target CSE checks whether the advertised resource of the application exists according to the identifier of the application included in the request message, and if yes, checks whether the advertised resource includes the attribute “access permission indication”. If included and the value of the attribute is true, a response message is sent to the application, and the response message indicates acceptance of the request;
其中,以下条件之一满足时,目标CSE发送响应消息给AE,响应消息中指示拒绝:Wherein, when one of the following conditions is met, the target CSE sends a response message to the AE, and the response message indicates rejection:
1)如果本地没有包括该应用的标识的资源;1) If there is no local resource including the identity of the application;
2)如果本地包括该应用的标识的资源,但是没有包括属性“接入允许指示”; 2) If the resource of the application's identity is included locally, but the attribute "access permission indication" is not included;
3)如果本地包括该应用的标识的资源,也包括属性“接入允许指示”,但其值不为true;3) If the resource including the identity of the application is locally included, the attribute "access permission indication" is also included, but the value is not true;
4)如果本地包括AE标识的资源,也包括属性“接入允许指示”,但其值为true,但是未能通过根据本地的权限数据库进行的验证。4) If the resource including the AE identifier is included locally, the attribute "access permission indication" is also included, but its value is true, but the verification according to the local authority database is not passed.
下面通过实例对本发明可选实施例进行描述和说明。The following describes an optional embodiment of the present invention by way of examples.
可选实施例一(场景:AE初始在注册CSE上注册)Alternative Embodiment 1 (Scenario: AE is initially registered on the registered CSE)
步骤1,AE发送创建资源请求消息给注册CSE,创建资源请求消息中包括以下参数:In step 1, the AE sends a create resource request message to the registration CSE, and the resource request message includes the following parameters:
1)通告到:通告的目标CSE的地址;1) Announcement: the address of the target CSE of the announcement;
2)接入允许指示:true表示允许AE在通告的目标CSE上接入,false表示不允许AE在通告的目标CSE上接入。2) Access permission indication: true means that the AE is allowed to access on the advertised target CSE, and false means that the AE is not allowed to access on the advertised target CSE.
其中,接入表示可以在CSE上发送和接收消息。例如发送请求消息,接收响应消息。Among them, the access indication can send and receive messages on the CSE. For example, a request message is sent and a response message is received.
步骤2,注册CSE接收到创建资源请求消息后,对AE进行验证,验证通过后,给AE分配标识AE1-ID,创建资源<AE1>,为资源<AE1>创建属性“AE身份标识(AE-ID)”,属性“通告到”,和属性“接入允许指示”。Step 2: After receiving the resource creation request message, the CSE authenticates the AE. After the verification is passed, the AE is assigned the identifier AE1-ID, the resource <AE1> is created, and the attribute AE identity (AE- is created for the resource <AE1>. ID)", attribute "announce to", and attribute "access permission indication".
上述的验证过程可以是:The above verification process can be:
A)通过本地保存的权限数据库,检查AE是否有创建资源的权限;A) Check whether the AE has permission to create resources through a locally saved permission database;
或者,or,
B)通过AE携带的其他安全信息,例如预先配置在AE上的安全证书,来判断AE是否有创建资源的权限。B) Judging whether the AE has the right to create a resource by using other security information carried by the AE, such as a security certificate pre-configured on the AE.
步骤3,注册CSE发送创建资源响应消息给AE,响应消息中包括给AE分配的标识AE1-ID,以及资源<AE1>的地址。Step 3: The registration CSE sends a create resource response message to the AE, where the response message includes an identifier AE1-ID assigned to the AE, and an address of the resource <AE1>.
步骤4,根据创建资源请求中包括的参数“通告到”,注册CSE发送创建资源请求给目标CSE,请求消息中包括以下参数:Step 4: According to the parameter “advertised to” included in the resource creation request, the registration CSE sends a request for creating a resource to the target CSE, where the request message includes the following parameters:
1)接入允许指示;1) access permission indication;
2)原始资源链接:设置为需要通告的资源的地址,例如本实施例中设置为资源<AE1>的地址;2) the original resource link: the address of the resource that needs to be advertised, for example, the address set as the resource <AE1> in this embodiment;
3)AE-ID:设置为资源<AE1>的属性“AE-ID”的值;3) AE-ID: set to the value of the attribute "AE-ID" of the resource <AE1>;
步骤5,目标CSE接受到创建资源请求消息后,验证注册CSE的权限,在验证通过后,创建资源<AE1Annc>,为资源<AE1Annc>创建属性“接入允许指示”,属性“原始资源连接”,属性“AE-ID”,属性的值均设置为创建资源请求消息中对应参数的值。 Step 5: After receiving the resource request message, the target CSE verifies the authority to register the CSE. After the verification is passed, the resource <AE1Annc> is created, and the attribute “access permission indication” is created for the resource <AE1Annc>, and the attribute “original resource connection” is created. , attribute "AE-ID", the value of the attribute is set to the value of the corresponding parameter in the creation resource request message.
步骤6,AE发送读取资源请求消息给目标CSE,读取资源请求消息中包括以下参数:Step 6, the AE sends a read resource request message to the target CSE, and the read resource request message includes the following parameters:
1)AE的标识;1) the logo of the AE;
2)需要读取的资源的地址;2) the address of the resource that needs to be read;
步骤7,目标CSE接收到AE的请求消息后,读取AE的标识,在本地查找是否有包括AE标识的资源,如果有,则检查是否包括属性“接入允许指示”,如果有,则检查属性“接入允许指示”的值是否为true,如果是,目标CSE发送响应消息给AE,响应消息中指示接受请求,或者在检查属性“接入允许指示”的值为true后,还验证AE是否有执行这项操作的权限,验证通过后,目标CSE发送响应消息给AE,响应消息中指示接受请求。Step 7: After receiving the request message of the AE, the target CSE reads the identifier of the AE, and locally finds whether there is a resource including the AE identifier, and if so, checks whether the attribute “access permission indication” is included, and if so, checks Whether the value of the attribute "access permission indication" is true, if yes, the target CSE sends a response message to the AE, the response message indicates that the request is accepted, or after checking that the attribute "access permission indication" is true, the AE is also verified. Whether there is permission to perform this operation, after the verification is passed, the target CSE sends a response message to the AE, and the response message indicates acceptance of the request.
其中,以下条件之一满足时,目标CSE发送响应消息给AE,响应消息中指示拒绝请求:Wherein, when one of the following conditions is met, the target CSE sends a response message to the AE, and the response message indicates the rejection request:
1)如果本地没有包括AE标识的资源;1) If there is no local resource including the AE logo;
2)如果本地包括AE标识的资源,但是没有包括属性“接入允许指示”;2) If the resource including the AE identity is included locally, but the attribute "access permission indication" is not included;
3)如果本地包括AE标识的资源,也包括属性“接入允许指示”,但其值不为true;3) If the resource including the AE identifier is included locally, the attribute "access permission indication" is also included, but the value is not true;
4)如果本地包括AE标识的资源,也包括属性“接入允许指示”,但其值为true,但是未能通过根据本地的权限数据库进行的验证。4) If the resource including the AE identifier is included locally, the attribute "access permission indication" is also included, but its value is true, but the verification according to the local authority database is not passed.
其中,验证AE是否有执行这项操作的权限可以采用下列方式:本地数据库中保存有一组信息,记录着谁可以进行哪项操作或者谁不可以进行哪项操作。其中“谁”是通过对象的标识来记录,哪项操作描述为创建,更新,读取,删除。由此可以知道提出操作请求的发起者是否有权限执行它所请求的操作。Among them, verifying whether the AE has the authority to perform this operation can be performed in the following manner: The local database stores a set of information, which records which operation can be performed or which operation cannot be performed. Where "who" is recorded by the identifier of the object, which operation is described as creating, updating, reading, and deleting. From this it can be known whether the originator of the proposed operation request has the right to perform the operation it requested.
可选实施例二(场景:AE的原始资源已创建,未在目标CSE上通告原始资源)Alternative Embodiment 2 (Scenario: The original resource of the AE has been created, and the original resource is not advertised on the target CSE)
步骤1,AE发送更新资源请求消息给注册CSE,更新资源请求消息中包括以下参数:Step 1: The AE sends an update resource request message to the registration CSE, where the update resource request message includes the following parameters:
1)通告到:通告的目标CSE的地址;1) Announcement: the address of the target CSE of the announcement;
2)接入允许指示:true表示允许AE在通告的目标CSE上接入,false表示不允许AE在通告的目标CSE上接入。2) Access permission indication: true means that the AE is allowed to access on the advertised target CSE, and false means that the AE is not allowed to access on the advertised target CSE.
3)需要更新的资源的地址:沿用实施例一的例子,本实施例中该参数设置为资源<AE1>的地址。3) Address of the resource to be updated: Following the example of the first embodiment, the parameter is set to the address of the resource <AE1> in this embodiment.
步骤2,注册CSE接收到更新资源请求消息后,检查资源<AE1>是否包括属性“通告到”,如果不包括,则为资源<AE1>创建属性“通告到”和属性“接入允许指示”。Step 2: After receiving the update resource request message, the registration CSE checks whether the resource <AE1> includes the attribute “advertised to”, and if not, creates the attribute “advertised to” and the attribute “access permission indication” for the resource <AE1>. .
步骤3,根据更新资源请求中包括的参数“通告到”,注册CSE发送创建资源请求给目标CSE,请求消息中包括以下参数:Step 3: According to the parameter “advertised to” included in the update resource request, the registration CSE sends a request for creating a resource to the target CSE, where the request message includes the following parameters:
1)接入允许指示; 1) access permission indication;
2)原始资源链接:设置为需要通告的资源的地址,例如本实施例中设置为资源<AE1>的地址;2) the original resource link: the address of the resource that needs to be advertised, for example, the address set as the resource <AE1> in this embodiment;
3)AE-ID:设置为资源<AE1>的属性“AE-ID”的值;3) AE-ID: set to the value of the attribute "AE-ID" of the resource <AE1>;
步骤4,目标CSE接受到创建资源请求消息后,验证注册CSE的权限,在验证通过后,创建资源<AE1Annc>,为资源<AE1Annc>创建属性“接入允许指示”,属性“原始资源连接”,属性“AE-ID”,属性的值均设置为创建资源请求消息中对应参数的值。Step 4: After receiving the resource request message, the target CSE verifies the authority to register the CSE. After the verification is passed, the resource <AE1Annc> is created, and the attribute "access permission indication" is created for the resource <AE1Annc>, and the attribute "original resource connection" is created. , attribute "AE-ID", the value of the attribute is set to the value of the corresponding parameter in the creation resource request message.
步骤5,AE发送读取资源请求消息给目标CSE,读取资源请求消息中包括以下参数:Step 5: The AE sends a read resource request message to the target CSE, where the read resource request message includes the following parameters:
1)AE的标识;1) the logo of the AE;
2)需要读取的资源的地址;2) the address of the resource that needs to be read;
步骤6,目标CSE接收到AE的请求消息后,读取AE的标识,在本地查找是否有包括AE标识的资源,如果有,则检查是否包括属性“接入允许指示”,如果有,则检查属性“接入允许指示”的值是否为true,如果是,目标CSE发送响应消息给AE,响应消息中指示接受请求,或者在检查属性“接入允许指示”的值为true后,还验证AE是否有执行这项操作的权限,验证通过后,目标CSE发送响应消息给AE,响应消息中指示接受请求。Step 6: After receiving the request message of the AE, the target CSE reads the identifier of the AE, and locally finds whether there is a resource including the AE identifier, and if so, checks whether the attribute “access permission indication” is included, and if so, checks Whether the value of the attribute "access permission indication" is true, if yes, the target CSE sends a response message to the AE, the response message indicates that the request is accepted, or after checking that the attribute "access permission indication" is true, the AE is also verified. Whether there is permission to perform this operation, after the verification is passed, the target CSE sends a response message to the AE, and the response message indicates acceptance of the request.
其中,以下条件之一满足时,目标CSE发送响应消息给AE,响应消息中指示拒绝请求:Wherein, when one of the following conditions is met, the target CSE sends a response message to the AE, and the response message indicates the rejection request:
1)如果本地没有包括AE标识的资源;1) If there is no local resource including the AE logo;
2)如果本地包括AE标识的资源,但是没有包括属性“接入允许指示”;2) If the resource including the AE identity is included locally, but the attribute "access permission indication" is not included;
3)如果本地包括AE标识的资源,也包括属性“接入允许指示”,但其值不为true;3) If the resource including the AE identifier is included locally, the attribute "access permission indication" is also included, but the value is not true;
4)如果本地包括AE标识的资源,也包括属性“接入允许指示”,但其值为true,但是未能通过根据本地的权限数据库进行的验证。4) If the resource including the AE identifier is included locally, the attribute "access permission indication" is also included, but its value is true, but the verification according to the local authority database is not passed.
可选实施例三(场景:AE的原始资源已创建,已通告到目标CSE)Alternative Embodiment 3 (Scenario: AE's original resource has been created and has been advertised to the target CSE)
步骤1,AE发送更新资源请求消息给注册CSE,更新资源请求消息中包括以下参数:Step 1: The AE sends an update resource request message to the registration CSE, where the update resource request message includes the following parameters:
1)接入允许指示:true表示允许AE在通告的目标CSE上接入,false表示不允许AE在通告的目标CSE上接入。1) Access permission indication: true means that the AE is allowed to access on the advertised target CSE, and false means that the AE is not allowed to access on the advertised target CSE.
2)需要更新的资源的地址:本实施例沿用实施例一的举例,设置为<AE1>的地址。2) Address of the resource to be updated: This embodiment follows the example of the first embodiment and is set to the address of <AE1>.
步骤2,注册CSE接收到更新资源请求消息后,对AE进行验证,验证AE是否有权限更新请求消息中指示的需要更新的资源,验证通过后,检查资源<AE1>是否包括属性“接入允许指示,如果不包括,则创建属性“接入允许指示”。Step 2: After receiving the update resource request message, the registration CSE verifies the AE, and verifies whether the AE has the resource that needs to be updated indicated in the permission update request message. After the verification is passed, check whether the resource <AE1> includes the attribute “access permission”. Indicates, if not included, the attribute "access permission indication" is created.
步骤3,注册CSE发送更新资源请求给目标CSE,目标CSE的地址包括在资源<AE1>的属性“通告到”中,请求消息中包括以下参数: Step 3: The registration CSE sends an update resource request to the target CSE. The address of the target CSE is included in the attribute “advertised to” of the resource <AE1>, and the request message includes the following parameters:
1)接入允许指示;1) access permission indication;
2)需要更新的资源的地址:本实施例为AE在目标CSE上的通告资源的地址,即资源<AE1Annc>的地址2) Address of the resource that needs to be updated: This embodiment is the address of the AE resource on the target CSE, that is, the address of the resource <AE1Annc>
步骤4,目标CSE接受到更新资源请求消息后,验证注册CSE的权限,在验证通过后,如果AE在目标CSE上的通告资源<AE1Annc>包括属性“接入允许指示”,则将其值为更新资源请求中对应参数的值;如果不包括属性“接入允许指示”,则创建属性“接入允许指示”,其值设置为更新资源请求消息中对应参数的值。Step 4: After receiving the update resource request message, the target CSE verifies the authority to register the CSE. After the verification is passed, if the AE's advertisement resource <AE1Annc> on the target CSE includes the attribute “access permission indication”, the value is set to be Update the value of the corresponding parameter in the resource request; if the attribute "access permission indication" is not included, create the attribute "access permission indication" whose value is set to the value of the corresponding parameter in the update resource request message.
步骤5,AE发送读取资源请求消息给目标CSE,读取资源请求消息中包括以下参数:Step 5: The AE sends a read resource request message to the target CSE, where the read resource request message includes the following parameters:
1)AE的标识;1) the logo of the AE;
2)需要读取的资源的地址;2) the address of the resource that needs to be read;
步骤6,目标CSE接收到AE的请求消息后,读取AE的标识,在本地查找是否有包括AE标识的资源,如果有,则检查是否包括属性“接入允许指示”,如果有,则检查属性“接入允许指示”的值是否为true,如果是,目标CSE发送响应消息给AE,响应消息中指示接受请求,或者在检查属性“接入允许指示”的值为true后,还验证AE是否有执行这项操作的权限,验证通过后,目标CSE发送响应消息给AE,响应消息中指示接受请求。Step 6: After receiving the request message of the AE, the target CSE reads the identifier of the AE, and locally finds whether there is a resource including the AE identifier, and if so, checks whether the attribute “access permission indication” is included, and if so, checks Whether the value of the attribute "access permission indication" is true, if yes, the target CSE sends a response message to the AE, the response message indicates that the request is accepted, or after checking that the attribute "access permission indication" is true, the AE is also verified. Whether there is permission to perform this operation, after the verification is passed, the target CSE sends a response message to the AE, and the response message indicates acceptance of the request.
其中,以下条件之一满足时,目标CSE发送响应消息给AE,响应消息中指示拒绝请求:Wherein, when one of the following conditions is met, the target CSE sends a response message to the AE, and the response message indicates the rejection request:
1)如果本地没有包括AE标识的资源;1) If there is no local resource including the AE logo;
2)如果本地包括AE标识的资源,但是没有包括属性“接入允许指示”;2) If the resource including the AE identity is included locally, but the attribute "access permission indication" is not included;
3)如果本地包括AE标识的资源,也包括属性“接入允许指示”,但其值不为true;3) If the resource including the AE identifier is included locally, the attribute "access permission indication" is also included, but the value is not true;
4)如果本地包括AE标识的资源,也包括属性“接入允许指示”,但其值为true,但是未能通过根据本地的权限数据库进行的验证。4) If the resource including the AE identifier is included locally, the attribute "access permission indication" is also included, but its value is true, but the verification according to the local authority database is not passed.
可选实施例四(包括安全证书)Optional Embodiment 4 (including security certificate)
步骤1,AE发送创建资源请求消息给注册CSE,创建资源请求消息中包括以下参数:In step 1, the AE sends a create resource request message to the registration CSE, and the resource request message includes the following parameters:
1)通告到:通告的目标CSE的地址;1) Announcement: the address of the target CSE of the announcement;
2)接入允许指示:true表示允许AE在通告的目标CSE上接入,false表示不允许AE在通告的目标CSE上接入。2) Access permission indication: true means that the AE is allowed to access on the advertised target CSE, and false means that the AE is not allowed to access on the advertised target CSE.
3)安全证书:安全证书可以是一组预先配置在应用上的字符串,CSE作为管理者,也预先配置了策略,用于验证哪些安全证书是合法的。3) Security certificate: A security certificate can be a set of pre-configured strings on the application. The CSE acts as a manager and is pre-configured with policies to verify which security certificates are legitimate.
其中,接入表示可以在CSE上发送和接收消息。例如发送请求消息,接收响应消息。Among them, the access indication can send and receive messages on the CSE. For example, a request message is sent and a response message is received.
步骤2,注册CSE接收到创建资源请求消息后,对AE进行验证,验证通过后,给AE分 配标识AE1-ID,创建资源<AE1>,为资源<AE1>创建属性“AE-ID”,属性“通告到”,和属性“接入允许指示”。Step 2: After the registration CSE receives the resource creation request message, the AE is verified, and after the verification is passed, the AE is given. The identifier AE1-ID is created, the resource <AE1> is created, the attribute "AE-ID" is created for the resource <AE1>, the attribute "advertised to", and the attribute "access permission indication".
上述的验证过程可以是:The above verification process can be:
A)通过本地保存的权限数据库,检查AE是否有创建资源的权限;A) Check whether the AE has permission to create resources through a locally saved permission database;
或者,or,
B)通过AE携带的其他安全信息,例如预先配置在AE上的安全证书,来判断AE是否有创建资源的权限。B) Judging whether the AE has the right to create a resource by using other security information carried by the AE, such as a security certificate pre-configured on the AE.
步骤3,注册CSE发送创建资源响应消息给AE,响应消息中包括给AE分配的标识AE1-ID,以及资源<AE1>的地址。Step 3: The registration CSE sends a create resource response message to the AE, where the response message includes an identifier AE1-ID assigned to the AE, and an address of the resource <AE1>.
步骤4,根据创建资源请求中包括的参数“通告到”,注册CSE发送创建资源请求给目标CSE,请求消息中包括以下参数:Step 4: According to the parameter “advertised to” included in the resource creation request, the registration CSE sends a request for creating a resource to the target CSE, where the request message includes the following parameters:
1)接入允许指示;1) access permission indication;
2)原始资源链接:设置为需要通告的资源的地址,例如本实施例中设置为资源<AE1>的地址;2) the original resource link: the address of the resource that needs to be advertised, for example, the address set as the resource <AE1> in this embodiment;
3)AE-ID:设置为资源<AE1>的属性“AE-ID”的值;3) AE-ID: set to the value of the attribute "AE-ID" of the resource <AE1>;
4)安全证书。4) Security certificate.
步骤5,目标CSE接受到创建资源请求消息后,验证注册CSE的权限,验证AE-ID和安全证书,在验证通过后,创建资源<AE1Annc>,为资源<AE1Annc>创建属性“接入允许指示”,属性“原始资源连接”,属性“AE-ID”,属性的值均设置为创建资源请求消息中对应参数的值。Step 5: After receiving the resource creation request message, the target CSE verifies the authority to register the CSE, verifies the AE-ID and the security certificate, and after the verification is passed, creates the resource <AE1Annc>, and creates the attribute “access permission indication” for the resource <AE1Annc>. ", attribute "original resource connection", attribute "AE-ID", the value of the attribute is set to the value of the corresponding parameter in the creation resource request message.
步骤6,AE发送读取资源请求消息给目标CSE,读取资源请求消息中包括以下参数:Step 6, the AE sends a read resource request message to the target CSE, and the read resource request message includes the following parameters:
1)AE的标识;1) the logo of the AE;
2)需要读取的资源的地址;2) the address of the resource that needs to be read;
3)安全证书;3) Security certificate;
步骤7,目标CSE接收到AE的请求消息后,读取AE的标识和安全证书,验证AE的标识和安全证书合法性,验证通过后,在本地查找是否有包括AE标识的资源,如果有,则检查是否包括属性“接入允许指示”,如果有,则检查属性“接入允许指示”的值是否为true,如果是,目标CSE发送响应消息给AE,响应消息中指示接受请求,或者在检查属性“接入允许指示”的值为true后,还验证AE是否有执行这项操作的权限,验证通过后,目标CSE发送响应消息给AE,响应消息中指示接受请求。Step 7: After receiving the request message of the AE, the target CSE reads the identifier of the AE and the security certificate, and verifies the identity of the AE and the validity of the security certificate. After the verification is passed, the local search for the resource including the AE identifier, if any, Then check whether the attribute "access permission indication" is included, and if so, check whether the value of the attribute "access permission indication" is true, and if so, the target CSE sends a response message to the AE, the response message indicates acceptance of the request, or After checking that the value of the attribute "access permission indication" is true, it also verifies whether the AE has the authority to perform this operation. After the verification is passed, the target CSE sends a response message to the AE, and the response message indicates acceptance of the request.
其中,以下条件之一满足时,目标CSE发送响应消息给AE,响应消息中指示拒绝请求: Wherein, when one of the following conditions is met, the target CSE sends a response message to the AE, and the response message indicates the rejection request:
1)如果本地没有包括AE标识的资源;1) If there is no local resource including the AE logo;
2)如果本地包括AE标识的资源,但是没有包括属性“接入允许指示”;2) If the resource including the AE identity is included locally, but the attribute "access permission indication" is not included;
3)如果本地包括AE标识的资源,也包括属性“接入允许指示”,但其值不为true;3) If the resource including the AE identifier is included locally, the attribute "access permission indication" is also included, but the value is not true;
4)如果本地包括AE标识的资源,也包括属性“接入允许指示”,但其值为true,但是未能通过根据本地的权限数据库进行的验证;4) If the local resource including the AE identity also includes the attribute "access permission indication", but its value is true, but fails to pass the verification according to the local authority database;
5)如果AE的标识和安全证书验证没有通过。5) If the AE's identification and security certificate verification did not pass.
其中,验证AE或CSE是否有执行这项操作的权限可以采用以下方式:本地数据库中保存有一组信息,记录着谁可以进行哪项操作或者谁不可以进行哪项操作。其中“谁”是通过对象的标识来记录,哪项操作描述为创建,更新,读取,删除。由此可以知道提出操作请求的发起者是否有权限执行它所请求的操作。Among them, verifying whether AE or CSE has the right to perform this operation can be done in the following way: The local database stores a set of information, which records who can perform which operation or who can not. Where "who" is recorded by the identifier of the object, which operation is described as creating, updating, reading, and deleting. From this it can be known whether the originator of the proposed operation request has the right to perform the operation it requested.
对AE的标识和安全证书的验证可以是:本地数据库保存有一组信息,记录着各个安全证书对应的哪些标识是合法的,例如安全证书s001,对应的合法标识为c001打头的,安全证书s002,对应的合法标识为r001打头的,如果接收到一个应用的标识为r001001,安全证书为s001的,注册CSE会认为这是不合法的。The authentication of the AE and the security certificate may be: the local database stores a set of information, and records which identifiers of the security certificates are legal, such as the security certificate s001, the corresponding legal identifier is c001, and the security certificate s002. The corresponding legal ID is the beginning of r001. If the identifier of an application is r001001 and the security certificate is s001, the registered CSE considers this to be illegal.
综上所述,通过本发明的上述实施例或者可选实施例,可以让同一个AE在不同的CSE上收发消息,扩展了M2M的应用场景。In summary, by using the foregoing embodiment or the optional embodiment of the present invention, the same AE can send and receive messages on different CSEs, and the application scenario of the M2M is extended.
工业实用性:通过上述描述可知,本发明通过在目标CSE的通告资源上创建接入允许指示属性,使得目标CSE可以根据接入允许指示属性将AE接入,解决了应用实体只能接入注册公共业务实体进行家居设备控制的技术问题,使得应用实体可以通过接入目标公共业务实体进行家居设备控制。Industrial Applicability: The above description shows that the present invention creates an access permission indication attribute on the advertisement resource of the target CSE, so that the target CSE can access the AE according to the access permission indication attribute, and the application entity can only access the registration. The technical problem of the public service entity performing home equipment control enables the application entity to perform home equipment control by accessing the target public service entity.
显然,本领域的技术人员应该明白,上述的本发明的各模块或各步骤可以用通用的计算装置来实现,它们可以集中在单个的计算装置上,或者分布在多个计算装置所组成的网络上,可选地,它们可以用计算装置可执行的程序代码来实现,从而,可以将它们存储在存储装置中由计算装置来执行,并且在某些情况下,可以以不同于此处的顺序执行所示出或描述的步骤,或者将它们分别制作成各个集成电路模块,或者将它们中的多个模块或步骤制作成单个集成电路模块来实现。这样,本发明不限制于任何特定的硬件和软件结合。It will be apparent to those skilled in the art that the various modules or steps of the present invention described above can be implemented by a general-purpose computing device that can be centralized on a single computing device or distributed across a network of multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device such that they may be stored in the storage device by the computing device and, in some cases, may be different from the order herein. The steps shown or described are performed, or they are separately fabricated into individual integrated circuit modules, or a plurality of modules or steps thereof are fabricated as a single integrated circuit module. Thus, the invention is not limited to any specific combination of hardware and software.
以上所述仅为本发明的可选实施例而已,并不用于限制本发明,对于本领域的技术人员来说,本发明可以有各种更改和变化。凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。 The above description is only an alternative embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes can be made to the present invention. Any modifications, equivalent substitutions, improvements, etc. made within the spirit and scope of the present invention are intended to be included within the scope of the present invention.

Claims (19)

  1. 一种通告资源处理方法,包括:A method for processing an advertisement resource, comprising:
    目标公共业务实体CSE接收应用实体AE的注册CSE发送的请求消息,其中,所述请求消息中携带有接入允许指示,所述接入允许指示用于指示是否允许所述AE接入所述目标CSE;The target public service entity CSE receives the request message sent by the registration CSE of the application entity AE, where the request message carries an access permission indication, where the access permission indication is used to indicate whether the AE is allowed to access the target CSE;
    所述目标CSE根据所述请求消息创建或者更新所述AE的通告资源,其中,创建或者更新后的通告资源中包括接入允许指示属性。The target CSE creates or updates an advertisement resource of the AE according to the request message, where the created or updated advertisement resource includes an access permission indication attribute.
  2. 根据权利要求1所述的方法,其中,在所述请求消息为通告资源创建请求消息的情况下,所述目标CSE根据所述请求消息创建所述AE的所述通告资源包括:The method according to claim 1, wherein, in a case that the request message is an advertisement resource creation request message, the target CSE creates the advertisement resource of the AE according to the request message, including:
    所述目标CSE创建所述AE的所述通告资源,其中,所述通告资源的属性包括:根据所述接入允许指示创建的接入允许指示属性。The target CSE creates the advertisement resource of the AE, where the attribute of the advertisement resource includes: an access permission indication attribute created according to the access permission indication.
  3. 根据权利要求1所述的方法,其中,在所述请求消息为通告资源更新请求消息的情况下,所述目标CSE根据所述请求消息更新所述AE的所述通告资源包括:The method according to claim 1, wherein, in a case that the request message is an advertisement resource update request message, the target CSE updating the advertisement resource of the AE according to the request message includes:
    所述目标CSE检查已创建的所述AE的所述通告资源的属性是否包括:接入允许指示属性;The target CSE checks whether an attribute of the advertisement resource of the AE that has been created includes: an access permission indication attribute;
    在判断结果为所述AE的所述通告资源的属性包括接入允许指示属性的情况下,所述目标CSE将所述接入允许指示属性的值置为所述接入允许指示的值。In a case where the judgment result is that the attribute of the advertisement resource of the AE includes an access permission indication attribute, the target CSE sets a value of the access permission indication attribute to a value of the access permission indication.
  4. 根据权利要求3所述的方法,其中,在判断结果为所述AE的所述通告资源的属性不包括接入允许指示属性的情况下,所述目标CSE根据所述请求消息更新所述AE的所述通告资源还包括:The method according to claim 3, wherein, in a case where the result of the judgment is that the attribute of the advertisement resource of the AE does not include an access permission indication attribute, the target CSE updates the AE according to the request message. The notification resource further includes:
    所述目标CSE在所述通告资源中创建接入允许指示属性,并将所述接入允许指示属性的值置为所述接入允许指示的值。And the target CSE creates an access permission indication attribute in the advertisement resource, and sets a value of the access permission indication attribute to a value of the access permission indication.
  5. 根据权利要求1所述的方法,其中,在所述目标CSE根据所述请求消息创建或者更新所述AE的所述通告资源之后,所述方法还包括:The method of claim 1, wherein after the target CSE creates or updates the advertisement resource of the AE according to the request message, the method further includes:
    所述目标CSE接收所述AE的另一请求消息;Receiving, by the target CSE, another request message of the AE;
    所述目标CSE查询所述AE的所述通告资源中的接入允许指示属性;The target CSE queries an access permission indication attribute in the advertisement resource of the AE;
    在所述接入允许指示属性的值表示为允许接入的情况下,所述目标CSE发送接受所述另一请求消息的请求的响应消息至所述AE。In case the value of the access permission indication attribute is indicated as allowing access, the target CSE sends a response message requesting the request of the other request message to the AE.
  6. 根据权利要求5所述的方法,其中,在所述目标CSE接收到所述AE的所述另一请求消息之后,所述目标CSE在以下之一的情况下发送拒绝所述另一请求消息的请求的响应消息至所述AE:The method of claim 5, wherein after the target CSE receives the another request message of the AE, the target CSE sends a rejection of the another request message in the case of one of The requested response message to the AE:
    所述目标CSE上不存在所述AE的通告资源; The notification resource of the AE does not exist on the target CSE;
    所述目标CSE上已创建的所述AE的所述通告资源中不存在接入允许指示属性;An access permission indication attribute does not exist in the advertisement resource of the AE that has been created on the target CSE;
    所述目标CSE上已创建的所述AE的所述通告资源中接入允许指示属性的值表示为不允许接入;The value of the access permission indication attribute in the advertisement resource of the AE that has been created on the target CSE is indicated as not allowing access;
    所述目标CSE根权限策略,验证到所述AE没有接入所述目标CSE的权限。The target CSE root authority policy verifies that the AE does not have access to the target CSE.
  7. 根据权利要求1所述的方法,其中,所述目标CSE接收所述AE的所述注册CSE发送的所述请求消息包括:The method of claim 1, wherein the request message sent by the target CSE to receive the registration CSE of the AE comprises:
    所述注册CSE接收所述AE用于请求在所述目标CSE上创建或者更新所述通告资源的请求消息;The registration CSE receives a request message for requesting to create or update the advertisement resource on the target CSE;
    所述注册CSE发送携带有所述接入允许指示的请求消息至所述目标CSE。The registration CSE sends a request message carrying the access permission indication to the target CSE.
  8. 根据权利要求7所述的方法,其中,在所述注册CSE发送携带有所述接入允许指示的请求消息至所述目标CSE之前,所述方法还包括:The method according to claim 7, wherein before the registration CSE sends a request message carrying the access permission indication to the target CSE, the method further includes:
    所述注册CSE根据权限策略,验证所述AE是否满足创建或者更新所述目标CSE上的所述AE的所述通告资源的权限;Determining, by the registration CSE, whether the AE satisfies the authority to create or update the advertisement resource of the AE on the target CSE according to the rights policy;
    其中,在验证到所述AE满足创建或者更新所述目标CSE上的所述AE的所述通告资源的权限的情况下,所述注册CSE发送携带有所述接入允许指示的请求消息至所述目标CSE。Wherein, in the case that it is verified that the AE satisfies the authority to create or update the advertised resource of the AE on the target CSE, the registration CSE sends a request message carrying the access permission indication to the The target CSE.
  9. 根据权利要求7所述的方法,其中,The method of claim 7 wherein
    所述注册CSE发送的请求消息中还携带有用于验证所述注册CSE身份合法性的安全证书。The request message sent by the registration CSE also carries a security certificate for verifying the legality of the registered CSE identity.
  10. 一种通告资源处理装置,应用于目标公共业务实体CSE,包括:An advertisement resource processing apparatus is applied to a target public service entity CSE, including:
    接收模块,设置为接收应用实体AE的注册CSE发送的请求消息,其中,所述请求消息中携带有接入允许指示,所述接入允许指示用于指示是否允许所述AE接入所述目标CSE;a receiving module, configured to receive a request message sent by the registration CSE of the application entity AE, where the request message carries an access permission indication, where the access permission indication is used to indicate whether the AE is allowed to access the target CSE;
    处理模块,设置为根据所述请求消息创建或者更新所述AE的通告资源,其中,创建或者更新后的通告资源中包括接入允许指示属性。The processing module is configured to create or update the advertisement resource of the AE according to the request message, where the created or updated advertisement resource includes an access permission indication attribute.
  11. 根据权利要求10所述的装置,其中,所述处理模块设置为:The apparatus of claim 10 wherein said processing module is configured to:
    在所述请求消息为通告资源创建请求消息的情况下,创建所述AE的所述通告资源,其中,所述通告资源的属性包括:根据所述接入允许指示创建的接入允许指示属性。And in the case that the request message is an advertisement resource creation request message, the advertisement resource of the AE is created, where the attribute of the advertisement resource includes: an access permission indication attribute created according to the access permission indication.
  12. 根据权利要求10所述的装置,其中,所述处理模块设置为:The apparatus of claim 10 wherein said processing module is configured to:
    在所述请求消息为通告资源更新请求消息的情况下,检查已创建的所述AE的所述通 告资源的属性是否包括:接入允许指示属性;In case the request message is an advertisement resource update request message, checking the created AE of the AE Whether the attribute of the resource includes: an access permission indication attribute;
    在判断结果为所述AE的所述通告资源的属性包括接入允许指示属性的情况下,将所述接入允许指示属性的值置为所述接入允许指示的值。And determining, in the case that the attribute of the advertisement resource of the AE includes an access permission indication attribute, setting a value of the access permission indication attribute to a value of the access permission indication.
  13. 根据权利要求12所述的装置,其中,所述处理模块还设置为:The apparatus of claim 12, wherein the processing module is further configured to:
    在判断结果为所述AE的所述通告资源的属性不包括接入允许指示属性的情况下,在所述通告资源中创建接入允许指示属性,并将所述接入允许指示属性的值置为所述接入允许指示的值。If the attribute of the advertisement resource of the AE does not include the access permission indication attribute, the access permission indication attribute is created in the advertisement resource, and the value of the access permission indication attribute is set. The value indicated for the access indication.
  14. 根据权利要求10所述的装置,其中,所述装置还包括:The device of claim 10, wherein the device further comprises:
    另一请求消息接收模块,设置为接收所述AE的另一请求消息;Another request message receiving module, configured to receive another request message of the AE;
    查询模块,设置为查询所述AE的所述通告资源中的接入允许指示属性;a query module, configured to query an access permission indication attribute in the advertisement resource of the AE;
    响应模块,设置为在所述接入允许指示属性的值表示为允许接入的情况下,所述目标CSE发送接受所述另一请求消息的请求的响应消息至所述AE。The response module is configured to, in a case where the value of the access permission indication attribute is indicated as allowing access, the target CSE transmitting a response message requesting the request of the another request message to the AE.
  15. 根据权利要求14所述的装置,其中,所述响应模块还设置为在以下之一的情况下发送拒绝所述另一请求消息的请求的响应消息至所述AE:The apparatus of claim 14, wherein the response module is further configured to send a response message rejecting the request for the another request message to the AE in one of:
    所述目标CSE上不存在所述AE的通告资源;The notification resource of the AE does not exist on the target CSE;
    所述目标CSE上已创建的所述AE的所述通告资源中不存在接入允许指示属性;An access permission indication attribute does not exist in the advertisement resource of the AE that has been created on the target CSE;
    所述目标CSE上已创建的所述AE的所述通告资源中接入允许指示属性的值表示为不允许接入;The value of the access permission indication attribute in the advertisement resource of the AE that has been created on the target CSE is indicated as not allowing access;
    所述目标CSE根据权限策略,验证到所述AE没有接入所述目标CSE的权限。The target CSE verifies that the AE does not have access to the target CSE according to the rights policy.
  16. 一种通告资源处理系统,包括:应用实体AE、注册公共业务实体CSE、目标CSE,其中,所述目标CSE包括如权利要求10至15所述的通告资源处理装置。An advertisement resource processing system includes: an application entity AE, a registered public service entity CSE, and a target CSE, wherein the target CSE includes the advertisement resource processing apparatus according to claims 10 to 15.
  17. 根据权利要求16所述的系统,其中,所述注册CSE包括:The system of claim 16 wherein said registering CSE comprises:
    注册CSE接收模块,设置为接收所述AE用于请求在所述目标CSE上创建或者更新所述通告资源的请求消息;Registering a CSE receiving module, configured to receive a request message that the AE is used to request to create or update the advertising resource on the target CSE;
    注册CSE发送模块,设置为发送携带有所述接入允许指示的请求消息至所述目标CSE。The registration CSE sending module is configured to send a request message carrying the access permission indication to the target CSE.
  18. 根据权利要求17所述的系统,其中,所述注册CSE还包括:The system of claim 17 wherein said registering CSE further comprises:
    验证模块,设置为根据权限策略,验证所述AE是否满足创建或者更新所述目标CSE上的所述AE的所述通告资源的权限; a verification module, configured to verify, according to the rights policy, whether the AE meets the authority to create or update the advertisement resource of the AE on the target CSE;
    其中,在验证到所述AE满足创建或者更新所述目标CSE上的所述AE的所述通告资源的权限的情况下,所述注册CSE发送模块发送携带有所述接入允许指示的请求消息至所述目标CSE。The registration CSE sending module sends a request message carrying the access permission indication, if it is verified that the AE meets the permission to create or update the advertised resource of the AE on the target CSE. To the target CSE.
  19. 根据权利要求17所述的系统,其中,The system of claim 17 wherein
    所述注册CSE发送模块发送的请求消息中还携带有用于验证所述注册CSE身份合法性的安全证书。 The request message sent by the registration CSE sending module further carries a security certificate for verifying the legality of the registered CSE identity.
PCT/CN2015/091123 2015-07-01 2015-09-29 Notification resource processing method, device and system WO2016131277A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510381008.1 2015-07-01
CN201510381008.1A CN106325087A (en) 2015-07-01 2015-07-01 Advertisement resource processing method, device and system

Publications (1)

Publication Number Publication Date
WO2016131277A1 true WO2016131277A1 (en) 2016-08-25

Family

ID=56688643

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/091123 WO2016131277A1 (en) 2015-07-01 2015-09-29 Notification resource processing method, device and system

Country Status (2)

Country Link
CN (1) CN106325087A (en)
WO (1) WO2016131277A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2713566A1 (en) * 2012-01-04 2014-04-02 Huawei Device Co., Ltd. Sharing method, system, server and terminal device for personal content
CN104093118A (en) * 2014-03-05 2014-10-08 中兴通讯股份有限公司 Resource notification method, machine-to-machine nodes and system
CN104683289A (en) * 2013-11-26 2015-06-03 中兴通讯股份有限公司 Common service entity (CSE) registering method and system

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101860534B (en) * 2010-05-20 2014-07-30 北京星网锐捷网络技术有限公司 Method and system for switching network, access equipment and authentication server
CN104618312B (en) * 2013-11-04 2019-03-29 中兴通讯股份有限公司 A kind of remote login methods, devices and systems of M2M application
KR20150066402A (en) * 2013-12-06 2015-06-16 주식회사 케이티 Association method between Application Entity (AE), Common Service Entity (CSE) in the Application Service Node (ASN) and AE, CSE in the Infrastructure Node (IN) based on type of Internet Protocol (IP) version
CN104601561B (en) * 2014-12-31 2018-06-19 海尔优家智能科技(北京)有限公司 Register method, registration equipment and the domestic network system of network

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2713566A1 (en) * 2012-01-04 2014-04-02 Huawei Device Co., Ltd. Sharing method, system, server and terminal device for personal content
CN104683289A (en) * 2013-11-26 2015-06-03 中兴通讯股份有限公司 Common service entity (CSE) registering method and system
CN104093118A (en) * 2014-03-05 2014-10-08 中兴通讯股份有限公司 Resource notification method, machine-to-machine nodes and system

Also Published As

Publication number Publication date
CN106325087A (en) 2017-01-11

Similar Documents

Publication Publication Date Title
US11651109B2 (en) Permission management method, permission verification method, and related apparatus
US11050750B2 (en) Recording and verification method and apparatus of internet of things device, and identity authentication method and apparatus
US11610019B2 (en) Information management method, apparatus, and information management system
US20190075102A1 (en) Terminal apparatus, server apparatus, blockchain and method for fido universal authentication using the same
US10541991B2 (en) Method for OAuth service through blockchain network, and terminal and server using the same
CN107579958B (en) Data management method, device and system
US20170316497A1 (en) Method for creating, registering, revoking authentication information and server using the same
US11201778B2 (en) Authorization processing method, device, and system
JP7421771B2 (en) Methods, application servers, IOT devices and media for implementing IOT services
WO2017024791A1 (en) Authorization processing method and device
CN111742531B (en) Profile information sharing
CN104184713A (en) Terminal identification method, machine identification code registration method, and corresponding system and equipment
US11363007B2 (en) Methods and systems for accessing a resource
CN112470444A (en) Method and apparatus for revoking authorization to API callers
US11791990B2 (en) Apparatus and method for managing personal information
WO2019056971A1 (en) Authentication method and device
WO2022246997A1 (en) Service processing method and apparatus, server, and storage medium
CN108604990A (en) The application method and device of local authorized certificate in terminal
WO2016070611A1 (en) Method for processing data, server and terminal
CN113569210A (en) Distributed identity authentication method, equipment access method and device
KR101736157B1 (en) Method and Apparatus for Federated Authentication
US11777742B2 (en) Network device authentication
CN109460647B (en) Multi-device secure login method
WO2016131277A1 (en) Notification resource processing method, device and system
US10542569B2 (en) Community-based communication network services

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15882416

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15882416

Country of ref document: EP

Kind code of ref document: A1